Providing Insight Into the Cloud Computing Security, Privacy and Related Threats

Cloud Security Journal

Subscribe to Cloud Security Journal : eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Cloud Security Journal : homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from Cloud Security Journal
NIST released a new publication entitled Cloud Computing Synopsis & Recommendations (Special Publication 800-146) that describes in detail the current cloud computing environment, explains the economic opportunities and risks associated with cloud adoption, and openly addresses the sec...
Last week one news item that attracted media attention was the hacking of some nearly 450,000 passwords from Yahoo Service called ‘Yahoo Voice'. The communications on the incident state that, SQL Injection is the primary technique adopted by hackers to get the information out of databa...
Exposing a virtualization weakness for data theft, Snapshotting your data, and the internal threat, are new cloud risks that didn’t exist when the data was stored between the four walls of your datacenter. Data encryption is a critical first step for any organization considering the ...
Recently, in our post on Database security in the cloud, we reviewed the threats against database installations in the cloud and best practices for protecting your data. A number of customers have asked us follow-on questions: Which database brands are open and tested with these techn...
In a recent conversation with a public cloud provider, the message was loud and clear. Software vendors that use their cloud have an intense need for security, and they need it packaged with cloud friendly APIs (Application Program Interfaces). This is actually a deep point. There hav...
We often get requests for best practices related to relational database security in the context of cloud computing. People want to install their database of choice, whether it be Oracle, MySQL, MS SQL, or IBM DB2… This is a complex question but it can be broken down by asking “what’s ...
One of these days your company will start shifting compute resources to the cloud, and as you probably know, the many advantages cloud computing has to offer still leave the responsibility for data security and data compliance on you and your security team. Cloud Security tip #1: STAR...
As a vendor of security products, I see a lot of Requests for Proposal (RFPs). More often than not these consist of an Excel spreadsheet with dozens—sometimes even hundreds—of questions ranging from how our products address business concerns to security minutia that only a high-geek ca...
As customers continue their march to the cloud we have heard from a large number who want to use SharePoint Server in the cloud. Two major concerns that show up frequently are migration of existing custom deployments and data security. These organizations have spent years customizing ...
Cloud security remains a top concern for enterprise cloud deployments. Unresolved policy and control issues make it difficult to meet the requirements of corporate security and networking teams. As a result, we frequently hear from our customers that they assume they can only put the l...
Last year I embarked on a blog series, lead by my trusty advisor CloudFucius, that evolved into an exploration of the numerous cloud computing surveys, reports, statistics and other feelings about the technology. At the time, 4-5 surveys a week were being released covering some aspect...
Recognizing the relationship between and subsequently addressing the three core operational risks in the data center will result in a stronger operational posture. Risk is not a synonym for lack of security. Neither is managing risk a euphemism for information security. Risk – especia...
Security concerns about the public cloud have always been a top priority here at CloudSwitch. Moving to the public cloud is fraught with potential risks and security managers have legitimate concerns about data integrity, an opaque security model in the cloud and unauthorized access by...
Last week, we saw that Defensive Security is not enough to solve the $1 trillion Intellectual Property and IT theft and cybercrime problem. This week, more about Preventive Security. Preventive Security is a set of technologies and processes used to prevent security incidents from ev...
I'm in the process of getting the Boston chapter of the Cloud Security Alliance started. I'm just waiting for the "paperwork" to go through, but I'm really excited about what I'm hearing from customers about the cloud. Coming from Oracle, you get a bit of the "Larry Hates the Cloud" mi...
It is now official. 2010, according to the United Nations, was one of the deadliest years for natural disasters experienced over the past two decades. Statistics released yesterday are both shocking and heartbreaking in equal measure. Some 373 natural disasters claimed the lives of mo...
I’m not sure who is more excited about the cloud these days: hackers or venture capitalists. But certainly both groups smell opportunity. An interesting article published by CNET a little while back nicely illustrates the growing interest the former have with cloud computing. Fortify S...
It's been a crazy week at Enomaly after last week’s SpotCloud announcement. We'd like to take a brief moment to update you on some new and exciting opportunities that have emerged out of our discussions around the SpotCloud Marketplace (http://www.spotcloud.com). Signups for both the ...
As many of you know, I've been to China many times this year. The market for cloud computing is booming over there. But what you may not know is that these trips to China have been a key part of the inspiration for the creation of SpotCloud. Some of my inspirations has come from the po...
So by now you've probably heard about the SpotCloud announcement. If you missed it, after more than a year of development, we finally took the covers off our SpotCloud Capacity Clearinghouse and Marketplace for service providers. The feedback so far has been tremendous, with hundreds o...
Enomaly Inc., the leading vendor of Infrastructure-as-a-Service (IaaS) cloud computing software, is proud to announce that it has launched the beta of SpotCloud (http://www.spotcloud.com) the first cloud computing clearinghouse & marketplace. For cloud service providers, the SpotCloud...
Over the last few years I've gotten a lot of pressure to call our Elastic Computing Platform, a Cloud Computing Platform. Some may wonder why I've resisted to make this some-what semantic change in the branding of our platform. Yes, our customers are deploying cloud infrastructures, bu...
Everyone has likely read about DNSSEC and the exciting day on which the root servers were signed. In response to security concerns – and very valid ones at that – around the veracity of responses returned by DNS, which underpins the entire Internet, the practice of signing responses wa...
Forgive me for it's been awhile since my last post. Between the latest addition to my family (little Finnegan) and some new products we have in the works at Enomaly, I haven't had much time to write. One of the biggest issues I have when I hear people talking about developing data i...
Well it seems like yesterday since my participation at TM Forum Management World 2010 in Nice, France, during May 17 2010 week. Specifically, I participated in a wonderful session, Opportunities, Business Models & Requirements for Cloud Providers. Having just returned from Paris, ...
The question is usually presented by someone who’s in charge of “Security” in an organization. Now, I wouldn’t have had a problem with this if this was a technician, or a pen-tester of sorts, but I get really nervous when the CISO/CIO/Security manager is the one asking.
We’ve almost completed server standardization through virtualization but we haven’t really begun to standardize network and infrastructure services. And we’re certainly nowhere near ready to standardize on the cloud and application frameworks that will enable a seamless Intercloud. The...
This is a living blog post where you will find pointers to cloud security resources that I find valuable.  Reference material, standards efforts, articles, blogs, tweets… whatever I think might help someone else will get shared here.  Essentially, a place where I can (eventually)...
It’s a growing trend, and it’s no wonder that smart people are doing it. I’m talking about educational institutions, from kindergartens to Grad schools, moving their administrative and educational software from internal servers to the cloud.This time around it’s the University of Arizo...
Sometimes, even the technology you employ to simplify computing makes things a bit more complicated, and then you need a fix for that, too.For example, as enterprises adopt a decentralized computing model based on distributed systems with a wide variety of configurations, it often beco...
In a previous post I discussed my opinion on why SaaS is the most secure option right now, better than PaaS and IaaS. The short version is that because security is forced on you at all layers, and that super smart security people are responsible for that security, so the security you ...
BMC Cloud Lifecycle Management not only aims to help enterprises build and operate private clouds more efficiently, it also offers opportunities to leverage external public cloud resources.
As anyone who’s involved in storage management can tell you, it is business needs and business decisions that must govern a storage management policy, and make technology work for it, not the other way around. Accordingly, much of what we do in the storage management world has to do wi...
On Thursday, May 26th, the Federal Executive Forum featured three important Federal cloud computing leaders:David McClure- Associate Administrator, GSA Office of Citizen Services and Communications Col. Kevin Foster- Office of the Secretary of Defense Chris Kemp- CTO, NASA Ames ...
Cloud computing comes with tons of potential; however, when you open up your network to the outside, you need to ensure that everything you transmit is done so securely. Peter Mell of NIST, Christofer Hoff of Cisco, and Nick Hoover of InformationWeek all took part in this discussion, ...
Telework is one of the latest crazes to hit the government.  Telework sites are being okayed for some 3-letter agencies.  Currently, VPNs are accessible, and capable ways of enabling telework, but even if the technology is available, what are the cultural changes necessary?  Allan Holm...
This is part of an ongoing series of short industry trends and perspectives blog posts briefs. These short posts compliment other longer posts along with traditional industry trends and perspective white papers, research reports, solution brief content found at www.storageio.com/re...
This is part of an ongoing series of short industry trends and perspectives blog posts briefs. These short posts compliment other longer posts along with traditional industry trends and perspective white papers, research reports, solution brief content found at www.storageio.com/re...
This is part of an ongoing series of short industry trends and perspectives blog posts briefs. These short posts compliment other longer posts along with traditional industry trends and perspective white papers, research reports, solution brief content found at www.storageio.com/re...
Randi Levin, CTO of the City of Los Angeles, John Zeberlein of CSC, and Deborah Hafford of Google Enterprise offered a wide open Q&A session into one of the nation’s first cloud computing service deployments for a local government, Los Angeles.  With roughly 30,000 email user...