Providing Insight Into the Cloud Computing Security, Privacy and Related Threats

Cloud Security Journal

Subscribe to Cloud Security Journal : eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Cloud Security Journal : homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from Cloud Security Journal
As humans, we hate negative emotions. It’s so much nicer to focus on the pleasant. But sometimes you can’t ignore “bad” feelings. And it seems there’s plenty going around amongst IT pros when it concerns the cloud and security. A new survey says IT peop...
Phew! Having DC5 successfully out the door, I'm happy to resume my regularly scheduled programming. I'm back, bringing you my Top5 picks off of DevCentral every week. I'll help you sort through the content pouring across the (now new and improved!) site and offer you a few things that ...
One of the comparison points between the public and private cloud domains is the difference in the level of control and customization over the cloud-based service. In a public cloud environment, users typically receive highly standardized (and in many cases commoditized) IT services fr...
I can't comprehend that any event producer anywhere in the world today would answer this question by picking any one of the five available options presented. "A leading tool?" What do you mean by "a leading tool?" What other tools would you possibly have in this day and age? This quest...
I just got off our weekly Enomaly Webex in which I filled in as the host in place our product manager Pat Wendorf. I've become notorious for getting off topic when I do our Webex presentations and this week was no different. Actually doing these presentations really does help me think ...
I'm happy to announce the first episode in a new series of Enomaly Podcasts focused on one of the most important questions when looking at building, deploying and running public cloud computing infrastructures. The question of how to Make Money. Over the next few weeks we'll be posting...
Interesting post today over at the Whitehouse.gov blog by Vivek Kundra, the U.S. Chief Information Officer. The post describes both the rationale as well as what cloud computing, at least what it means to the US Government.Here are a couple of the more interesting parts."For those of y...
There is no better feeling than to see one our Enomaly ECP customers doing well in the competitive cloud service provider space. In particular City Cloud in Sweden has shared with me some interesting new customer wins including the Nobel Foundation's NobelPrize.org site. Yet another pr...
There’s something to be said about people with the right focus and experience working every button and lever for you… Clients frequently like to ask me the “which one is more secure” question about Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Se...
Until recently I've been in an odd spot, generally speaking my biggest competition when a potential customer came to us looking for an Infrastructure as a Service (IaaS) platform was either to build it yourself (aka huge risk) or buy it from us. (Yes there were a few other competitors)...
It's been fairly quiet on the blog front lately mostly because of my ridiculous travel schedule as well as an endless series of meetings both with new customers & partners. A recurring question I've been asked lately has revolved around one of the more difficult questions to answer...
Cloud is now mature enough that we can begin to identify anti-patterns associated with using these services. Keith Shaw from Network World and I spoke about worst practices in the cloud last week, and our conversation is now available as a podcast. Come and learn how to avoid mak...
After spending a week in the Peoples Republic of China I discovered that unlike the air quality a few things have become particularly clear to me. Saying cloud computing is big in China may be the understatement of the century -- it's gargantuan. It is the topic Du Jour. During my trip...
But Lori, what about SaaS (Software as a Service)? That’s cloud computing. Business users tap into that, don’t they? No, no they don’t. They tap into the software – that’s why it’s called Software as a Service and not Cloud Computing as a Service. The SaaS model also requires, necessar...
So we talked about some of the challenges – and hence opportunities – faced by Cloud Providers. Last time we talked about Trust, and how important Trust is for business relationships. Trust is already difficult in pretty straightforward environments, but in the context of Clouds, i...
This question has been puzzling a few folks of late, not just CloudFucius. The Judicial/legal side of the internet seems to have gotten some attention lately even though courts have been trying to make sense and catch up with technology for some time, probably since the Electronic Com...
I'm proud to announce the latest release of ECP Service Provider Edition. I know you'll typically hear me talk about how great our Enomaly ECP releases are (I am a little bias I know), but this one is a big one -- probably the biggest release we've ever done.The release 3.2 adds signi...
Trust is the fundamental business enabler. It is absolutely necessary for clients to trust their Cloud Providers. Without trust, business relationships cannot exist. Without trust, existing relationships cannot blossom. Trust becomes an issue as soon as there are potential conflicts...
Among both users and industry professionals, there is no shortage of discussion about mapping application types to the different cloud domains (public, private, hybrid, etc.). In my experience, quite a bit of this discussion centers on breaking down the characteristics and traits of th...
City Network, a leading Scandinavian provider of hosting services, announced today the launch of an innovative Cloud Computing service. The new service, called City Cloud, enables customers to create virtual servers and scale them up and down as needed with a single click. The service...
Last time, we saw that the biggest impediments to Cloud Provider’s adoption are Trust and Visibility. Today, we’ll look at the difficulty of predictive rightsizing, and how elasticity is one of the biggest value proposition of Cloud Providers.
While almost everyone in the tech industry is talking about the promise of cloud computing very little dialogue focuses on the technology challenges that will need to be addressed (before enterprises fully embrace cloud computing). And it is in that blue sky between cloud vaporware an...
Design of enterprise clouds incorporate multiple dimensions (security, data,service brokering, infrastructure management, etc..) and one of the most critical to understand is the impact of latency. With Network vendors starting to provide 10GigE connections, switches and fabric, and gi...
No one can properly understand anything related to enterprise-level Cloud Computing without having first gained a deep understanding of the capabilities of different Cloud players. SYS-CON's pioneering Cloud Computing Bootcamp is designed with that in mind. It is a one-day, fully immer...
Google, PayPal, Equifax, VeriSign, Verizon, CA, and Booz Allen Hamilton - some big names getting together to own your identity, so that your online transactions with government and commercial organizations becomes easier and more secure. This sounds like a great step forward, when y...
When it comes to my technical expertise in IT security, I’m generally familiar enough to know I should not pretend to be an expert. However, that has not kept me from getting a lot of valuable insight at the RSA conference this week. RSA has provided me the opportunity to hear a lot ab...
Some good news on the issue of security in the cloud. First, CA, Inc., has just joined the Cloud Security Alliance as a corporate member to help establish and promote best practices for security in cloud computing. The CSA is a non-profit organization formed to promote the use of be...
In the midst of the 1990's economic bubble, Alan Greenspan once famously referred to all the excitement in the market as Irrational exuberance. Similarly in today's cloud computing market a lot of the discussions seem to be driven by a new set of irrational expectations. The expectatio...
Security is always top of mind for CIOs and CSOs when considering a cloud deployment. An earlier post described the main security challenges companies face in moving applications to the cloud and how CloudSwitch technology simplifies the process. In this post, I’d like to dig a little ...
By now most of you have probably heard about the GoogleHack in China. Yesterday Google's Chief Legal Officer David Drummond wrote in a blog post that indicated the accounts of dozens of Gmail users in the U.S., Europe and China who are advocates of human rights in China were routine...
Recently I’ve been faced with a very difficult type of question, and it isn’t even technical. No, it’s not the typical ‘How do you find a buffer overflow?’ or ‘Can you write me code entirely in assembly in 20 minutes?’ It’s much more difficult to answer. It’s answer, to many people, ma...
According to Cerf, "Strong authentication will be a critical element in the securing of clouds." We know that authentication is a core for establishing trust between transacting parties. This requirement is now further heightened because of the expansion of corporate boundaries out t...
Security has been on the forefront of discussion in the technology community as being the primary concern gating enterprise adoption of cloud computing. Although this is a valid concern, most cloud providers, owing to the security demands of maintaining a multi-tenant infrastructure, p...
Integration is the Enemy of Security and so is Flexibility - an attribute that is essential for organizations to survive.  A corporation that cannot service its customers and suppliers, establish long sticky relationships with them and build an
Think giants of commerce and names like Amazon, Walmart and Expedia come up. Now, think how much those giants depend on the huge cloud computing infrastructure to be secure and reliable to keep their businesses running and in shape. So, if you’re an IT person, you can imagine how serio...
The CSA domain structure–even without the benefits of the guidance–at least serves as a concrete reminder of what’s behind the slogan. Have a close look at the guidance. Read it; think about it; disagree with it; change it–but in the end, make it your own. Then share your experienc...
Have you ever googled „information security strategy“? Try it yourself and see the results. What you get is bunch of mixed-up terminology, most of it does not (should not) fit into what information security strategy really is (or should be). Major misconception is this – information st...
According to wikipedia, information security means „protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction“. Another definition could be – „managing the process of mitigating (transfering, reducing, avoiding) u...
It’s important to distinguish cloud computing from several similar models that are often confused for cloud computing. Grid computing, for example, uses a virtual super computer composed of networked, connected computers that act in concert to perform significantly large tasks. Utility...
I'm off to Seoul, South Korea next week, but before I leave I wanted to give you a little holiday gift, yes, the gift of my prognostication. Before I do, as anyone who routinely reads my blog will understand, all I pretty much do is attempt predict the future. As an entrepreneur that h...