Cloud Security

Developer Says FBI Fiddled With OpenBSD

Grazed from Internet Evolution.  Author: Sean Gallagher.

A former contributor to the code in the OpenBSD operating system that handles encryption of data has alleged that the FBI paid developers working on the code to write in backdoor mechanisms to circumvent authentication and give law enforcement unfettered access to data.

Microsoft gains cloud security certification, follows Google lead

Grazed from ComputerWorld.  Author:  Jon Brodkin.

Microsoft has received FISMA certification for its cloud computing data centres, a key step toward gaining customers in the federal government market that has been infiltrated by rival Google. However, Microsoft's hosted Exchange and Online services have not yet been awarded FISMA approval.

White hat hacker Mafiaboy casts doubt on cloud computing security

Grazed from ComputerWorld.  Author: Jeff Jedras.


Michael Calce, the reformed hacker from Montreal who will forever be known as Mafiaboy, told a group of IT professionals Tuesday that he has serious concerns about the inherent vulnerabilities in the latest evolution of information technology: cloud computing.

Kroes calls for better EU cloud security

Grazed from ZDNet.  Author:  Jack Clark.

"A cloud without robust data protection is not the sort of cloud we need. So these features should be well-integrated in the design of cloud-computing products and services, from the very beginning of the business processes," Kroes said on Thursday in a speech at the Les Assises du Numerique conference in Paris.

Data protection standards must also be transnational, she added, noting that "the free movement of personal data within the EU is another way to complete the digital single market in Europe".

Authenticating yourself in the cloud

Grazed from ComputerWorld.  Author:  Manny Vellon.

Of all that has been written about cloud computing, precious little attention has been paid to authentication in the cloud.

Before we get to that, let's review how authentication works on a private network.

When you log on to your machine and then try to access a resource, say a file server or database, something needs to assure that your username and password are valid.  If you're logging onto a Windows machine, this authentication is performed by a component called the "Local Security Authority Subsystem Service".

Gartner: Companies need shift in private cloud security

Grazed from ComputerWorld.  Author:  Antony Savvas.

The security systems of businesses must "evolve" as they move from virtualised data centres towards private cloud infrastructures, according to analysts at Gartner.

Gartner predicts that by 2015, 40 percent of the security controls used within enterprise data centres will be virtualised, up from less than five percent in 2010.

US Defense Dept. Expands Cyber-Security Role

Grazed from Internet Evolution.  Author: Sean Gallagher.

When the US Department of Defense started the ball rolling to create US Cyber Command, its network and information systems security and intelligence organization, there were a lot of people who were uncertain what such a command would do -- in fact, the whole idea of "cyber-warfare" was still sort of nebulous. There were concerns from within the government, in Congress, and from observers outside that Cyber Command would expand DOD's activities out into the civilian domain.

Cloud computing vendors 'should address security concerns'

Grazed from Experian QAS.  Author: Neil Hill.

Cloud computing vendors looking to increase the number of companies using their services will be most successful if they can prove the security of the offerings.

According to Rob Ayoub, global programme director for information security research at Frost & Sullivan, many companies are currently holding back on a move to the cloud because of security and availability concerns.

He said that cloud computing providers should be in a position to provide reassurance to potential clients on these issues, reports Computerworld New Zealand.

RSA Sees GRC Moving to the Cloud

Grazed from IT Business Edge.  Author: Michael Vizard.

The increasing complexity of complying with regulations has become one of the primary drivers pushing IT organizations to shift management of governance, risk management and compliance (GRC) into the cloud.

According to Art Coviello, president of the RSA division of EMC, a new report issued by a Security Council for Business Innovation, which is made up of senior IT executives that are customers of RSA, highlights the increased nuance and specificity required to manage GRC.

Forecast for Cloud Security: Still Cloudy

Grazed from ChannelPro SMB.  Author: Herman Mehling.

While many companies are moving their apps and services to the cloud, roughly half are unaware of what they are getting themselves into, security-wise. That’s the main finding of Security of Cloud Computing Users, a recent study done by the Ponemon Institute for CA Technologies.