Is It Safe To Store Your Trade Secrets In the Cloud?

Grazed from Forbes.  Author: Eric Savitz.

A CIO’s nightmare may be realized if several seemingly-plausible assumptions regarding “cloud” computing and storage turn out to be untrue. These may include the assumption 1) that it is safe to put “everything” my company has in the cloud; 2) that my company’s trade secrets will remain protectable “secrets” in the cloud, even after an accidental leak or an intentional hack is stopped; and 3) in the event of leaks or hacks, the cloud service providers are liable for our losses under our cloud-service agreements. Unfortunately, these assumptions may not be correct...

Getting Your Take on Cloud Security

Grazed from Gov Info Security.  Author: Eric Chabrow.

Cloud computing gives the jitters to those charged with protecting their organization's IT systems and data. After all, vital data flow through the Internet to servers that often are beyond the control of an enterprise's IT security organization. And, to gauge that concern, Information Security Media Group, publisher of GovInfoSecurity, has just fielded Cloud Computing Security Survey 2012.

The survey will examine not only cloud security concerns, but how security leaders address these concerns through policy, technology and improved vendor management. Survey takers will be from all sectors and from around the globe and include IT, IT security and business managers and professionals involved in their organization's cloud computing efforts...

Cloud computing and the looming global privacy battle

Grazed from The Washington Post.  Author: Michael Chertoff.

Agrave threat is said to be stalking Europe. No, it isn’t the financial crisis and the potential demise of the euro. It’s the “rapacious” U.S. approach to privacy — which portends, for those engaged in the development of cloud architecture, a coming “clash” of privacy laws.

According to Viviane Reding, the European Union’s justice commissioner, cloud-based companies that collect personal data are violating fundamental human rights. “We . . . believe that companies who direct their services to European consumers should be subject to EU data protection laws. Otherwise, they should not be able to do business on our internal market,” Reding wrote in November. “This also applies to social networks with users in the EU. We have to make sure that they comply with EU law and that EU law is enforced, even if it is based in a third country and even if its data are stored in a ‘cloud.’ ”...

FBI insists cloud providers meet strict security requirements

Grazed from FierceCIO.  Author: Caron Carlson.

Large enterprises continue to have reservations about the security of cloud computing, and apparently the FBI does too. The agency made it clear this week that any cloud providers who want to do business with U.S. law enforcement agencies must abide by its Criminal Justice Information Systems security requirements--which is a very high bar, reports Jaikumar Vijayan at Computerworld.

"The FBI remains committed to using technology in its information-sharing processes, but not at the sacrifice of the security of the information with which it has been entrusted," Stephen Fischer Jr., a spokesman for the FBI's CJIS division, told Computerworld...

Cloud computing can add an extra layer of security

Grazed from iHotDesk.  Author: Editorial Staff.

Contrary to what some people believe, cloud computing can work as an additional security measure.

Despite security issues being one of the biggest concerns brought up by businesses since cloud computing platforms began to take off a few years ago, John Dunn, security editor of Techworld, believes that the technology can actually help protect your company if used correctly.  Indeed, he feels that many people merely get the jitters when they think about off-site application hosting because, on the face of it at least, it does sound like a hacker's dream.

"The security layer the companies have, the security software and products they buy and the infrastructure they run means there is a real move to actually buy that as a service," Mr Dunn said. "So all of the traffic that goes in and out of your company will come through a layer that's run by a cloud company - it will be filtered and looked at...

Safe and Sound: Cloud Security and Reliability

Grazed from PipeLine.  Author: Tim Young

The thing about hype is that, sooner or later, it's time to put-up or shut-up. That time, it seems, has come for the cloud.

Here in the U.S., the National Institute for Standards and Technology (NIST) has published its final, official definition of cloud computing, after 15 previous iterations. This "model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources" is more than just web-apps and off-site storage. It's a definition that characterizes a baseline for cloud computing against which agencies and potential cloud adopters can judge so-called "cloud" services.

By having this standard against which to measure services, according to NIST computer scientist Peter Mell, "They are more likely to reap the promised benefits of cloud—cost savings, energy savings, rapid deployment and customer empowerment." ...

Cloud Computing: Easing Some Of Virtual Security's Complexities

Grazed from Network Computing.  Author: Robert Mullins.

While virtualization and cloud computing pretty much dominate the IT world, security and compliance with IT standards are neither trivial concerns, nor going away anytime soon. But in some ways, security is easier to accomplish in virtual systems than in physical

Take the task of tracking an inventory of IT assets in a data center, for instance. Catbird, a security and compliance technology vendor, has just introduced version 5.0 of its vSecurity suite of tools for securing virtual, cloud and physical networks. One feature of the product is Automated Asset Inventory: every time a new device is attached to the network -- a server, a router or a printer -- the inventory feature sees it and applies the appropriate security rules to it...

How to protect your IP in the cloud

Grazed from InfoWorld.  Author: Stephanie Overby.

Around this time last year, the cloud computing contract signings were coming fast and furious -- not just for commodity work like IT management or email, but for software and infrastructure closer to the core of corporate value. Not long after that, the calls started to come in to Greg Bell, principal and the Americas service leader for information protection at KPMG.

Cloud services customers more often line of business leaders that IT executive -- were panicked as they began to realize that their intellectual property (IP) was now at risk. Some, like one client who discovered that he'd potentially exposed his company's precious formulas, had to bring the software and associated processes back in-house -- at no small expense. "They quickly went through an assessment, made very aggressive movement [into cloud computing], and then had to retreat because they were not able to put the proper controls in place," says Bell...

Financial Information on the Cloud: Considering the Role of Trust

Grazed from Business Insider.  Author: Editorial Staff.

Cloud computing is the latest buzz word. Many companies are adopting this convenient, on-demand service to enable themselves to save the costs involved in establishing computing infrastructure such as hard drives, development platforms, databases, computing power, or complete software applications.

Whether you are using public cloud, private cloud, virtual private cloud and/or hybrid cloud for your organization, cloud computing focuses on core business processes and offers greater efficiency by allowing data center upkeep and maintenance to be managed offsite. Cloud computing is certainly an alternative technology to get the job done in with less money.

Cloud computing has penetrated each and every department of any organization including human resources, maintenance/operations, marketing, product development, IT (maybe), logistics (if shipping/movement of items), customer service (if needed)/product support, and legal (if a large corporation)...

CloudPassage Launches Halo NetSec to Automate Strong Network Security in the Cloud

Grazed from MarketWatch.  Author: PR Announcement.

CloudPassage, the leading cloud server security company, today unveils Halo NetSec, an automated solution that provides advanced network access control for servers running in public clouds including Rackspace and Amazon EC2. Halo NetSec is specifically designed for multi-cloud environments, installs in less than five minutes and provides administrators with easy-to-manage perimeter controls.

"Cloud computing has ushered in a new set of security risks and challenges that are not addressed at the IaaS level, and traditional firewall defenses do not adequately translate into the cloud," said Andrew Hay, senior security analyst for 451 Research. "A host-based server security solution designed specifically for cloud environments picks up where the IaaS leaves off, providing organizations with the scalable security they need to consider when migrating traditional on-premise systems to the cloud."...