Rising to the Cloud Security Challenge

Grazed from TalkinCloud. Author: Mike Vizard.

For as long as anyone cares to remember the biggest inhibitor to cloud adoption has been concerns about security. In fact, when it comes to security the primary enemy has always been integration. By definition, the greater the number of points of integration there are the less secure something is. From an IT security perspective cloud computing, of course, is the ultimate form of integration.

But as much as integration might be part of the problem it’s also a big part of the solution. The more integrated security technologies become the more effective IT security solutions become inside and out of the cloud. For that reason, many IT security vendors are taking advantage of well-documented application programming interfaces (APIs) to drive a wave of alliances that go well beyond the basic marketing agreement...

Read more from the source @

Cloud Computing: Companies Should Heed DOJ’s New Cybersecurity Guidance to Minimize Liability

Grazed from Bloomberg.  Author: Kathryn Allen and Daniel Farris.

The Department of Justice (DOJ) has released new guidance on cyber preparedness and incident response, becoming the latest federal agency to do so in recent months. Newly sworn-in Attorney General, Loretta Lynch, has indicated that the investigation and prosecution of cyber crimes will be one of the top priorities of her administration. Although the Guidance sets forth only voluntary standards, companies wishing to minimize potential liability in enforcement actions and/or civil litigation should take notice.

In releasing its “Best Practices for Victim Response and Reporting of Cyber Incidents,” the DOJ's Cybersecurity Unit called upon law enforcement and private industry to share in the effort to improve systems that protect consumer information...

Top 9 cloud computing threats

Grazed from ComputerWorld. Author: Hamish Barwick.

Cloud computing has become ubiquitous for many companies but keeping it secure can be a challenge. Cloud Security Alliance Asia Pacific executive council chairman Ken Low shared the alliance’s top nine threats to the cloud at a Trend Micro event in Sydney.

9: Shared technology vulnerabilities

“In 2014, we have seen some of the most critical vulnerabilities such as Heartbleed which affected OpenSSL. That allowed people access to encrypted data,” said Low. There was also the discovery of the Shellshock vulnerability which affected the Bash shell. “Cloud service providers can scale their services by sharing infrastructure default to applications but the lack of strong isolation properties in monitored environments make them vulnerable,” said Low. He said that virtual patching can stop shared technology vulnerabilities...

Read more from the source @

Cloud Computing: The Army and the new DoD cyber strategy

Grazed from FederalTimes. Author: Robert Ferrell.

Secretary of Defense Ash Carter unveiled the new Department of Defense Cyber Strategy in an address at Stanford University in Silicon Valley, California, April 23, 2015. An update to the original strategy released in 2011, it identifies specific cyber missions for DoD and sets strategic goals to achieve over the next five years and beyond.

These missions and goals will guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. I encourage all to familiarize themselves with the new DoD strategy to gain a better understanding of how it will inform the Army's mission, priorities and way-ahead...

Cloud Computing: Threat Assessment

Grazed from CFO.  Author: David M. Katz.

In a February editorial about the buildup of cyber attacks between the United States and Iran, The New York Times quoted President Obama’s observation that, compared with conventional weaponry, cyberweapons provide “no clear line between offense and defense.” For example, getting into the enemy’s networks to exploit its weakness and disable its ability to attack you is both offense and defense.

Citing “major banks, Sony Pictures Entertainment, [and] an electrical utility,” the newspaper observed that such recent examples reveal that even corporate computer systems once considered impregnable are vulnerable to attack.  In the borderless world of information technology, in fact, computer-security specialists and corporate risk managers have begun working on the assumption that it’s impossible for companies to keep their networks completely free from penetration...

Cloud Computing: New Browser Hack Can Spy On Eight Out Of Ten PCs

Grazed from Forbes. Author: Bruce Upbin.

A group of Columbia University security researchers have uncovered a new and insidious way for a hacker to spy on a computer, Web app or virtual machine running in the cloud without being detected. Any computer running a late-model Intel microprocessor and a Web browser using HTML5 (i.e., 80% of all PCs in the world) is vulnerable to this attack.

The exploit, which the researchers are calling “the spy in the sandbox,” requires little in the way of cost or time on the part of the attacker; there’s nothing to install and no need to break into hardened systems. All a hacker has to do is lure a victim to an untrusted web page with content controlled by the attacker...

Cloud Computing: Raytheon to Plow $1.7 Billion Into New Cyber Venture

Grazed from WSJ. Author: Doug Cameron.

Raytheon Co. is betting it can leverage the cybersecurity skills it honed for the U.S. military and intelligence agencies to sell to banks and retailers, investing almost $1.7 billion to establish a stand-alone business in an area where its defense peers have struggled to make money.

The company on Monday said it would buy control of Websense Inc. from private-equity firm Vista Partners LLC. Raytheon said Austin, Texas-based Websense, which has 21,000 data-security clients, half of them overseas, will form the core of a new cyber joint venture with forecast sales of $500 million this year and margins of around 20%...

How best to manage Cloud security

Grazed from SeaCoastOnline.  Author: MJ Shoer.

Moving business systems to the Cloud offers a lot of positives for most businesses. However, there are risks that need to be clearly understood so you don’t accidentally make your IT infrastructure more complicated to secure.As more businesses fall under some form of regulation, federal, state or local, you have to be aware of compliance requirements.

You also have to be prepared for audits, especially the unexpected kind. What I’m talking about here are not financial audits, but regulatory audits where officials come to your business and review your security policies and practices, specifically as they relate to how your team accesses your various systems and your ability to continue operations should those systems become unavailable. In the current climate, this is mostly focused on business with some form of consumer business as opposed to businesses that solely do business with other businesses, but expect that to change...

Cloud Infographic – Path Of A Cyber Attacker

Grazed from CloudTweaks.  Author: Editorial Staff.

We’ve covered a fair bit of infosec here on CloudTweaks over the years. It’s an important area for all regardless of if you’re a consumer or a business.

Security expert and consultant – Chetan Soni, discusses some of the security issues and tools to consider as part of your business plan: “Cloud computing has become a business solution for many organizational problems. But there are security risks involved with using cloud servers: service providers generally only take responsibility of keeping systems up, and they neglect security at many ends. Therefore, it is important that clouds are properly penetration (pen) tested and secured to ensure proper security of user data…”

Cyber Incident Response: What To Do When Cloud Bites Back

Grazed from CCI. Author: Nick Pollard.

The technology increases efficiency by removing the need for physical infrastructure, but cloud contracts can present significant practical obstacles to incident response (IR) strategies. When a security incident happens, the speed at which the breach is identified is integral. The faster the response, the more quickly infectious malware can be halted, access stopped, sensitive data protected, and the threat remediated.

This makes a significant difference in controlling risk, costs, and exposure. But in a cloud world, the challenge arises when a company wants access to the servers that infrastructure is based on. Often, data centre providers will not allow a business to get into these, making it impossible to know where the attack is coming from...