DISA Releases Cloud Security Requirements

Grazed from FedWeek.  Author: Editorial Staff.

The Defense Information Services Agency has released new cloud computing security requirements for DoD and contractors to follow.  The DoD Cloud Computing Security Requirements Guide (SRG), Version 1 supersedes the Cloud Security Model (CSM) V2.1.

The new SRG includes details on how to transition from the CSM for cloud service providers that are currently being assessed, or that have a provisional authorization. It also applies to all CSP offerings, regardless of who owns or operates the environments, according to DISA...

New Guidelines Highlight Importance of Cloud Computing Security

Grazed from MidsizeInsider. Author: Marissa Tejada.

Keeping sensitive data and information safe is top of mind for the U.S. Department of Defense (DoD). The agency's new cloud computing security requirements are relevant for cloud computing vendors seeking to help midsize firms secure their data.

What the Guidelines Mean

The DoD's new Cloud Computing Security Requirements Guide, released by the Defense Information Systems Agency (DISA), replaces their previous Cloud Security Model. According to WHIR, the guide outlines an overall "security posture" that helps guide cloud service providers seeking to work with the DoD. These new guidelines were designed with agency security in mind, outlining how the public cloud can be utilized without compromising proprietary data...

Cloud Computing: SAP Asks Microsoft, Apple to Share Hacker-Fighting Intelligence

Grazed from Bloomberg. Author: Aaron Ricadela.

SAP SE is trying to marshal business technology’s biggest suppliers to gather hacker-fighting intelligence following a spate of security problems with open-source software. The biggest maker of business applications has contacted companies including Microsoft Corp. (MSFT) and Apple Inc. (AAPL) about sharing information on analyses of the weaknesses in open-source code, which is generally free to run and available for the user community to improve, according to Gordon Muehl, chief technology officer for security at Walldorf, Germany-based SAP.

More cooperation among the business-software makers could help stanch security flaws found in the open-source programs, which increasingly touch online services and devices used by billions of people. A flaw called Heartbleed, discovered last spring, left hundreds of thousands of servers and routers vulnerable to attack. Another one, Shellshock, emerged in September...

Cloud Computing: Palo Alto Networks - Proactively Averting Cyber Attacks

Grazed from SysConMedia.  Author: Charles Hall.

Cyber threats are becoming more advanced, persistent, and focused. The threat landscape is rapidly changing, and evolving faster than ever. Today it is difficult to determine who is winning: either those behind the cyber threats, or those fighting to prevent and remediate the threats. The strategy against cyber threats has been to throw more and more technology at the problem, in an attempt to keep up, and it is not working.

What if there was a way to prevent a cyber attack before it could ever happen? While no solution will prevent 100% of attacks, the goal should be to get as close as possible. Moving to a more proactive solution makes it increasingly difficult for attackers to achieve successful attacks...

Read more from the source @

Cloud Computing: The Wild, Wild Web - How To Catch Cybercrooks

Grazed from eWeek. Author: Lillian Ablon.

When cybercriminals can easily buy cheap hacking programs with exotic names like Fiesta, Lucky, Nuke, Siberia, Sploit, Tornado, Sweet Orange and Cool, what chance that anything online can remain safe? Lillian Ablon and Martin C. Libicki offer ideas for how to close down Web thieves.

Black markets for computer-hacking tools, services and by-products, including stolen credit card numbers, continue to grow, posing threats to businesses, governments and individuals. A prominent recent example was the capture of an estimated 40 million credit card numbers and 70 million user accounts in the December 2013 breach of retail giant Target. Within days, those data appeared—available for purchase—on black market websites...

Cloud Computing: The perimeter's breached - encrypt everything!

Grazed from SCMagazine.  Author: Tony Morbin.

Last year's slew of criminal data breaches made it clear that the perimeter has fallen and the privacy of our data is at risk – whether that be passwords and credit cards or celebrity pictures and corporate secrets, while government agencies from China, Russia and the west continue to demonstrate vast intelligence surveillance capabilities.

One of the most effective responses for corporations, governments or individuals is to take a data- centric approach using encryption, potentially making data useless to intruders, or at least, raising the cost of access.  Late last year SC Magazine UK editor in chief Tony Morbin interviewed Alan Kessler, president and CEO, Vormetric, to get an industry view on issues in the commercial encryption market...

Cloud security should be an enterprise priority in 2015

Grazed from DataPipe.  Author:  David Lucky.

With 2015 all but arrived, it's natural for technology experts to offer their predictions for the new year. Oftentimes, these take the form of optimistic forecasts of the new advancements on the horizon. However, sometimes industry professionals acknowledge that the coming months will have their fair share of challenges.

The realm of cloud computing security is a case in point. Writing for InfoWorld, David Linthicum recently highlighted three cloud computing predictions that he would like to see come to fruition in 2015 but which are not likely to reach this point. And the rise of cloud computing security mastery among enterprises was his leading pipe dream. In reality, these companies will continue to rely on managed security services to safely leverage cloud resources in the foreseeable future...

2015 Tech Forecast: Clouds, Wearables, Cybersecurity

Grazed from Investors.  Author: Patrick Seitz.

In tech, 2015 will be big for: wearables, cloud computing, the Internet of Things and, alas, cybersecurity problems.  The year kicks off with the giant International Consumer Electronics Show in Las Vegas where wearable devices — from smartwatches and activity trackers to body-worn cameras and computer glasses — will be a major focus.

The four-day conference starts Tuesday. But one much-anticipated wearable will not be at the show, Apple's (NASDAQ:AAPL) Apple Watch.
The Apple Watch, unveiled by Apple CEO Tim Cook at an October event, is slated for release in early 2015...

Cloud Computing: How to Raise Security IQs Within Your Organization

Grazed from TalkinCloud. Author: Todd Thibodeaux.

We previously looked at what challenges CSOs will face in 2015, but executives aren't the only ones responsible for their company’s IT security. Any organization is a potential target for tech-related crises, and all levels of staff can take steps to protect their data and devices from being compromised. Ongoing user education continues to be the best defense against cyber attacks, and security-conscious business processes will play a larger role in these efforts next year and beyond.

Here are three suggestions to help your employees to be more security-aware. Devote More Attention to Devices: Rather than hold an annual security briefing, CSOs should work regularly with managers across departments to integrate cybersecurity best practices into employees’ workflow, especially with regard to the devices they use...

Cloud Computing: Cybersecurity Hindsight And A Look Ahead At 2015

Grazed from TechCrunch. Author: Yoav Leitersdorf.

This year we witnessed a series of high-profile security breaches, from the aftermath of the Target and Home Depot fiascos, to a number of attacks on other national retailers, including Michaels, Goodwill and Neiman Marcus. Then there was the massive breach at JP Morgan Chase, which compromised personal information of more than 83 million households and businesses, and finally over 100 terabytes of internal files and films recently stolen from Sony.

Nobody was safe in 2014. In addition to large retailers, media companies and financial institutions, technology companies like eBay and Snapchat were hacked, too, and so were government organizations and healthcare institutions. Also this year, massive Internet infrastructure vulnerabilities were discovered, including Shellshock, Heartbleed and POODLE...