Cloud Computing: Are Most Businesses Ignoring Security Weaknesses?

Grazed from TalkinCloud. Author: Dan Kobialka.

A new report from Chicago-based cloud services provider (CSP) Trustwave shows that most businesses are fully aware of their legal responsibilities in protecting sensitive data. Trustwave researchers, however, also pointed out that few businesses host security awareness tutorials and security planning meetings to keep their employees up to date about ongoing IT security issues.

Trustwave's "2014 State of Risk Report," released this month, revealed that 60 percent of businesses said they understand their legal responsibilities in safeguarding sensitive information, but 21 percent said they never perform security awareness training. Also, 23 percent said they never hold security planning meetings, and 24 percent noted they do not have employees read and sign their businesses' information security policies...

Cloud Computing: The Business of Security Is Business

Grazed from Wired. Author: Dan Holden.

Today’s security landscape feels more like a James Bond movie than normal life. International intrigue is now a standard equation for any large-scale cyber-attack, as we’ve seen recently with the Sony breach and the potential for North Korea being behind it all. Events like this are great fodder for politicos and make for glib and gossipy water cooler talk about the latest celebrity leaks, but they obscure the real dangers just beneath the surface.

What if skilled, persistent attackers targeted critical infrastructure like the water supply or electric grid, rather than a Hollywood studio pushing a silly movie? What if they targeted your business? With many calling 2014 the year of the data breach, corporate security teams are on notice. They face a wide range of threat actors, from nation-state cyber espionage to highly skilled patient attackers for hire, down to home gamers and nuisance attackers...

Hey, You, Get Off of My Cloud! Cloud Security Basics

Grazed from Business2Community. Author: Christina Heath.

Lately, it seems like everyone is “in the cloud”; big corporations, small businesses–you name it. But as we’ve learned time and time again, great technological advances don’t come without security risks. Though it’s quickly been adopted by organizations all over the spectrum, cloud computing is still a fairly new concept and, as with anything new in our technological age, it can take a while for security measures and legal policies to catch up. For now, that means it’s your job to make sure your information, and that of your customers, is protected.

Defining the Cloud and its Security Concerns

At its core, cloud computing involves using a network of remote Internet servers to store and manage data. Working in the cloud allows multiple users to access the same information and pool resources in real time. It eliminates the much greater security risks of thumb drives or email attachments and makes data and documents easily accessible from anywhere, unlike information stored on a PC or local server...

Cloud Computing: Most Violent Cyber Attack Noted To Date - 2008 Pipeline Explosion Caused By Remote Hacking

Grazed from CTOVision.  Author: Bob Gourley.

Reporting by Jordan Robertson and Michael Riley in Bloomberg is shedding new light on a destructive attack against an oil pipeline that caused a massive explosion in Refahiye Turkey in 2008. The event occurred six years ago, but information is just coming out indicating the cyber attack component of this event.

Robertson and Riley’s reports indicate that the pipeline was fitted with sensors and cameras to monitor all 1099 miles of the pipeline from the Caspian Sea to the Mediterranean, but the blast did not trigger a single distress signal. They also did not trigger the massive explosion and continuing combustion in eastern Turkey...

Cloud Computing: Cybersecurity requires more than 'patch and pray’

Grazed from SFGate.  Author: Editorial Staff.

Paul Kocher, one of the country’s leading cryptographers, says he thinks the explanation for the world’s dismal state of digital security may lie in two charts.  One shows the number of airplane deaths per miles flown, which decreased to one-thousandth of what it was in 1945 with the advent of the Federal Aviation Administration in 1958 and stricter security and maintenance protocols. The other, which details the number of new computer security threats, shows the opposite. There has been more than a 10,000-fold increase in the number of new digital threats over the last 12 years.

The problem, Kocher and security experts reason, is a lack of liability and urgency. The Internet is still largely held together with Band-Aid fixes. Computer security is not well regulated, even as enormous amounts of private, medical and financial data and the nation’s computerized critical infrastructure — oil pipelines, railroad tracks, water treatment facilities and the power grid — move online...

FBI moves to expand computer search powers, complicating Microsoft's push to protect overseas cloud customers

Grazed from GigaOM. Author: Jeff John Roberts.

Microsoft is the midst of a defiant stand against the federal government, insisting that a U.S. search warrant can’t force it to turn over emails located on a server in Ireland. The company has even taken the unusual step of opening itself to a contempt of court order, as part of a larger plan to reassure cloud computer customers in other countries that their data is safe from U.S. surveillance.

But now Microsoft’s high-profile legal campaign, which has received support from the likes of Apple and Cisco, could get under cut from another quarter: the FBI is quietly lobbying Congress to rewrite the rules for search warrants in order to expand their reach. If the lawmakers agree, this would mean that “searches” authorized by American judges would no longer be restricted to a specific geographic location in the United States (which is how search warrants typically work.)...

Ponemon Institute: IT Is Losing the Cloud Security Battle

Grazed from TalkinCloud. Author: CJ Arlotta.

A new study from the Ponemon Institute and SafeNet revealed that when it comes to data security and the cloud, the majority of IT departments are "left in the dark." The study of more than 1,800 IT professionals, titled "The Challenges of Cloud Information Governance: A Global Data Security Study," showed 71 percent of respondents said they believe it is more difficult to use conventional security practices to protect sensitive data in the cloud.

Instead, IT departments often rely on encryption and multi-factor authentication to safeguard their data in the cloud. "While the cloud has revolutionized the way IT is delivered, many IT organizations are finding it difficult to keep up with demand for these services and the security implications that are created when critical data is stored in the cloud," Tsion Gonen, SafeNet's chief strategy officer, said in a prepared statement...

Palerra comes out of stealth to automate enterprise security

Grazed from TechRepublic. Author: Conner Forest.

The advent and growth of cloud computing impacted almost every aspect of enterprise IT. Perhaps one of the biggest unresolved issues raised in the wake of the cloud revolution is how it has changed the way businesses look at security. On Tuesday, November 4, Palerra came out of stealth with its LORIC product to take a stab at fixing some of the security problems in the cloud stack. Palerra, formerly known as Apprity, was founded by enterprise software veterans Rohit Gupta and Ganesh Kirti with the goal of automating security in the enterprise.

"Holistically, the ability to automate forensics and automate incident response in this dramatic threat landscape that we live in, we think is absolutely critical for the health of the enterprise," Gupta. According to Gupta, security requirements have evolved from being inline in the network with early web apps, to the edge with mobile devices, and are now needed at the source, meaning the source of the data or application you are managing. Palerra focuses on "at the source" security...

Read more from the source @

Cloud Computing: Hacker Lexicon - What Is Homomorphic Encryption?

Grazed from Wired. Author: Editorial Staff.

The problem with encrypting data is that sooner or later, you have to decrypt it. Keep your cloud files cryptographically scrambled using a secret key that only you possess, and it’s likely no hacker will have the codebreaking resources necessary to crack them. But as soon as you want to actually do something with those files—anything from editing a word document or querying a database of financial data—you have to unlock the data and leave it vulnerable. Homomorphic encryption, a still-mostly-theoretical advancement in the science of keeping secrets, could change that.

A homomorphic encryption scheme is a crypto system that allows computations to be performed on data without decrypting it. A homomorphically encrypted search engine, for instance, could take in encrypted search terms and compare them with an encrypted index of the web. Or a homomorphically encrypted financial database stored in the cloud would allow users to ask how much money an employee earned in the second quarter of 2013...

Palo Alto Networks Brings Next-Generation Security to the Cloud

Grazed from PRNewsWire. Author: PR Announcement.

Palo Alto Networks, the leader in enterprise security, today extended its leadership in security services for private, hybrid and public cloud with the latest release of its virtual firewall series (VM-Series). Enterprises are keen to take advantage of the agility, scalability and cost benefits of cloud-based virtual data centers (VDCs) by building their own private cloud, purchasing public cloud services from providers, or adopting a hybrid cloud approach. Most enterprises are ultimately aiming for the portability of both the application and security policies, regardless of where the application is deployed.

However, when it comes to security, most public cloud environments are based on inconsistent network architectures common in traditional data centers and still rely on legacy security technologies – such as stateful inspection and port-based firewalls – that aren't capable of securing public cloud or hosted VDCs against sophisticated cyber threats...