Cloud Computing: The Increasing Cybersecurity Attack Surface

Grazed from NetworkWorld. Author: Jon Oltsik.

I just read a good Wall Street Journal blog by Ben DiPietro titled, Speed of Tech Change a Threat to Cybersecurity. His main point is that while organizations are adopting new technologies like cloud computing, mobile computing, and applications based upon the Internet of Things (IoT), they continue to address cybersecurity risks, controls, and oversight with legacy tools and processes.

This creates a mismatch where cyber-adversaries have a distinct offensive advantage over a potpourri of assorted legacy enterprise security defenses. I couldn’t agree more Ben but it may be worse than you think as this discrepancy has been going on for years. In a 2012 research survey, ESG asked security professionals to describe the impact of numerous new IT initiatives on infosec operations and management at their organizations (note: I am an ESG employee). The research indicated that:...

Read more from the source @

Cloud Computing: Most Cyber Attacks Occur From This Common Vulnerability

Grazed from Business2Community.  Author: Tim Clark.

As you read this, hackers are working diligently to uncover avenues, inroads and byroads to get into your confidential corporate data. I know what you’re thinking. You’ve heard this all before, your company isn’t vulnerable and you already took care of it. Are you sure?

Time for a reality check. Even if you figured out how to plug holes in your networks, the hackers may be gaining access through applications and solutions. Sure, many organizations have significant network security in place but it’s not enough as 84% of all cyber-attacks are happening on the application layer...

Cloud Computing: Rise of the cybermen - A guide to neutralising 2015’s most dangerous security threats

Grazed from ITProPortal.  Author: Wieland Alge.

Recent speeches by UK Prime Minister, David Cameron, and US President Barack Obama demonstrate that cyber security is still a huge concern for national governments.  We should be in no doubt that another raft of counter-measures is being considered at national and international levels.

However, those in charge of IT security in the business community are not necessarily taking their cue from world leaders to re-evaluate their own policies and ensure they are still offering protection from the kind of cyber attacks that are likely to occur in 2015...

Cloud Computing: Top 3 CIO Challenges in 2015: Security, Downtime and Talent

Grazed from LogicWorks.  Author: Editorial Staff.

What are the top CIO challenges in 2015? According to a survey reported yesterday on, security, downtime, and staffing top the list of workplace issues “keeping CIOs up at night.”

No surprises there. After a flurry of recent high-profile cyber-attacks and internal security breaches, the majority of CIO executives will ramp up the security and availability of their systems in 2015, according to the report. Unfortunately, this often means that teams are scrambling to finish a checklist of CIO security concerns to patch up the most immediate vulnerabilities, rather than taking a longer view and building rigorous and monitored security practices into all layers of their IT deployments...

Security Vendors Say New Technologies Needed to to Bolster Cloud Defenses

Grazed from eWeek.  Author: David Needle.

Much work remains to be done if security breaches such as those at Sony Pictures Entertainment and health insurer Anthem are to become a rare event. That was the consensus of security vendors speaking at the OnCloud 2015 conference here this week. While malicious hackers will continue working to crack the latest security schemes, Barmak Meftah, CEO of AlienVault said security could be greatly enhanced by enterprises sharing more information.

“Imagine if we had a way to share threat data around the world,” he said. “For once we could be more proactive rather than reactive.” Only recently have companies become more forthcoming about data breaches, thanks largely to legislation and social media giving consumers an outlet to quickly spread the news that their personal accounts have been hacked and private information exposed...

See more at:

Cloud Computing: What Google knows about data security that you should know too

Grazed from CBC. Author: Jeff Green.

A new report on cloud storage prepared for Google by a Hamilton-based risk advisor shows that businesses need to take a truly global look to completely secure data. And in an interview with the CBC, James Arlen, director of risk and advisory services for Leviathan Security Group, says the same principles of data security companies such as Google need, apply to your personal data, too.

Arlen said the average person treats their personal memories like a digital shoe box, adding it just takes one "flood" for a catastrophic loss to occur. "The person who kept all the photos of the first four years of their child's life on their computer and now their hard drive crashed," Arlen said. "Now your child's photographic life begins at four."...

Cloud Computing: Cyber Security Web Site Dedicated to C-Suite and Business Personnel Launches

Grazed from PR.Com.  Author: PR Announcement.

The proliferation of cloud computing, big data, BYOD, mobile and inter-connected networks have become opportunistic breeding grounds for cyber criminals to disrupt business operations and cause financial loss as well as to gain access to corporate and personal data. Such losses were estimated last year in excess of $500 billion effecting companies of all sizes.

The impact of a corporate security exposure or breach is staggering and prior implications have proven to result in a loss of revenue, customer confidence and litigation...

Cloud Computing: Expert Advice - How to Up Your Cyber Security

Grazed from Entrepreneur. Author: Ann C. Logue.

The average cost to a U.S. business of a lost or stolen record containing customer information is $201, according to the 2014 Cost of Data Breach Study conducted by the Ponemon Institute for IBM. The most expensive incidents are due to malicious attacks, not to human error or process failure. That’s a problem for your business.

Mega-retailer Target may have had to pay cash to counter its late-2013 data hack, which reportedly affected up to 110 million customers, but it was lucky. Similar breaches have resulted in the destruction of companies. “If you get it wrong, your business can be erased,” says Ken Ammon, chief strategy officer at Xceedium Inc. in Herndon, Va. Xceedium sells platforms used by government and major corporate customers to manage access privileges on information systems...

New Cloud Computing Security Requirements Guide - Part II

Grazed from CCSKGuide. Author: Editorial Staff.

The DoD’s new Cloud Computing Security Requirements Guide (SRG), released by the Defense Information Systems Agency (DISA), replaces their previous Cloud Security Model. The guide outlines an overall “security posture” that directs cloud service providers (CSPs) seeking to work with the DoD. This article is a continuation of a previous one, which introduced the four new information impact levels. Here, we will examine the DoD process of risk assessment of cloud service offerings, as defined by the SRG.

Risk Assessment Process

Shifting to cloud computing means that risk management processes must change as well. The goal is to address requirements and controls, relative to the criticality of DoD information in the external cloud, in a cost effective way. At the same time, it is also to assure the security of DoD core missions and networks in accordance with the DoD RMF...

Cloud Computing: Fortscale and the Enemy Inside

Grazed from VirtualizationReview. Author: Dan Kusnetzky.

Fortscale's Idan Tendler, CEO and co-founder, came by to discuss what his company has been doing since our last conversation at the Splunk user group conference roughly a year ago. Each time I have the opportunity to speak with him, I learn something more about how analysis of the organization's operational and machine logs can help.

This time Tendler pointed out that many of today's security breaches or thefts of customer data can be attributed either to malicious staff behavior, or staff not following the enterprise's data governance or security policies. Staffers are typically given access to many of the organization's data assets...