Security

Cloud Computing: When Compliance Comes Down to Security

Grazed from CloudComputingExpo. Author: Fouad Khalil.

In the business world, it's hard to throw a rock without hitting a compliance requirement. All must be obeyed, but some call for a high level of control and auditability. Governing bodies are exerting their authority like never before, increasing the number of auditors and handing out heavy fines - sometimes as much as $1 million. This has become the new norm, and it isn't likely to turn around any time soon. It's important, then, to be aware of the primary threats that could undermine compliance efforts. The top three such issues are discussed below.

The Challenges of SOX

Public companies in the U.S. as well as foreign companies listed on U.S. exchanges are required by Sarbanes-Oxley (SOX) to assess their internal controls, have that assessment validated by an external auditor and report the assessment to the SEC. Information security professionals need to ensure that their organization complies with requirement in Section 302 and Section 404 of the legislation...

Read more from from the source @ http://www.cloudcomputingexpo.com/node/3900000

Security Teams Not Keeping Up With Exponential Cloud Server Growth

Grazed from TechWeek Europe. Author: Ben Sullivan.

No shift to the cloud comes without a conversation about security, and for attendees of the annual Black Hat security conference, one of the main issues about moving companies to cloud computing is seen to be the increase of the attackable surface area. Almost all of the respondents to a survey conducted by CloudPassage at the conference noted that when moving from traditional data centres to a cloud infrastructure environment, they increased the number of server workloads by a factor of two to 100 times.

‘Attackable surface area’

This, in turn, greatly increases their attackable surface area, and enterprises are worried. In fact, over three quarters of respondents said that security team hiring in the enterprise has not kept pace with this rate at which new server workloads are created, changed or retired in the cloud...

Cloud Computing: DOD Unveils Bold Road Map to Modify IT and Cybersecurity Approaches

Grazed from AFCEA. Author: Sandra Jontz.

New document lays out plans for department-wide operating system, use of CACs, data center consolidation and migration to cloud services. The U.S. Defense Department unveiled Thursday a bold information technology and cybersecurity road map that modifies its approach on several efforts in the rapidly changing environments.

The guide positions the department’s IT infrastructure and processes for a broad impact, in addition to hopes of greater security and scrutiny, said its chief information officer, Terry Halvorsen. Outlined in the nine-page paper are a number of DOD efforts, from its crawl to a department-wide operating system to its plans to ditch use of the common access card, migrate to a cloud environment and consolidate and virtualize its data centers...

Cloud Computing: AWS and Azure get the highest federal security rating: What happens from here?

Grazed from CloudTech. Author: Rick Delgado.

Cloud services have been able to store customers’ data for many years now, but the number of prospective clients for several vendors has recently dramatically increased. Back in late June, the announcement was made that three vendors had received special certifications from the federal government, allowing them to store sensitive data that the government had on hand.

Two of those providers are among the most popular within the cloud market, Amazon Web Services (AWS) and Microsoft Azure, while the third is CSRA’s ARC-P IaaS, a vendor that might not be as universally known as the others but still carries enough weight for those in the know. The news was certainly noteworthy for those providers, but it also has tremendous implications for federal agencies as well as the cloud market as a whole...

Intel Considers Sale of Cybersecurity Division: Report

Grazed from TalkinCloud. Author: Nicole Henderson.

Intel is considering the sale of its cybersecurity business it acquired for $7.7 billion six years ago, according to a report by the Financial Times over the weekend, as it considers the future of Intel Security. Intel Security was formed in 2010 after Intel acquired antivirus software maker McAfee, but the cybersecurity division’s focus on personal computing no longer fits with its strategy which has shifted towards the more lucrative data center market.

The news of the potential sale has brought Intel stock down 0.79 percent to $31.30 in pre-market trading on Monday, according to a report by TheStreet. Intel Security may fetch the same amount Intel paid for the business back in 2010 as private equity interest in cybersecurity providers has grown along with the complexity and sophistication of cybersecurity threats...

Cloud Computing: The State of Open Source Security in Commercial Applications

Grazed from CCI. Author: Editorial Staff.

Among other solutions to help customers manage and secure the open source software in their applications and containers, Black Duck conducts audits of customers’ software, both for companies on the “buy” or “sell” side in mergers or acquisitions. Typically, our audits are of commercial software that has been in the market for a number of years. During a six-month period from late 2015 through early 2016 Black Duck conducted a study of over 200 applications reviewed by our On-Demand team. Here are the highlights from the study…

You’re using open source more than you think

For all intents and purposes, everyone is using open source. Black Duck finds open source code in over 95% of the applications we analyze for clients. In our study, we found open source code comprised over 35% of the average commercial application we reviewed. If we were looking at code developed for internal use, the percentage was much higher… as high as 75%...

SugarCRM Teams With IBM Cloud To Boost Security and Control

Grazed from TopTechNews. Author: Dan Heilman.

IBM and longtime partner SugarCRM announced today that companies now have the option of running the Sugar customer relationship management (CRM) platform across IBM’s worldwide network of cloud data centers. That arrangement promise security-rich cloud environments, data isolation and performance, SugarCRM said. Based in Cupertino, Calif., SugarCRM produces the Web application Sugar, a CRM system available in both open source and commercial open source applications. A typical end user for Sugar is in a regulated industry such as banking, healthcare or financial services.

Partnership Means New Offerings

By choosing IBM Cloud, Sugar can be deployed across bare metal cloud servers, dedicated off-premises clouds or private cloud environments behind the firewall, according to SugarCRM. IBM Cloud is the only cloud company to offer SugarCRM customers those options. Organizations will also gain access to on-demand, scalable computing power, a global footprint, and a fast, private network via IBM's 46 cloud data centers worldwide, according to a statement from the companies...

Read more from the source @ http://www.toptechnews.com/article/index.php?story_id=032000J3TFLS

Cloud and security are main IT spending areas this year

Grazed from Channelbiz. Author: Antony Savvas.

New cloud-based solutions (56 percent) and data security (50 percent) are the key areas of investment for IT departments in the UK this year, according to research. A study of 400 senior IT decision makers from medium and large organisations in the UK, France and Germany has established the main spending priorities of firms.

Cloud solutions are seen as a key investment priority as they enable the simple management of data, documents and applications employees use on their devices. Through cloud computing, businesses are also able to use IT on demand, enabling them to upscale or downsize their computing provision in line with business growth...

2016 year of the cloud: lack of expertise dethrones security as the biggest predicted challenge for business

Grazed from WhaTech. Author: Editorial Staff.

What do Gartner, IDC and Clutch have in common? They all predicted that the cloud would become the centre of attention in 2016. Analyst house Gartner forecasts that the global public cloud services market is likely to reach $204 billion in value by the end on 2016, while a survey conducted by research firm Clutch shows that roughly 90 percent of enterprises intend to increase or at least maintain spending on cloud computing this year.

Last year security was the top cloud challenges, this year it was dethroned by the lack of resources or expertise -26 percent of respondents noted that cloud cost management is a significant challenge, but 32 percent said the lack of resources or expertise was by far the biggest challenge. Gartner, Inc. has predicted that the global public cloud services market will increase by 16.5 percent this year to total $204 billion...

Read more from the source @ https://www.whatech.com/cloud-computing/news/139509-2016-year-of-the-cloud-lack-of-expertise-dethrones-security-as-the-biggest-predicted-challenge-for-business

Cloud Computing: Amazon Launches Certificate Manager. Offers Free SSL & TLS Security Certificates

Grazed from Trak.in.  Author: Arnand Karwa.

The cloud computing industry is getting more and more competitive day by day. It has become a race between the leading cloud providers like Amazon Web Services (AWS), Google Cloud Platform, Microsoft Azure, and IBM SoftLayer.
 
Amazon Web Services in an effort to maintain the competitive edge of its services has now launches Amazon Certificate Manager (ACM). With this Certificate Manager, the web developers would now be able to obtain TLS (Transport Layer Security) and SSL (Secure Socket Layer) security certificates for free...