Security

Security Concerns Drive Companies Back to Private Cloud

Grazed from Whir. Author: Cheryl Kemp.

Nearly all organizations would use hybrid cloud if the public Internet structure could be made more secure, yet most of them (57 percent) are migrating back to private clouds due to security and data protection concerns. According to 1,000 interviews with senior IT decision-makers conducted by Vanson Bourne on behalf of Tata Communications, cloud computing has been widely adopted yet concerns over security remain an obstacle to wider use.

Although most of organizations have some type of cloud, not all the data is stored there. Even though most companies would move to the cloud tomorrow if it were possible, only 28 percent of data is stored in the cloud and only 42 percent of infrastructure is virtualized. One of the barriers to more widespread cloud adoption and use is application readiness...

New Cloud Computing Security Requirements Guide - Part II

Grazed from CCSKGuide. Author: Editorial Staff.

The DoD’s new Cloud Computing Security Requirements Guide (SRG), released by the Defense Information Systems Agency (DISA), replaces their previous Cloud Security Model. The guide outlines an overall “security posture” that directs cloud service providers (CSPs) seeking to work with the DoD. This article is a continuation of a previous one, which introduced the four new information impact levels. Here, we will examine the DoD process of risk assessment of cloud service offerings, as defined by the SRG.

Risk Assessment Process

Shifting to cloud computing means that risk management processes must change as well. The goal is to address requirements and controls, relative to the criticality of DoD information in the external cloud, in a cost effective way. At the same time, it is also to assure the security of DoD core missions and networks in accordance with the DoD RMF...

Proposed US law could deal knockout blow to FBI in overseas cloud privacy ding-dongs

Grazed from TheRegister. Author: Iain Thomson.

The US Congress, now fully under Republican control, is getting busy with laws to protect data: two bipartisan bills appeared on Thursday that would bring the 1986 Electronic Communications Privacy Act (ECPA) bang up to date in the 21st century. The first piece of proposed legislation [PDF] is the Electronic Communications Privacy Amendments Act of 2015, submitted in the Senate by Senators Mike Lee (R-UT) and Patrick Leahy (D-VT) and in the House by Representatives Kevin Yoder (R-KS) and Jared Polis (D-CO).

The bill would require cops and the Feds to show probable cause when seeking a search warrant to rifle through people's emails and other data. (California is mulling over a similar requirement.) Under today's rules, set back when Ronald Reagan was in the White House, deem that any email can be searched, with probable cause or not, provided at least 180 days have passed since the message was sent and received...

Cloud Computing: Israel's Team8 attracts investment for cyber security firms

Grazed from Reuters. Author: Steven Scheer.

Team8, an Israeli venture capital fund focused on the cyber-security industry, said on Tuesday it had raised $18 million in its first round of funding, including investment from Alcatel-Lucent and Cisco . Also participating in the round were Bessemer Venture Partners, Marker LLC and Innovation Endeavors, which was founded by Google executive chairman Eric Schmidt.

Led by veterans of the Israeli army's 8200 intelligence and electronic espionage unit, Team8 aims to develop cyber-security companies that offer more in-depth protection than the usual defence against hacking attempts by generic malware. Bessemer partner David Cowan said that could set them apart from the legions of security start-ups in Silicon Valley...

Bitglass Joins Cloud Security Alliance

Grazed from MarketWire. Author: PR Announcement.

Bitglass, the Total Data Protection company, announced today that it has joined the Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within cloud computing. Bitglass is a Cloud Access Security Broker that delivers total data protection as enterprise data moves beyond the firewall -- in the cloud, on mobile devices and anywhere on the Internet.

The service enables some of the world's most security-conscious and regulated organizations to adopt public cloud apps by closing security and compliance gaps. The SaaS-based solution deploys in minutes and works without installing software agents on employee devices and without changing the user experience...

IBM SoftLayer vs. AWS cloud security: Choose your tools wisely

Grazed from TechTarget. Author: Beth Pariseau.

IT pros considering IBM SoftLayer and Amazon Web Services will find solid security in both clouds, though true cloud security should ultimately be something the user controls, experts say. IBM SoftLayer and Amazon Web Services (AWS) both cater to enterprises with extensive cloud security features, as well as marketplaces full of third-party products to secure the customer's side of the cloud.

Much of AWS cloud security revolves around encryption. It encrypts data at rest in the Simple Storage Service (S3) and Elastic Block Store (EBS). With the AWS Key Management Service, Amazon offers customers a choice of using master keys managed by AWS for encryption or controlling their own keys...

Cloud Computing: How Are Feds Handling Data Center Defense?

Grazed from Talkincloud. Author: Dan Kobialka.

A new MeriTalk survey of 300 U.S. federal IT decision-makers showed that the number of reported breaches on U.S. federal computer networks has nearly doubled since 2009. The majority of these professionals are concerned about cybersecurity as they update their data centers as well.

The survey, underwritten by Palo Alto Networks (PANW), revealed 67 percent of U.S. Feds are concerned with cybersecurity as they modernize their data centers. Also, 49 percent said they believed that the data center modernization process makes cybersecurity more challenging...

Read more from the source @ http://talkincloud.com/cloud-computing-research/02032015/how-are-feds-handling-data-center-defense

IBM announces new cloud-based identity protection

Grazed from BetaNews. Author: Editorial Staff.

Many of the things we do online require an ID and password, but typically whilst this makes things easier for the site it doesn't always do a lot to protect the user, who may be revealing more information than they need. For example you may have to reveal your full date of birth and address to a video streaming service in order to verify your age and region, running a risk that the information may fall into the wrong hands.

Now researchers at IBM have announced plans for a new cloud-based technology to help consumers guard their personal data. The technology, called Identity Mixer, uses a cryptographic algorithm to encrypt the identity attributes of a user, such as their age, nationality, address and credit card number in a way that allows the user to reveal only selected pieces to third parties...

Cloud Computing: What Burglars Can Teach Us about Network Security

Grazed from TechCocktail.  Author: Santosh Satya.

A little more than a decade ago, three famous paintings were on display at the Whitworth Gallery, an art museum in Manchester, England. Since the works of Gauguin, Picasso, and Van Gogh were valued at about $8 million, they were heavily protected by security guards and electronic systems. Guards patrolled the gallery. Alarms were set in place. And closed-circuit television scanned the paintings.

Still, none of this was enough. Burglars broke into the Whitworth Gallery in late April, 2003 and stole the three paintings. A few days later, the expensive masterpieces were found in a public restroom near the art museum. A note attached to the masterpieces dismissed the episode as a caper designed to test the woeful security measures. This bold art burglary is a lesson for network administrators who guard information systems...

New Guidelines Highlight Importance of Cloud Computing Security

Grazed from MidsizeInsider. Author: Marissa Tejada.

Keeping sensitive data and information safe is top of mind for the U.S. Department of Defense (DoD). The agency's new cloud computing security requirements are relevant for cloud computing vendors seeking to help midsize firms secure their data.

What the Guidelines Mean

The DoD's new Cloud Computing Security Requirements Guide, released by the Defense Information Systems Agency (DISA), replaces their previous Cloud Security Model. According to WHIR, the guide outlines an overall "security posture" that helps guide cloud service providers seeking to work with the DoD. These new guidelines were designed with agency security in mind, outlining how the public cloud can be utilized without compromising proprietary data...