Cloud Computing Resources Directory

  the Basics  
  for Buyers & Users  
  for Vendors  
  for Developers  
  by Industry  
  Analysis  
  Custom View  
  Moving to the Cloud  
  Service Considerations  
  Applications  
  Platforms  
  Infrastructure  
  Cloud Services  
  Security  
Application Security Infrastructure Security
Is There Auditible Security in the Cloud?
Is There Auditible Security in the Cloud?
by Preston Williams III
An extensive discussion about various platforms, architectures, and application layers as well as corporate protocols and policies provides a lot of food for thought as we consider how, when, and if we should deploy a public or private cloud in our enterprise.
read the full story >>
Cloud Computing and the Patriot Act
Cloud Computing and the Patriot Act
by Jonathan Gershater
A careful reading of the Patriot Act does not give the Federal government, unfettered carte-blanche access to data stored in organizations’ databases. Users can protect their information stored by cloud computing providers, using encryption. Encryption modifies the storage of data so that it can only be read by users with software and encryption keys to decrypt the data.
read the full story >>
How Cloud Computing Paradigm Can Meet the Challenges of Adaptive Security Systems?
How Cloud Computing Paradigm Can Meet the Challenges of Adaptive Security Systems?
by Irina Neaga
The cloud computing model should drive and potentially apply for the design and development of the next generation of adaptive security systems. This essay shows some conceptual ideas and directions based on systems engineering methods and architecting principles.
read the full story >>
Cloud Security Starter Kit - Overview
Cloud Security Starter Kit - Overview
by Jeff Vance
Security continues to be the number one obstacle to cloud adoption. Yet, despite widespread security concerns, cloud computing is taking off. The question now is not “will my organization move to the cloud?” Rather, it is “when?” This is the first story of a series of stories where Cloudbook will explore how to get started with cloud security. What are the bare essentials? How do you merge traditional controls with advanced technologies like DLP (Data Loss Prevention) and risk scoring? How will you convince auditors that your cloud projects are as secure as your on-premise ones?
read the full story >>
How to Steal Data from the Cloud
How to Steal Data from the Cloud
by John Mutch
I recently saw a media interview where they said everyone at RSA is talking about buying into the cloud and everyone at Black Hat is talking about how they’re hacking into it. Despite over 85 percent of IT professionals being worried about security in the cloud, 90 percent of virtualized environments have put their heavily regulated, mission-critical data on virtual servers. In other words, the cost benefits are so compelling, IT must turn a blind eye to the security shortcomings of their virtualized environment and march forth.
read the full story >>
The Intersection of Enterprise Mobility and Cloud Computing
The Intersection of Enterprise Mobility and Cloud Computing
by Raffi Tchakmakjian
End-user-driven connectivity in a cloud infrastructure can often lead to degraded service and minimized benefits when organizations rely on mobile workers to manually establish connectivity. Unbudgeted access costs and security holes only exacerbate the problem when mobile employees make expensive and unsecured connectivity choices from the field. As 70% of the North American workforce is now mobile, cloud-based environments require a transparent mobile policy management strategy. More corporate data now resides on mobile devices and is distributed on off-site servers; protecting that data is becoming a mission-critical priority. Visibility and control of the myriad ways end-users access and leverage a cloud computing environment are crucial to ensuring a successful mobile investment.
read the full story >>
Making the Cloud Secure for the Enterprise
Making the Cloud Secure for the Enterprise
by Ellen Rubin
Security issues associated with third-party cloud environments continue to prevent organizations from taking advantage of the cost savings and flexibility that the cloud can offer. Today, using a public cloud means moving from an internal environment where a company has complete control of data and processes to an environment where that control belongs to someone else, and is often opaque. Within the cloud, applications run in a multi-tenant environment sharing virtual machines with other customers. Companies considering moving an application to a cloud have legitimate concerns about data being compromised or stolen, including unauthorized access by cloud administrators, exposure in the Internet or rogue employees using the cloud to corrupt or leak sensitive information.
read the full story >>
Email encryption process in Hosted Exchange
Richa Pokhriyal - Digital Media Specialist at Egocentrix

The blog post describes the email encryption basics in Hosted Exchange.


Healthcare Data on the Cloud – The Reality of Sensitive Information Online
Gerry Grealish - Vice President, Marketing & Products at PerspecSys

The convenience, efficiency and cost benefits cloud computing offers organizations has made moving healthcare data and records to the cloud make sense for hospitals, physicians and other healthcare providers. Security and data breaches are a concern for any industry utilizing the cloud, but healthcare unfortunately seems to be particularly vulnerable to attacks. The Washington Post recently reported that The Department of Homeland Security is fearful that the health industry is “inviting” an attack with its out-of-date policies and lack of oversight. Read More


Data Privacy and Compliance in the Cloud Preview PDF
Gerry Grealish - Vice President, Marketing & Products at PerspecSys

An in-depth report on how cloud data encryption and tokenization satisfy industry mandates and legal regulations associated with protecting sensitive data in cloud SaaS applications. Read More: http://www.perspecsys.com/resources/resource-center/knowledge-series/data-privacy-compliance-in-the-cloud/


Critical Questions To Ask Cloud Protection Gateway Providers Preview PDF
Gerry Grealish - Vice President, Marketing & Products at PerspecSys

Security and IT professionals need to focus on critically analyzing vendors’ marketing and solution claims to ensure the technologies offered truly deliver the data privacy, security, and compliance results needed by their organizations. This paper, from cloud security provider, PerspecSys, helps guide the analysis. Read More: http://www.perspecsys.com/resources/resource-center/knowledge-series/critical-questions-to-ask-cloud-protection-gateway-providers/


Beyond PCI - Exploring Tokenization for Cloud Data Protection
Gerry Grealish - Vice President, Marketing & Products at PerspecSys

Tokenization has a long history in the payment card industry as a standard approach for the protection of payment card information. Well-established industry standards for tokenization are published by the PCI Security Standards Council as part of the PCI DSS (data security standard). More recently, a category of solutions called cloud data protection gateways has emerged to address the data residency, security and privacy compliance needs of organizations seeking to adopt public cloud technology, and tokenization is commonly offered – in addition to encryption – as core functionality in these solutions. In this one-hour session, Coalfire, a leading PCI QSA, FedRAMP 3PAO, and HITRUST CSF Assessor will join PerspecSys to: Highlight recent findings from a Coalfire perspective report on the top risks associated with the cloud, Explain the use of tokenization to protect cloud application data, exploring its strengths and highlighting practical deployment considerations, Share key evaluation criteria when assessing possible solutions.


Discover How to Bring Trust to the Cloud: Strong Authentication for SaaS Applications
Mitesh Soni - Technical Lead at iGATE

However, the same exact benefits of the SaaS delivery model that are driving the trend may actually slow down further adoption of the SaaS applications by the enterprises. Why do IT departments get skeptical about moving their mission-critical applications and data into the cloud? The answer is quite simple; security concerns are increasingly cited among the reasons for slower adoption of SaaS. As a SaaS provider, you very well know that offering services in the cloud can be both rewarding and challenging at the same time. You clearly have a competitive advantage over the traditional application providers by offering rapid deployment, requiring fewer resources, and reducing overall cost of a software solution. How do you overcome the security challenge?


Summary of Guidelines on Security and Privacy in Public Cloud Computing (NIST-December 2011)
Mitesh Soni - Technical Lead at iGATE

Summary of Guidelines on Security and Privacy in Public Cloud Computing (NIST-December 2011) NIST has discussed following things: -Benefits and drawbacks of public cloud services from a security and privacy perspective. -Key security and privacy issues in public cloud computing and precautions -Guidance on addressing security and privacy issues.


Federated Identity Management in Cloud Computing
Mitesh Soni - Senior Software Engineer at iGATE Patni

“Identity” consists of a “set” of information based on context, allied with a definite entity (End User or System). Identity Management should include: Identity Provisioning, De-Provisioning, Identity Information Security, Identity Linking, Identity Mapping, Identity Federation, Identity Attributes Federation, Single Sign On, Authentication and Authorization. With the adoption of cloud services, the organization’s trust boundary has become dynamic. It has moved beyond the control of IT. Identity & Access Management is a critical requirement considering data sensitivity and privacy of information have become increasingly an area of concern in cloud.


Tokenization for Cloud Data Protection
Gerry Grealish - Vice President, Marketing & Products at PerspecSys

This paper offers a high-level overview of tokenization as a data protection and obfuscation technique in the cloud. It also discusses the PCI Data Security Council’s tokenization standards.


enStratusCloud Governance Tool
Mitesh Soni - Research Engineer at iGATE Patni

enStratus is a cloud infrastructure management platform from enStratus Networks LLC that addresses the governance issues associated with deploying systems in public, private, and hybrid clouds.


SAS 70 & Cloud Computing
Mitesh Soni - Research Engineer at iGATE Patni

The Statement on Auditing Standards No. 70 (SAS 70) has become the ubiquitous auditing report by which all cloud computing service providers are judged. So how did this financial auditing report become the standard by which we examine cloud service providers? How much can we trust this report as a true representation of the security controls in place?


The Cloud Security Part 1: For Dummies
Ofir Nachmani - Founder and Auther at I Am OnDemand.com

From an attacker’s perspective, cloud providers aggregate access to many victims’ data into a single point of entry. As the cloud environments become more and more popular, they will increasingly become the focus of attacks. Some organizations think that liability can be outsourced, but no, and I hope that we all understand it cannot. The contract with your cloud vendors basically means nothing, the ISVs or should I say the SaaS providers still holds the responsibility, so rather than focusing on contracts and limiting liability in cloud services deals, you should focus on controls and auditability.


The Cloud Security Part 2: Market Perceptions, Vendors and More
Ofir Nachmani - Founder and Auther at I Am OnDemand.com

From an attacker’s perspective, cloud providers aggregate access to many victims’ data into a single point of entry. As the cloud environments become more and more popular, they will increasingly become the focus of attacks. Some organizations think that liability can be outsourced, but no, and I hope that we all understand it cannot. The contract with your cloud vendors basically means nothing, the ISVs or should I say the SaaS providers still holds the responsibility, so rather than focusing on contracts and limiting liability in cloud services deals, you should focus on controls and auditability.


Intel Cloud Builders Guide to Cloud Design and Deployment on Intel Platforms
Company Profile: CloudSwitch, Inc

Cloud on-boarding with CloudSwitch. For enterprise IT organizations who are looking to securely utilize public clouds and existing data center infrastructure, the decision to use a cloud for the delivery of IT services is best done by starting with the knowledge and experience gained from previous work. This reference architecture outlines how to extend the data center into the cloud using CloudSwitch software with Intel Xeon processor 5600 series servers. This paper, which includes detailed scripts and screen shots, should significantly reduce the learning curve for building and operating your first cloud computing infrastructure.


Who’s Protecting Your Data in the Cloud? All Eyes are on You
Paula Klein - Editor and Community Manager at Smart Enterprise Exchange

A recap of our recent videocast about cloud security. Panelists discussed the issue from both the customer and the service provider perspective. Many questions were raised about who is responsible for cloud security and how useful Service Level Agreements (SLAs) are in contract negotiations.


A Cloud Security Bill of Rights
Company Profile: CloudSwitch, Inc

Cloud Security remains a top concern for enterprise cloud deployments. Unresolved policy and control issues make it difficult to meet the requirements of corporate security and networking teams. As a result, we frequently hear from our customers that they assume they can only put the lowest-risk data and applications into the cloud – or that their cloud projects are on hold till the security issues get resolved. This is a major limitation for cloud adoption, often creating a false belief that the cloud only works for apps “that don’t matter,” or for companies who are willing to take risks.


5 Overlooked Threats to Cloud Computing
Jeff Vance - Journalist at Sandstorm Media

A lack of understanding about security risks is one of the key factors holding back cloud computing. Report after report after report harps on security as the main speed bump slowing the pace of cloud adoption. But what tends to be overlooked, even by cloud advocates, is that overall security threats are changing as organizations move from physical environments to virtual ones and on to cloud-based ones. Viruses, malware and phishing are still concerns, but issues like virtual-machine-launched attacks, multi-tenancy risks and hypervisor vulnerabilities will challenge even the most up-to-date security administrator. Here are 5 overlooked threats that could put your cloud computing efforts at risk.


Is Cloud Security’s New Mantra, 'No Worries'?
Paula Klein - Editor and Community Manager at Smart Enterprise Exchange

Based on several new reports, as well as conversations I’ve had with CIOs recently, the cloud is either a “haven for cybercriminals” as one news service claimed, or cloud security is no different from other networking platforms and fears are overblown. Two extremely opposite views, I’d say. So which is accurate?


Domain 10: Guidance for Application Security V2.1 PDF
Alex Meisel - CTO at Art of Defence GmbH
Company Profile: Cloud Security Alliance (CSA)

Picking up from the latest Cloud Security Alliance papers, Domain 10: Guidance for Application Security V2.1 explores some of the challenges that organizations have encountered with application security for cloud computing. Domain 10 provides an upfront analysis, covering the traditional aspects of managing information confidentiality, integrity and availability, as it is central to documenting the classification of data handled by the application and will influence many of the design decisions. It also elaborates on situations for existing applications that are migrated to the cloud, as it can serve as an opportunity to address outstanding fundamental problems that have been overlooked or underrepresented during their development.


Cloud Infrastructure Providers, SSH Host Keys, and You
John Kinsella - Founder at Protected Industries

IaaS cloud environments sometimes create VM instances too similar to each other. Case in point - watch out for shared SSH Keys! If another customer has the same keys as you, the security of your "secure" SSH sessions with be significantly reduced...


Contributions Results for Buyers: Cloud Security

Showing 1 - 20 of 69 Next > Last >>

Security and Cloud Computing: Can They Really Coexist?
Paula Klein - Editor and Community Manager at Smart Enterprise Exchange
Timothy Chou - Strategic Advisor at Cloudbook.net

Experts and IT executives discussed how businesses can truly achieve a level of security that will satisfy the skeptics in the organization and also protect sensitive corporate, customer, and business partner data in a distributed environment. View the panel discussion with Timothy Chou, Arnold Felberbaum, Chief IT Security and Compliance Officer at Reed Elsevier, Joseph A. Puglisi, former V.P. and CIO, EMCOR Group; Kurt Rao, Corporate VP, Information Technology Services, Time Warner; Oswin Deally, Senior Director, Enterprise Security Operations, Liberty Mutual; Gijo Mathew, VP, Security Product Marketing, CA Technologies, and Elizabeth Butwin Mann, CISO, Mycroft.


Cloud Computing Security Risks; Private and Public Clouds
Drew Bartkiewicz - CEO of CloudInsure at CyberRiskPartners, LLC

Cloud computing security issues are at the top of every cloud user's mind. Network professionals need to understand the scope of cloud computing security risks, and how threats should be handled. In this video, senior site editor Rivka Little sits down with Drew Bartkiewicz, CEO of CyberRiskPartners. Bartkiewicz discusses the most prevalent security risks when it comes to public and private clouds, such as how other cloud users are compromised when it comes to public clouds. Bartkiewicz also addresses how cloud providers are addressing these cloud security issues in a public model vs. private model, compiling threat profiles based on the size of the cloud infrastructure


Run Your Core Business in the Cloud: Security
Zach Nelson - President & CEO at NetSuite Inc
Company Profile: NetSuite Inc

NetSuite CEO Zach Nelson discusses security concerns regarding running core business functions in the cloud.


Cloud Security Deep Dive
Subra Kumaraswamy - Security at Independent

In this webcast, the three coauthors of "Cloud Security and Privacy" take a deep dive into cloud security issues and focus on three specific aspects: 1 data security: 2 identity management in the cloud, and; 3 governance in the cloud (in the context of managing a cloud service provider with respect to security obligations).


Cloud Security and Privacy
Subra Kumaraswamy - Security at Independent

This webcast discusses current issues in cloud computing with regards to security and privacy. The presenters are the three coauthors of a recent published book, "Cloud Security and Privacy." In this webcast, they discuss cloud issues with infrastructure and data security, identity management, security management, privacy considerations, audit and compliance, Security-as-a-Service (cloud-based security solutions), and the impact of cloud computing on traditional IT.


The Director of the National Business Center on Cloud Computing
Company Profile: Department of the Interior National Business Center (NBC)

The Director of the National Business Center, Doug Bourgeois, discusses the service level benefits of Cloud Computing, security in the cloud, and governance and readiness.


Cloud Security & Privacy
Subra Kumaraswamy - Security at Independent

In this webcast, the authors of "Cloud Security and Privacy" discuss cloud computing's SPI delivery model, and its impact on various aspects of enterprise information security (eg, infrastructure, data, identity and access management, security management), privacy, and compliance. Security-as-a-Service and the impacts of cloud computing on corporate IT is also discussed.


Analyst Take: Infrastructure Protection
John Pescatore - Security & Privacy Expert at Gartner, Inc

VP and Distinguished Analyst at Gartner, John Pescatore, discusses ways to validate your Infrastructure Protection Strategies.


Security in the Cloud
John Engates - CTO at Rackspace Hosting, Inc

Security in the Cloud


Cloud Computing: Governance 2.0
Michelle Dennedy - VP, Security & Privacy Solutions at Oracle Corp

A panel discussion from CloudSlam 09 that addresses the difficult Governance questions as they relate to Cloud Computing. How does Cloud Computing impact information security? Do current contract models break with Cloud Computing? Where is the data and does it matter? Learn what you can do to drive Governance change in the Cloud. Panelists Include: Nick Abrahams, Partner at Deacons Law Firm, Malcom Crompton, Managing Director, Information Integrity Solutions & former Privacy Commissioner, Australian Federal Government, Peggy Eisenhauer, Founder at Privacy & Information Management Services, Michelle Dennedy, Chief Governance Officer, Cloud Computing at Sun


Contributions Results for Buyers: Cloud Security

Showing 1 - 10 of 11 Next > Last >>

Data Privacy and Compliance in the Cloud Preview PDF
Gerry Grealish - Vice President, Marketing & Products at PerspecSys

An in-depth report on how cloud data encryption and tokenization satisfy industry mandates and legal regulations associated with protecting sensitive data in cloud SaaS applications. Read More: http://www.perspecsys.com/resources/resource-center/knowledge-series/data-privacy-compliance-in-the-cloud/


Critical Questions To Ask Cloud Protection Gateway Providers Preview PDF
Gerry Grealish - Vice President, Marketing & Products at PerspecSys

Security and IT professionals need to focus on critically analyzing vendors’ marketing and solution claims to ensure the technologies offered truly deliver the data privacy, security, and compliance results needed by their organizations. This paper, from cloud security provider, PerspecSys, helps guide the analysis. Read More: http://www.perspecsys.com/resources/resource-center/knowledge-series/critical-questions-to-ask-cloud-protection-gateway-providers/


Federated Identity Management in Cloud Computing
Mitesh Soni - Senior Software Engineer at iGATE Patni

“Identity” consists of a “set” of information based on context, allied with a definite entity (End User or System). Identity Management should include: Identity Provisioning, De-Provisioning, Identity Information Security, Identity Linking, Identity Mapping, Identity Federation, Identity Attributes Federation, Single Sign On, Authentication and Authorization. With the adoption of cloud services, the organization’s trust boundary has become dynamic. It has moved beyond the control of IT. Identity & Access Management is a critical requirement considering data sensitivity and privacy of information have become increasingly an area of concern in cloud.


Tokenization for Cloud Data Protection
Gerry Grealish - Vice President, Marketing & Products at PerspecSys

This paper offers a high-level overview of tokenization as a data protection and obfuscation technique in the cloud. It also discusses the PCI Data Security Council’s tokenization standards.


Intel Cloud Builders Guide to Cloud Design and Deployment on Intel Platforms
Company Profile: CloudSwitch, Inc

Cloud on-boarding with CloudSwitch. For enterprise IT organizations who are looking to securely utilize public clouds and existing data center infrastructure, the decision to use a cloud for the delivery of IT services is best done by starting with the knowledge and experience gained from previous work. This reference architecture outlines how to extend the data center into the cloud using CloudSwitch software with Intel Xeon processor 5600 series servers. This paper, which includes detailed scripts and screen shots, should significantly reduce the learning curve for building and operating your first cloud computing infrastructure.


Domain 10: Guidance for Application Security V2.1 PDF
Alex Meisel - CTO at Art of Defence GmbH
Company Profile: Cloud Security Alliance (CSA)

Picking up from the latest Cloud Security Alliance papers, Domain 10: Guidance for Application Security V2.1 explores some of the challenges that organizations have encountered with application security for cloud computing. Domain 10 provides an upfront analysis, covering the traditional aspects of managing information confidentiality, integrity and availability, as it is central to documenting the classification of data handled by the application and will influence many of the design decisions. It also elaborates on situations for existing applications that are migrated to the cloud, as it can serve as an opportunity to address outstanding fundamental problems that have been overlooked or underrepresented during their development.


Top Threats to Cloud Computing PDF
Company Profile: Cloud Security Alliance (CSA)

The purpose of this document is to provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. In essence, this threat research document should be seen as a companion to "Security Guidance for Critical Areas in Cloud Computing". As the first deliverable in the CSA's Cloud Threat Initiative, this document will be updated regularly to reflect expert consensus on the probable threats which customers should be concerned about.


Security Guidance for Critical Areas of Focus in Cloud Computing v2 PDF
Alex Meisel - CTO at Art of Defence GmbH
Company Profile: Cloud Security Alliance (CSA)

The Cloud Security Alliance's initial report, outlining areas of concern and guidance for organizations adopting cloud computing. The intention is to provide security practitioners with a comprehensive roadmap for being proactive in developing positive and secure relationships with cloud providers. Much of this guidance is also quite relevant to the cloud provider to improve the quality and security of their service offerings. As with any initial foray, there will certainly be guidance that we could improve upon. We will quite likely modify the number of domains and change the focus of some areas of concern. We seek your help to improve this guidance to make version 2.0 of this document an even better asset to the security practitioner and cloud provider. We will be kicking off numerous online activities and in-person regional events to share our findings and connect with experts to increase our knowledge base.


Defining a dWAF to Secure Cloud Applications PDF
Alex Meisel - CTO at Art of Defence GmbH

Cloud computing was not designed for security, although organizations such as Cloud Security Alliance (CSA) and Open Web Application Security Project (OWASP) are taking great strides in helping the industry solve the myriad of security problems confronting cloud computing. The benchmark guidelines established by the CSA in their document, Guidance for Critical Areas of Focus in Cloud Computing, is a great first step. This paper is intended to pick up where the CSA guide left off in terms of defining what a distributed web application firewall (dWAF) should look like in order to meet the standards set within the CSA document. It also includes recommendations and practical use-cases.


Teleworking in the Cloud: Security Risks and Remedies
John Pescatore - Security & Privacy Expert at Gartner, Inc

Companies have many cloud computing choices to make when office applications and servers disappear from the IT department. If security is not built in, incidental costs will outweigh any cost savings.


Cool Vendors in Infrastructure Protection, 2009
John Pescatore - Security & Privacy Expert at Gartner, Inc

Chief Information Security Officers and other security decision makers should be prepared to consider inovative, new infrastructure protection vendors. They won't necessarily be appropriate for every enterprise, but their offerings and business models point to new directions in their market spaces.


Cool Vendors in Software-as-a-Service Security, 2009
John Pescatore - Security & Privacy Expert at Gartner, Inc

Gartner's first set of cool vendors in software-as-a-service security addresses the growing demand for agile, responsive, cost effective solutions with highly innovative offerings. Use this research when evaluating technology trends and future needs.


The case for compliance as a cloud service
By: David Linthicum
IT must deal with an increasing number of regulations, many of which come with stiff legal and financial penalties for noncompliance. As cloud computing comes on the scene, it's no wonder that many in IT push back on its use, which in many instances forces you to give up direct control of systems that have to be maintained with these regulations in mind. As one client put it, "Why would I let somebody who does not work here get me arrested?"
read the full article >>
Research: Half of Cloud Clients to Change Privacy Policy by Q4 2012
By: Scott M. Fulton
Research firm Gartner's release earlier this week of an update to its venerated "Hype Cycle" cast a long shadow that hid a startling prediction: At least half of all organizations that host data on behalf of clients will change, or be forced to change, their privacy policies by the end of next year.
read the full article >>
Cloud security fears outweigh savings, but perhaps not for long
By: William Jackson
Security concerns about cloud computing outweigh the potential cost savings by a 2-1 margin in a recent survey of government and industry IT professionals, but economic pressures are slowly driving a move to the cloud. Only 32 percent of those questioned in the study conducted by automated compliance auditing company nCircle said that cost savings outweigh security issues, but that is an increase of 6 percent from last year. Thirty-five percent said they are already are doing some cloud computing, up from 24 percent last year, and another third are considering the move.
read the full article >>
Infosec: Cloud computing ‘explodes’ the security perimeter
By: Anh Nguyen
Cloud computing makes the argument for protecting data, rather than the perimeter, stronger, according to encryption solutions provider SafeNet.
read the full article >>
Belt, braces and external security standards
By: Lucy Sherriff
If you are about to hand the day to day running of your company’s technology and handling of data to a third party, you had better be sure they know what they are doing, and that what they are doing matches your requirements. The business case for adopting cloud computing is already clear for many: it can save a lot of money, and give companies access to technologies that are otherwise be beyond their means. But for IT professionals, shifting technology and data offsite brings new challenges, especially to the smaller businesses for whom cloud computing is so useful.
read the full article >>
Cloud is Secure Enough for the Pentagon. Why Not You?
By: Rik Fairlie
This article is commissioned by Microsoft Corp. The views expressed are the author’s own. I don’t typically read the Army Times, but a few days ago I ended up there while searching for info on the U.S. federal government’s adoption of cloud computing.
read the full article >>
Help - my desktop in the cloud has evaporated!
By: David Cartwright
If everything is in the cloud, desktop and apps, then what does support do for a living and what are the new set of challenges this presents? On the face of it, cloud computing solves a lot of problems. Centralised computing, ease of management and update, a managed service approach that reduces the need for in-house expertise … the list of advantages goes on and on.
read the full article >>
The importance of cloud computing in mobile security
By: Dr. Lin Yu
In less than a decade, the global mobile Internet has emerged as a phenomenon that directly impacts the lives of 1 out of every 8 persons living on the planet. As businesses of all types scramble to prepare for the unstoppable wave of mobile commerce unleashed by this socio-economic revolution, the need for strengthening mobile security has never been greater.
read the full article >>
Is Your Data Safe In The Cloud?
By: Jesse Lipson
Not many technology concepts have made their way into the popular lexicon as quickly as the “cloud.” Before mid-2007, references to clouds were pretty much confined to discussions about meteorology, and only tech geeks drew pictures of clouds on white boards to symbolize the Internet.
read the full article >>
Hybrid cloud computing security: Real life tales
By: Bob Violino
For all the talk about public clouds versus private clouds, many organizations will likely end up with a mixed IT environment that includes both types of cloud as well as non-cloud systems and applications--at least for a next several years. Security remains a concern for many CIOs, but if the business case supports it, companies are going to move all but the most sensitive and high-risk data to the cloud. Those executives that have started weaving together cloud and non-cloud environments say they've taken steps to ensure that security is an early consideration, have included security provisions in service-level agreements (SLAs) and contracts, and have worked to maintain compliance and secure integration.
read the full article >>
Security Departments Not Prepared For New Technologies
By: Joan Goodchild
Rapid adoption of mobile technology, social media and cloud computing in the workplace is creating a security problem for IT departments worldwide as they struggle to keep pace with demands, according to a survey released this week by security certification firm (ISC)2.
read the full article >>
RSA Conference: Security Issues from the Cloud to Advanced Persistent Threats
By: Brian Prince
The 20th annual RSA Conference in San Francisco came to a close Feb. 18, ending a week of product announcements, keynotes and educational sessions that produced their share of news. This year's hot topics: cloud computing and cyber-war.
read the full article >>
RSA conference looks at online vulnerability
By: James Temple
The hottest trends in technology also represent some of the gravest threats to corporate data security. Mobile devices, social networking and cloud computing are opening up new avenues for both cyber criminals and competitors to access critical business information, according to speakers at this week's RSA Conference 2011 at San Francisco's Moscone Center and a survey set for release this morning.
read the full article >>
NIST Tackles Security Concerns on the Cloud
By: Peter Alpern
By almost any measure, cloud computing is a marketing triumph. Software as a service off the Internet "cloud" was once initially merely a promise of the future. Today in the infinite present, it's the ceaseless rage. But, more than other industries, questions abound as to whether the cloud has a fit in the industrial world. Many large-scale manufacturers are intrigued by the concept of using virtualized servers within the plant, yet use is still in its infancy. Even more unclear are questions concerning security. On this front, the National Institute of Standards and Technology hopes to bring more clarity. Recently, the technology organization set out to definitively lay out clear security requirements for web-based computing applications and services.
read the full article >>
Virtualization can be key to cloud security, RSA chief says
By: Jaikumar Vijayan
SAN FRANCISCO -- Virtualization technologies can help enable better security and control in cloud computing environments, RSA chief Art Coviello said today. In a keynote address at the RSA Security Conference here, Coviello struck an optimistic tone on cloud security issues. While he acknowledged some of the concerns enterprises might have about moving data and applications to the cloud, he said that approaches to addressing any issues are closer than many think.
read the full article >>
RSA Conference study to reveal cloud frustration
By: Angela Moscaritolo
Security practitioners are working to safeguard cloud computing environments but believe they need more education and training, according to a soon-to-be released study conducted by analyst firm Frost & Sullivan. The “2011 Global Information Security Workforce Study,” set to be released next week at the annual RSA Conference in San Francisco, polled more than 10,000 security pros from 100 countries about the state of the industry, Rob Ayoub, global program director at Frost & Sullivan, said Wednesday during a pre-show analyst conference call.
read the full article >>
Advice for dealing with the top 10 risks in public cloud computing
By: Laura Smith
Public cloud computing risks are numerous enough to field a top 10 -- or even more. Professional organizations and CIOs are developing threat lists to help them come to grips with the public cloud, an entity that will continue to seep into the enterprise IT environment whether they like it or not. Some lists of top public cloud computing risks are sweeping and philosophical, such as the Top Threats to Cloud Computing, v.1.0, developed by the Cloud Security Alliance. Most include some combination of the following items ...
read the full article >>
How to Effectively Manage Storage and Protect Data in the Cloud
By: Stephen Wojtowecz
Organizations of all sizes have to deal with an economic reality when it comes to cloud computing: cloud computing requires storage. These budgets continue to remain relatively flat even as demand for cloud storage capacity grows at a rate of nearly 60 percent per year. Here, Knowledge Center contributor Stephen Wojtowecz explains how organizations can effectively manage and protect the data stored in cloud environments.
read the full article >>
Startup firm launches new cloud computing offering
By: Staff
Okta’s product expected to speed up web-based applications Enterprise cloud computing startup Okta has unveiled a new on-demand identity and access management offering that it said helps businesses speed up the adoption of their cloud and web-based applications. The new offering will provide centrally secure and control access to applications while providing end users with a single sign-on for all of their web apps, Okta said. Enterprises everywhere are realising the benefits of running their core IT services in the cloud, said Todd CEO Todd McKinnon.
read the full article >>
CloudPassage Launches Itself, New Cloud VM Security Package
By: Chris Preimesberger
MENLO PARK, Calif. -- Whenever a survey, whitepaper or other industry research comes out evaluating cloud computing, most of the attributes of this trend-setting style of IT receive a ton of praise. However, if there is a hesitation on a potential customer's part about investing capital into such a system, the No. 1 point of contention is invariable: security. If it's outside your firewall, logic says, it's out of your control. God knows what can happen to precious business data in the care of someone else who doesn't care about it as much as you have to. Now there is something new to be considered. If a new startup, CloudPassage, is to be believed—and it indeed states a strong case—those security issues may soon be history.
read the full article >>
Contributions Results for Buyers: Cloud Security

Showing 1 - 20 of 27 Next > Last >>