Cloud Security

How Secure is Cloud Computing?

Thu, 03 Dec 2009 17:15:00 EST

Diffie makes a good point: taken as a whole, the benefits of commodity air travel are so high that it allows us to ignore the not insignificant negatives (I gripe as much as anyone when I travel, but this doesn’t stop me from using the service). In the long term, will the convenience of cloud simply overwhelm the security issues? The history of computing, of course, is a history full of such compromise. Right now we are in the early days of cloud computing, where all of us in the security community are sniping at the shortcomings of the technology, the process, the legal and regulatory issues, and anything else that appears suspect. But truthfully, this is the ultimate low hanging fruit. Identifying problems with the cloud is effortless; offering real solutions is considerably harder.

Are You Ready for Black Friday and Cyber Monday?

Thu, 26 Nov 2009 07:00:00 EST

Holidays are fast approaching which means spending time with your family and loved ones, time off work for most of us and, of course, overspending on gifts and merchandise. The notorious Black Friday is usually perceived by analysts as being the main major marketing event that launches the Holidays' spending frenzy. It is soon followed by Cyber Monday, which sort of launches the same wave of spending though in the online space. This is a great time for retailers, etailers and affiliate programs.

Or is it? Are you prepared for Cyber Monday's frenzy?

1. Increase your marketing budget. Now is a good time to get a pay-per-click campaign going. Never had one of those before? Well SearchEngineLand has you covered - check out their collection of articles on PPC campaigns to get you started.

2. Revise your keywords. Buying keyword campaign could prove highly beneficial for your business, but first you need to make sure they're on target and representative of your business and service offering. Indeed, a well performing set of keywords could highly improve the amount of traffic directed to your site by search engines. SEOmoz's beginner's guide to conducting keyword research will get you there fast.

3. Organize a targeted marketing campaign with coupon codes. Indeed, coupon campaigns are proving to be efficient while also raising your link equity. Business.com has an interesting article on the efficiency of coupon strategies. This campaign can even be carried on Twitter and other social networks through sites like Coupontweet.

4. Put people in a festive mood. Have you ever noticed how inhaling the smell of warm bread at the grocery store makes you want to immediately bite into a baguette? Well adjusting your site's design to reflect seasonal moods could help increase sales. Brick and mortar stores have been doing it for decades, and so has Google.

Are you and your business ready for the start of the Holiday season? Any other tips you'd like to share with us?

Secure Enterprise Clouds

Sat, 07 Nov 2009 18:00:00 EST

There is so much waste in the data centers of Fortune 1000 companies today that a CIO – as an officer of the company – could be considered in breach of their fiduciary duty to stockholders given the dollars in question. Of course that requires costs transparency, so sadly most are safe for now. It seems that every new technology innovation brings the promise of greater efficiencies and cost savings but in reality tends to leave a mess of ‘legacy’ infrastructure on the floor that results in a net higher TCO than the CIO had in the first place. So what does this have to do with Cloud Computing? While there is no shortage of companies trying to ply their wares as the ideal enabler for Cloud, I am surprised by the lack of attention from vendors that have the most to gain – the Cloud providers themselves. If I put on my CIO shoes here are the things I care about:

Best Practices in the Cloud

Wed, 04 Nov 2009 13:45:00 EST

Authors of the RSA Security Brief include many of the industry's foremost security and virtualization experts from EMC and VMware, including Bret Hartman, Chief Technology Officer of EMC's RSA security division, Dr. Stephen Herrod, Chief Technology Officer and Senior Vice President of R&D for VMware and other senior EMC technologists. In the new Brief, the authors collectively contend that cloud security has vast potential to surpass the levels of information security that are possible today. In the cloud, security protocols can be built into the virtualization layer, not just imposed at the application level where they are typically enforced. By embedding security policies deeper in the technology stack and diffusing them throughout the virtual infrastructure of the cloud, enterprises can establish stronger, smarter security to protect their users and their data.

The Top 150 Players in Cloud Computing

Thu, 29 Oct 2009 23:45:00 EDT

A robust ecosystem of solutions providers is emerging around cloud computing.Here, SYS-CON's Cloud Computing Journal expands its popular list of most active players in the fast-emerging Cloud Ecosystem, from the 'mere' 100 we identified back in January of this year, to half as many again - testimony, if any further were needed, to the fierce and continuing growth of the "Elastic IT" paradigm throughout the world of enterprise computing.

Cloud Analytics: Dataflow versus Databases

Thu, 29 Oct 2009 16:34:00 EDT

As the need for realtime analytics grows we will continue to see a migration away from databases and towards more scalable parallel dataflow architectures for analytics. For twenty years, analytics has been viewed as just one specific area within the broader relational database industry. So, analytics has meant databases. Today that view is changing. Over the past year or so, a new movement, the "NoSQL" movement has emerged promoting the advantages of doing a variety of kinds of analytics without using any relational database technologies at all.

Cisco Buys Cloud-Based Security Company

Tue, 27 Oct 2009 15:45:00 EDT

Cisco’s appetite needed feeding again so it’s buying ScanSafe Inc, the 10-year-old software-as-a-service (SaaS) web security house, for $183 million in cash and retention-based incentives. It’s already got on-premise content security provider IronPort and is supposed to bring together IronPort’s high-performance web security appliance and ScanSafe’s widgetry, which blocks malware and secures the use of the web and messaging.

Unisys To Unveil Secure Cloud Computing Solutions at 4th Cloud Expo

Mon, 19 Oct 2009 02:30:00 EDT

To address their unique business challenges, today’s enterprises - in the view of Unisys - need tailored, hybrid cloud technologies that deliver the best of managed and dedicated services by combining public and private cloud services. Unisys VP Sam Gross will be presenting at the 4th International Cloud Computing Conference & Expo a General Session in the keynote room on November 3rd, 2009, that will unveil "A New Generation of Secure Cloud Computing Solutions" - and show how Unisys cloud computing strategy and solutions enable the enterprise to choose the services that best meet its objectives – from self-managed, automated IT infrastructures to Unisys-managed cloud services.

Cloud Computing Journal "Readers' Choice Awards" Voting Is Now Open

Wed, 14 Oct 2009 11:15:00 EDT

SYS-CON's Cloud Computing Journal announced today that the voting in its first annual Cloud Computing Readers' Choice Awards is now open. Voting will end October 23, 2009, and winners will be announced the week of November 2-4, 2009. To vote for your favorite Cloud products and services today, don't put it off, voting takes just a few seconds.

Authentication Providers Broaden Options for Customers

Thu, 08 Oct 2009 15:15:00 EDT

RSA, The Security Division of EMC and VeriSign, Inc., the trusted provider of Internet infrastructure services for the networked world, are working together to provide organizations with the mutual benefit of an expanded VeriSign Identity Protection (VIP) Authentication Service through the availability of RSA SecurID two-factor authentication technology for more choice in one-time password (OTP) authentication. VIP is a managed, shared authentication solution that provides its users with a single one-time password (OTP) authentication device to securely access multiple Web sites.

Are You Comfortable with Where Your Data Sleeps at Night?

Thu, 08 Oct 2009 06:30:00 EDT

How can you manage the cloud so you – and your data – sleep safe and secure? In a Live Webcast and Interview from Times Square today October 8, Sam Gross, vice president, Global Information Technology Outsourcing Solutions, Unisys Corporation, will answer these questions and more. SYS-CON.TV viewers will have the opportunity to interact directly with Gross, who will be in the SYS-CON.TV studio with Cloud Computing Expo conference chair Jeremy Geelan.

Partnership to Eliminate Passwords in the Cloud

Tue, 06 Oct 2009 13:15:00 EDT

Through this partnership, Astadia will help its clients resolve SaaS Single Sign-On and other Internet Identity Security related issues. “Improving cloud application performance and value requires administrators to address process, directory, technology, and security issues,” said Mike Lingo, Chief Technology Officer and Senior Vice President of Astadia. “Ping Identity’s SSO solutions for SaaS will help our clients improve user adoption, reduce administrative costs and accelerate longer term SaaS strategies.”

Exclusive Q&A with Rich Marcello - Unisys President, Systems & Technology

Sun, 04 Oct 2009 10:15:00 EDT

In this Exclusive Q&A with Cloud Computing Journal in the run-up to SYS-CON's 4th International Cloud Computing Conference & Expo (November 2-4, 2009) - Cloud Expo Conference Chair Jeremy Geelan speaks with Rich Marcello - Unisys President, Systems & Technology - about the Unisys Secure Cloud and sets the scene for the upcoming Unisys Cloud-in-a-box.

Are You Comfortable With Where Your Data Sleeps at Night?

Tue, 29 Sep 2009 14:45:00 EDT

Why is cloud computing relevant today from an economic, business and technology standpoint? What are some potential benefits – and pitfalls – of moving to the cloud? What should you look for in a cloud computing provider to ensure the security of your data and applications? And above all how can you manage the cloud so you – and your data – sleep safe and secure? In an October 8 Live Webcast and Interview from Times Square, Sam Gross, vice president, Global Information Technology Outsourcing Solutions, Unisys Corporation, will answer these questions and more.

Deputy CIO of the CIA to Keynote 1st Annual GovIT Expo

Mon, 28 Sep 2009 08:00:00 EDT

SYS-CON Events announces that Jill Tummler Singer, Deputy Chief Information Officer at the Central Intelligence Agency (CIA), will be delivering the opening keynote at the 1st Annual Government Conference & Expo (www.GovITExpo.com) on October 6th in Washington DC. Ms Singer was appointed in November 2006 and is responsible for ensuring CIA has the information, technology, and infrastructure necessary to effectively execute its missions. Prior to her appointment as Deputy CIO, Ms. Singer served as the Director of the Diplomatic Telecommunications Service (DTS), United States Department of State, and was responsible for global network services to US foreign missions.

Altor Networks to Exhibit and Speak at 4th Cloud Computing Expo

Mon, 28 Sep 2009 07:15:00 EDT

SYS-CON Events announced today that Altor Networks, a leading innovator and provider of virtual and cloud security will exhibit and present at SYS-CON's 4th International Cloud Computing Conference & Expo, which will take place on November 2 - 4, 2009, Santa Clara Convention Center, in Santa Clara, California. Altor will deliver the session “Revolutionizing Security in Virtual Data Center” which will be held at 2:20 pm on Wednesday, November 4.

Immutable Service Containers on Amazon EC2

Mon, 21 Sep 2009 07:00:00 EDT

Back in June, we released the very first security hardened virtual machine images for the Amazon Web Services Elastic Compute Cloud (EC2) environment. These original images were based upon the OpenSolaris 2008.11 release and were configured in accordance with the guidelines published by Sun the Center for Internet Security. Since its initial release, we have provided an update to offer this image in the European Region. In August, we took another step forward with the release of a security-enhanced image based upon the OpenSolaris 2009.06 release.

Cloud Computing Security: WhiteHat CTO to Speak at 4th Cloud Expo

Sat, 19 Sep 2009 10:30:00 EDT

With a breakout session that will have special emphasis on separating historical trends from the current state of cloud security, the CEO of WhiteHat Security, world-renowned Web security expert Jeremiah Grossman, is one of the many leading CEOs, CTOs and Senior VPs who will be speaking at SYS-CON's 4th International Cloud Computing Conference & Expo, being held November 2-4, 2009, at the Santa Clara Convention Center in Santa Clara, CA. Grossman's session will draw from the latest WhiteHat Security Website Security Statistics Report - information pulled from more than 1,000 real-world websites - to introduce the most prevalent software flaws putting data at risk in the cloud.

How to Secure Amazon Elastic Cloud

Fri, 18 Sep 2009 07:00:00 EDT

In this post I will walk you through the high level of securing a normal tiered application running on EC2. First I will cover the basics of what EC2 provides and then briefly discuss how this can be used in a real life scenario. For Network security EC2 provides a security groups, security groups are essentially inbound firewalls suited to the dynamic nature of EC2. Using security groups you can specify which incoming network traffic should be delivered to your instance.

Cloud Expo Power Panel on SYS-CON.TV

Thu, 17 Sep 2009 23:30:00 EDT

At its signature "International Cloud Computing Conference & Expo" event, held three times a year, SYS-CON Events prides itself on inviting knowledgeable and articulate industry executives to participate in its Power Panels - simulcast at every show direct from the keynote hall. In this wide-ranging Cloud Computing Power Panel at the 2nd International Cloud Computing Conference & Expo in New York, moderated by Conference Chair Jeremy Geelan, the participants are (left to right): Bert Amijo (3Tera), Ed Beauvais (EMC), Thorsten von Eicken (RightScale), John Engates (Rackspace), Daniel Beveridge (VIRTERA), Dr Kristof Kloeckner (IBM) and Owen Garrett (Zeus Technology).

The Threat Behind the Firewall

Sat, 12 Sep 2009 18:30:00 EDT

I had a different name for this blog entry but just ‘Jump Drive’ is an awful blog title. They go by many names; jump drive, USB drive, flash drive, memory stick and a few others, but removable media is a serious threat to IT organizations. Graduating from floppy disks, as early as 2003 articles were warning against the possible threats introduced with these devices – 256Mb for $160 back then – and yet we still see some sort of incident reported almost once a week! From consultants, to government employees, to Mortgage lenders, to the International Space Station, what used to be a giveaway staple at trade shows, these tiny less-than-two-inch drives can hit and hurt you in a multitude of ways.

Security Enhanced OpenSolaris Drupal Stack on EC2

Thu, 03 Sep 2009 12:15:00 EDT

Over the last few months, I have had a number of postings that have talked about security enhanced virtual machine images that we have made available on Amazon Web Services. The goal behind this work was to look at how we could improve baseline security in both virtualized and Cloud Computing computing environments by pre-integrating industry accepted recommended security settings. Organizations leveraging our work would have fewer security steps to undertake as our images were configured to be compliant with the recommendations published by the Center for Internet Security as part of their Solaris Benchmark (adapted for OpenSolaris).

Security and the Cloud

Mon, 31 Aug 2009 08:45:00 EDT

I was talking with Avanade’s Senior Director for Enterprise Security, Ace Swerling, earlier today. The conversation touched on a wide range of security and identity management issues that I’ll probably return to, but one of Ace’s comments brought my attention back to an issue that has been nagging at me for a while. As I’m sure we all know, security concerns often figure highly in discussions about moving Enterprise applications and data to the Cloud. Indeed, I spoke with other Avanade executives earlier this year to report on a survey they had commissioned that suggested just how significant these concerns can be for potential customers. I was talking with Avanade’s Senior Director for Enterprise Security, Ace Swerling, earlier today. The conversation touched on a wide range of security and identity management issues that I’ll probably return to, but one of Ace’s comments brought my attention back to an issue that has been nagging at me for a while. As [...]

Twitter Under Denial of Service Attack

Thu, 06 Aug 2009 13:30:00 EDT

Multiple sources are reporting that Twitter continues to be under a denial of service attack. Some are speculating that this represents the power of a coordinated bot network attack. For the government community it is also a demonstration of what a well organized adversary can do against a major website. Since Twitter is a cloud application on top of Amazon Web Services, my earlier thoughts explained in Cloud Computing: The Dawn of Maneuver Warfare in IT Security quickly come to mind.

Cloud Changes Cost of Attacks

Wed, 05 Aug 2009 06:37:00 EDT

One of the frustrations with information security is that it’s always difficult – if not impossible – to quantify risk. Without the ability to quantify risk, it’s often the case that solutions that would mitigate the risk are left unimplemented because there’s no way to prove that the risk would turn into a breach, downtime, or other revenue impacting incident. Take the recent PayPal outage. Estimates are that the hour of downtime for the payment processing king might have cost businesses in the area of $7.2 million dollars. But that’s assuming every customer affected by the outage abandoned their order with disgust and went elsewhere, which is unlikely. Because there is no way to determine with any surety the actual impact in dollars, we have to estimate based on what we do know, and that’s a $2000 per second transaction rate for PayPal that was effectively cut off for the better part of an hour.

The Journey to a Secure Cloud Continues

Wed, 29 Jul 2009 14:40:00 EDT

After you have all of the fundamental work completed like your strategy, your current and future IT requirements, and a high level business case created, you now have the means to define the next steps on your personal path to the secure cloud. So, what do you do next?

The next thing is to understand the best approach to the journey based on your specific business and IT priorities. These could be based on urgent problems such as limited growth capacity in the data center, low server utilization, energy limitations, physical space limitations, “end of life” of existing equipment, data center consolidation goals, or many other compelling events. We had all of these events occurring as we began our IT transformation and ultimately our approach to the secure cloud.

Do You Trust Google More Than You Trust Your Wife?

Tue, 21 Jul 2009 23:45:00 EDT

The latest Twitter controversy surrounding the blog, the hacker and the cloud vendor isn’t disturbing – just inevitable. By now anybody with an iota of interest in cloud computing will know what this story is about. Many people are probably damning Google for their ” lack of security.” But hang on here. Aren’t people being quite cavalier with their data? The other day I refused to give my own partner my PIN… but as I write, it’s happily stored somewhere as a draft on GMail. That really doesn’t make sense.

Security Cloud Assumptions

Fri, 17 Jul 2009 11:00:00 EDT

After pushing my latest post, Securing the Cloud: Shared Hardware and the Data Plane, Hoff posted a series of excellent questions and responses to the post via Twitter. I thought responding via another blog post, so that his questions could be addressed alongside my last post, was the way to go. I’ve trimmed some of [...]

Unisys & Cloud Computing: Anywhere, Anytime IT Needs Also To Be Secure

Wed, 15 Jul 2009 07:15:00 EDT

It is increasingly clear that the economy has forced enterprises to rethink their traditional cost models and minimize their capital expenditures in favor of pay-as-you-go models; accordingly cloud computing, in any of its forms (internal, external, hybrid) is here to stay.

A Federal CloudBursting & Cyber Defense Contingency Plan

Fri, 10 Jul 2009 11:30:00 EDT

Over the last week several US government websites have been repeatedly attacked by a foreign botnet. A lot of folks in the media are now saying this is may actually be cyber war. I would argue that this isn't anything new, just more publicized. But if this Internet attack on U.S. federal web sites is an actual assault by North Korea or some other foreign government, what are the legitimate responses available in America's arsenal -- either traditional or cyber? Sadly right now the answer is, not many.

The Journey to a Secure Cloud

Thu, 09 Jul 2009 14:32:00 EDT

Foundational activities undertaken by Unisys to to leverage a Real Time Infrastructure (RTI) on our way to the secure cloud. You can follow these same actions to create your “own” path to the secure cloud that fits your enterprise.

The Genesis of a Secure Cloud

Mon, 29 Jun 2009 17:50:00 EDT

The Unisys Secure Cloud Solutions are a set of cloud computing services, including Secure Platform, Infrastructure, Software and "My Application" as a Service, targeted at organizations looking to benefit from cloud computing but who don't have the internal expertise or weren't previously willing to take the risk.

Hosted Solutions Promises Trustworthy Cloud

Mon, 08 Jun 2009 23:30:00 EDT

Hosted Solutions, the eight-year-old infrastructure-as-a-service (IaaS) company acquired last year by ABRY Partners, the private equity house, for $144 million, is branching into the cloud business with an “over-architected” platform called the Stratus Trusted Cloud.

Security and Compliance in the Age of Clouds

Sun, 07 Jun 2009 05:30:00 EDT

What enterprises are looking for, regardless of in the cloud or on-premise, are control and transparency on their data, applications and identities. Enterprise customers always need to make sure they are compliant with whatever regulations/mandates they are responsible for.

Cloud Computing: The Mainframe Reincarnated

Tue, 16 Dec 2008 07:15:00 EST

I see this whole cloud computing movement as nothing more than a reincarnation of the classic mainframe client-server model. People want painless access to their data and applications from wherever they are, from whatever electronic gizmo they happen to be using.

Will Cloud Computing Lead to IT Chaos?

Fri, 12 Dec 2008 11:30:00 EST

In the last couple of weeks of 2008, IT departments and CIOs need to think carefully about the cloud and how it can be used within their organizations - ahead of the business units. Develop, distribute and educate staff on policies around Information Protection and data loss prevention. Put a process together to rapidly respond to requests for new services which live in the cloud.

Cloud Computing & Privacy: Would You Trust Amazon?

Tue, 28 Oct 2008 04:00:00 EDT

The Guardian recently posted an article quoting Richard Stallman on cloud computing. If a user wants to use network applications in freedom, they can do their own computing on their own computer with their copy of a freedom-respecting network-accessed program if their computer is a network server. Is this a good idea? Yes, I think so.

It's Time to Stop Fearing Change and Learn About Cloud Computing

Tue, 28 Oct 2008 03:45:00 EDT

When headlines like “RMS hates cloud computing; says you should too”, “Cloud Computing a Trap” or “Cloud computing puts your health data at risk” show up on the Internet, it looks like the same old FUD (Fear Uncertainty and Doubt) that have been the inevitable response from the security community or from people who do not accommodate change well.

Is Using the Cloud Information Security Suicide for Enterprises?

Mon, 13 Oct 2008 19:45:00 EDT

On the face of it, the apparent hacking of Sarah Palin’s Yahoo mail account may have hurt the cloud’s onward march into enterprise credibility. By using services in the cloud to hold corporate data, as opposed to within our corporate walls, the concern is we are automatically exposing the corporate to additional risk. And it is a concern we must take seriously. But this is far from the full story. Computer hacking is as old as computers, and social engineering as old as, well, people.

Cloud Computing: Securing the Cloud

Mon, 15 Sep 2008 08:35:00 EDT

I don't trust Amazon S3 with my personal data. It's not a question of trusting Amazon to abide by the terms of service - I do trust them as a company, but no company can be immune from a rogue employee or corporate espionage, and it is not easy to trust their security procedures unless you can audit them yourself at whim, which is a practical impossibility.