- Seven technology predictions for 2014
- Hacker-built drone can hunt, hijack other drones
- The week in security: Microsoft fights NSA as shadow IT bites business
- French Treasury accidentally signs SSL certificate for Google.com domains
- Information Commissioner received no eHealth privacy complaints in 2012-13
cloud computing in pictures
The Cloud Security Alliance (CSA) is putting forward an innovative encryption-based security architecture for software-defined networks and cloud environments that draws some of its inspiration from high-security networks used by the U.S. Department of Defense and intelligence agencies.
The problem with IT security professionals is they spend too much time stopping business people from trying new things, including cloud services, out of worries about risk when they should really be working directly with business managers to help them innovate by means of security.
Explosive revelations in the past six months about the U.S. government's massive cyber-spying activities have spooked individuals, rankled politicians and enraged privacy watchdogs, but top IT executives aren't panicking -- yet.
Distributed denial-of-service attacks against financial firms and other industries have been mounting, so today the Cloud Security Alliance (CSA) announced it is establishing the Anti-Bot Working Group to help fight this threat.
Microsoft today pushed back once again against the idea that it's giving the National Security Agency (NSA) carte blanche access to its cloud-based services, an allegation that's cropped up in media reports since the revelations from former NSA contractor Edward Snowden began last June.
The government's insistence, in its dispute with Lavabit, that cloud service providers hand over their encryption keys when asked, has refocused attention on the issue of key ownership and management in the cloud.
Going into 2014, a whirlwind of security start-ups are looking to have an impact on the enterprise world. Most of these new ventures are focused on securing data in the cloud and on mobile devices. Santa Clara, California-based Illumio, for example, founded earlier this year, is only hinting about what it will be doing in cloud security. But already it's the darling of Silicon Valley investors, pulling in over $42 million from backer Andreesen Horowitz, General Catalyst, Formation 8 and others.
As everyone knows, Cloud provider, Nirvanix, recently fell apart, declaring bankruptcy and leaving its customers in the lurch. Nirvanix gave enterprises less than a month to move their data to a new home. To avoid the fate of those customers, follow these best practices for safely moving data in and out of the Cloud.
And it was all going so well. As vendors began to build more comprehensive cloud-based product roadmaps, Middle Eastern users were beginning to see just how cloud services can streamline their businesses. According to a Gartner report from earlier in the year, cloud adoption was due to grow monumentally in the region up to 2016. This was largely due to issues surrounding security and compliance being ironed out.
Edward Snowden's revelations about the U.S. government's data collection program could cause U.S. providers of cloud-based services to lose 10% to 20% of the foreign market to overseas rivals.
Whitepapers about cloud computing
Gartner reports that Business Intelligence, Mobile Technologies and Cloud Computing rank 1-2-3 as the 2013 Global CIO Technology Priorities. These three trends, labelled the “Perfect Storm” of new technologies, are transforming every link in the IT value chain, promising to deliver more efficient, responsive and dynamic IT operations. But this also means massive shifts in the way IT applications and services are created, deployed and maintained. This whitepaper aims to help you begin the journey to efficient modern data management
Sign up now »
Create and deliver online assessments to identify business risks and track their mitigation and resolution.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.