background preloader

Cloud and security

Facebook Twitter

9 out of 10 cloud services 'put European businesses at risk' Cloud SaaS by Duncan MacRae| 10 April 2014 A new report points to a need for greater employee education about data protection and privacy.

9 out of 10 cloud services 'put European businesses at risk'

As many as 91% of cloud services in Europe do not offer enterprise-grade security, a new study has found. Skyhigh Networks, a cloud visibility and enablement company, released its first European 'Cloud Adoption and Risk Report' this week, to coincide with the company's expansion into the region. The report analysed usage data from more than one million users across more than 40 companies spanning the financial services, healthcare, high technology, manufacturing, media, and professional service industries to quantify the use of cloud services and the security risk that they pose to enterprises.

A key finding was that enterprises used an average of 588 cloud services. Much of the cloud adoption within European organisations occurs under the radar of the CIO or CISO - leading to a situation where shadow IT is widespread and uncontrolled. Share:

US (ITA) has issued a guidance document on businesses data

CSCC Practical Guide to Cloud Computing Webinar. On Security: Encryption in Cloud Computing. This article makes the important argument that encryption -- where the user and not the cloud provider holds the keys -- is critical to protect cloud data.

on Security: Encryption in Cloud Computing

The problem is, it upsets cloud providers' business models: In part it is because encryption with customer controlled keys is inconsistent with portions of their business model. This architecture limits a cloud provider's ability to data mine or otherwise exploit the users' data. If a provider does not have access to the keys, they lose access to the data for their own use. While a cloud provider may agree to keep the data confidential (i.e., they won't show it to anyone else) that promise does not prevent their own use of the data to improve search results or deliver ads. That second reason is actually very important, too. Lots of companies are trying really hard to solve parts of this problem, but a truly optimal solution still eludes us.

Standards of cloud computing

Cloutage - Tracking Cloud Incidents, Security, and Outages. Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives. Download (Registration Required, 217K) Download (French; Registration Required, 205K) Download (Portuguese; Registration Required, 206K) Download (Spanish; Registration Required, 202K) Provide feedback on this document Visit the Cloud Computing Knowledge Center community View News Release Cloud computing is an emerging technology that may help enterprises meet the increased requirements of lower total cost of ownership (TCO), higher return on investment (ROI), increased efficiency, dynamic provisioning and utility-like pay-as-you-go services.

Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives

Top Threats to Cloud Computing. Introduction to Top Threats to Cloud Computing The purpose of this document, Top Threats to Cloud Computing, is to provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies.

Top Threats to Cloud Computing

In essence, this threat research document should be seen as a companion to Security Guidance for Critical Areas in Cloud Computing. As the first deliverable in the CSA’s Cloud Threat Initiative, the “Top Threats” document will be updated regularly to reflect expert consensus on the probable threats which customers should be concerned about. Top Threats to Cloud Computing Leadership Rafel Los, HP Don Gray, Solutionary Dave Shackleford, Voodoo Security Bryan Sullivan, Microsoft Downloads. Who owns data in the cloud? The answer could get tricky. Who owns data in the cloud?

Who owns data in the cloud? The answer could get tricky.

The answer could get tricky. Do your Cloud suppliers disclaim responsibility for security? Cloud computing contracts often contain significant business risks for end user organisations, according to independent research by UK academics.

Do your Cloud suppliers disclaim responsibility for security?

Some contracts even have clauses disclaiming responsibility for keeping the user’s data secure or intact. Others reserve the right to terminate accounts for apparent lack of use, which is potentially important if they are used for occasional backup or disaster recovery purposes, according to the Cloud Legal Project at Queen Mary, University of London. Other contracts can be revoked for violation of the provider’s Acceptable Use Policy, or indeed for any or no reason at all, the academics found. The Cloud Legal Project surveyed 31 Cloud computing contracts from 27 different providers and found that many included clauses that could have a significant impact, often negative, on the rights and interests of customers. Even that might not be enough. The research was funded by a donation from Microsoft, but was academically independent Now read: HowtouseGoogledrivewithChameleon. Securing Data Protection in the Cloud. Security Guidance for Critical Areas of Focus in Cloud Computing.

eWeek. Cloud Controls Matrix (CCM) Download the Cloud Controls Matrix About the CSA Cloud Controls Matrix The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.

Cloud Controls Matrix (CCM)

The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the Cloud Security Alliance Controls Matrix rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP and will augment or provide internal control direction for service organization control reports attestations provided by cloud providers. The Cloud Controls Matrix is part of the CSA GRC Stack. Cloud Computing Risk Assessment. ENISA, supported by a group of subject matter expert comprising representatives from Industries, Academia and Governmental Organizations, has conducted, in the context of the Emerging and Future Risk Framework project, an risks assessment on cloud computing business model and technologies.

Cloud Computing Risk Assessment

The result is an in-depth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing. The report provide also a set of practical recommendations.Produced by ENISA with contributions from a group of subject matter expert comprising representatives from Industry, Academia and Governmental Organizations, a risk assessment of cloud computing business model and technologies. This is an in-depth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing. The report provide also a set of practical recommendations. Blog Archive » Book review: Securing the Cloud. The cloud is everywhere.

Blog Archive » Book review: Securing the Cloud

It is all over us. But everybody knows that. Cloud Data Backup Makes Sense for Small and Midsize Businesses. Cloud Data Backup Makes Sense for Small and Midsize Businesses With increasing data storage demands resulting from new content types - rich digital media, social media and machine-generated data - small and mid-size businesses have been challenged to incorporate sophisticated methods to back up critical company data. For many types of small businesses, it just doesn't make sense to go out and buy all the storage hardware, software and services that were required before the advent of cloud backup, which now has a track record of about seven years.

It is the right time for SMBs to look at cloud backup for at least a portion of their overall storage, according to an article on eWEEK.com. Read more about it here. Spiceworks Eyes Skunkworks, Keeps Tabs on Cloud Bring-your-own-device may be the latest concern facing IT departments, but what about the cloud creep into the workplace via that skunkworks project?

Cloud higjacking

Cloud Security. Dropbox adopte la double authentification. Victime collatérale, au mois dernier, d’actes de piratage, Dropbox s’était alors engagé à renforcer la sécurité de ses utilisateurs.

Dropbox adopte la double authentification

C’est chose faite. En conformité avec les promesses faites, une méthode de double identification fait son apparition. Il s’agit simplement d’ajouter une étape dans le processus d’authentification. En l’occurrence, l’envoi d’un code réceptionné par SMS ou via une application mobile telle que Google Authenticator. Déployé dans la nouvelle version du client (1.5.2) pour smartphones, tablettes et ordinateurs de bureau, le système n’est pas opérationnel par défaut. La protection ne s’enclenche qu’à l’initiative de l’utilisateur, qui devra à cet effet se connecter sur l’interface Web de Dropbox et se rendre dans l’onglet « Sécurité », enrichi à répétition ces dernières semaines : les options de confidentialité y sont désormais légion.

Le fonctionnement semble rester hasardeux au dire de certains. Security in the cloud a top priority for the UK.