background preloader

Cloud and security

Facebook Twitter

9 out of 10 cloud services 'put European businesses at risk' Cloud SaaS by Duncan MacRae| 10 April 2014 A new report points to a need for greater employee education about data protection and privacy.

9 out of 10 cloud services 'put European businesses at risk'

As many as 91% of cloud services in Europe do not offer enterprise-grade security, a new study has found. Skyhigh Networks, a cloud visibility and enablement company, released its first European 'Cloud Adoption and Risk Report' this week, to coincide with the company's expansion into the region. The report analysed usage data from more than one million users across more than 40 companies spanning the financial services, healthcare, high technology, manufacturing, media, and professional service industries to quantify the use of cloud services and the security risk that they pose to enterprises.

A key finding was that enterprises used an average of 588 cloud services. Much of the cloud adoption within European organisations occurs under the radar of the CIO or CISO - leading to a situation where shadow IT is widespread and uncontrolled. Share:

US (ITA) has issued a guidance document on businesses data

CSCC Practical Guide to Cloud Computing Webinar. On Security: Encryption in Cloud Computing. This article makes the important argument that encryption -- where the user and not the cloud provider holds the keys -- is critical to protect cloud data.

on Security: Encryption in Cloud Computing

The problem is, it upsets cloud providers' business models: In part it is because encryption with customer controlled keys is inconsistent with portions of their business model. This architecture limits a cloud provider's ability to data mine or otherwise exploit the users' data. If a provider does not have access to the keys, they lose access to the data for their own use. While a cloud provider may agree to keep the data confidential (i.e., they won't show it to anyone else) that promise does not prevent their own use of the data to improve search results or deliver ads. That second reason is actually very important, too. Lots of companies are trying really hard to solve parts of this problem, but a truly optimal solution still eludes us.

Standards of cloud computing

Cloutage - Tracking Cloud Incidents, Security, and Outages. Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives. Download (Registration Required, 217K) Download (French; Registration Required, 205K) Download (Portuguese; Registration Required, 206K) Download (Spanish; Registration Required, 202K) Provide feedback on this document Visit the Cloud Computing Knowledge Center community View News Release Cloud computing is an emerging technology that may help enterprises meet the increased requirements of lower total cost of ownership (TCO), higher return on investment (ROI), increased efficiency, dynamic provisioning and utility-like pay-as-you-go services.

Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives

Top Threats to Cloud Computing. Introduction to Top Threats to Cloud Computing The purpose of this document, Top Threats to Cloud Computing, is to provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies.

Top Threats to Cloud Computing

In essence, this threat research document should be seen as a companion to Security Guidance for Critical Areas in Cloud Computing. As the first deliverable in the CSA’s Cloud Threat Initiative, the “Top Threats” document will be updated regularly to reflect expert consensus on the probable threats which customers should be concerned about. Who owns data in the cloud? The answer could get tricky. Who owns data in the cloud?

Who owns data in the cloud? The answer could get tricky.

The answer could get tricky. Feds, industry grapple with ways to protect government data in the cloud When government moves data to the cloud, who owns it? And how can it be secured or, in extreme cases, decommissioned? During a panel discussion on Security in Public/Private/Hybrid Clouds, part of the at the Government Technology Research Alliance meeting earlier this week, everyone involved acknowledged the need to raise the level of trust in the public cloud. Cloud computing refers to services, applications, and data storage delivered online through powerful file servers. One attendee noted that his agency is working with a cloud provider, Hewlett Packard/EDS, which has its cloud computing resources in the U.S., but systems administrators in other countries such as Argentina, Brazil, Malaysia and Uruguay.

“How do we understand, other than getting a government-certified cloud, where this stuff might be run from and where assets reside?” Related coverage: Do your Cloud suppliers disclaim responsibility for security? Cloud computing contracts often contain significant business risks for end user organisations, according to independent research by UK academics.

Do your Cloud suppliers disclaim responsibility for security?

Some contracts even have clauses disclaiming responsibility for keeping the user’s data secure or intact. Others reserve the right to terminate accounts for apparent lack of use, which is potentially important if they are used for occasional backup or disaster recovery purposes, according to the Cloud Legal Project at Queen Mary, University of London. Other contracts can be revoked for violation of the provider’s Acceptable Use Policy, or indeed for any or no reason at all, the academics found. HowtouseGoogledrivewithChameleon. Securing Data Protection in the Cloud. Security Guidance for Critical Areas of Focus in Cloud Computing. Download: Security Guidance Introducing Guidance for Critical Areas of Focus in Cloud Computing The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations.

Security Guidance for Critical Areas of Focus in Cloud Computing

This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment. In the third edition, the guidance assumes a structural maturity in parallel with multinational cloud standards development in both structure and content.

eWeek. Cloud Controls Matrix (CCM) Cloud Computing Risk Assessment. ENISA, supported by a group of subject matter expert comprising representatives from Industries, Academia and Governmental Organizations, has conducted, in the context of the Emerging and Future Risk Framework project, an risks assessment on cloud computing business model and technologies.

Cloud Computing Risk Assessment

The result is an in-depth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing. The report provide also a set of practical recommendations.Produced by ENISA with contributions from a group of subject matter expert comprising representatives from Industry, Academia and Governmental Organizations, a risk assessment of cloud computing business model and technologies.

This is an in-depth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing. The report provide also a set of practical recommendations. Blog Archive » Book review: Securing the Cloud. The cloud is everywhere.

Blog Archive » Book review: Securing the Cloud

It is all over us. But everybody knows that. I have been interested in could security for quite a while, so I decided to read a book to see how it is defined from A to Z today. After reading some reviews I chose the Securing The Cloud; Cloud computer security techniques and tactics written by Vic (J.R.) Winkler. One important aspect why I chose this book is that one review had said that it is a little bit too technical. IT management: the management of a company who is considering to move it’s infrastructure to the could can get a good overview about the whole cloud technology, it’s advantages, how they can benefit from the cloud and what are it’s potential risks.IT operations engineer: these people will be needed to make the cloud related decisions. Cloud Data Backup Makes Sense for Small and Midsize Businesses. Cloud Data Backup Makes Sense for Small and Midsize Businesses With increasing data storage demands resulting from new content types - rich digital media, social media and machine-generated data - small and mid-size businesses have been challenged to incorporate sophisticated methods to back up critical company data.

For many types of small businesses, it just doesn't make sense to go out and buy all the storage hardware, software and services that were required before the advent of cloud backup, which now has a track record of about seven years. It is the right time for SMBs to look at cloud backup for at least a portion of their overall storage, according to an article on eWEEK.com. Read more about it here. Spiceworks Eyes Skunkworks, Keeps Tabs on Cloud Bring-your-own-device may be the latest concern facing IT departments, but what about the cloud creep into the workplace via that skunkworks project?

Cloud higjacking

Cloud Security. Dropbox adopte la double authentification. Victime collatérale, au mois dernier, d’actes de piratage, Dropbox s’était alors engagé à renforcer la sécurité de ses utilisateurs.

Dropbox adopte la double authentification

C’est chose faite. En conformité avec les promesses faites, une méthode de double identification fait son apparition. Il s’agit simplement d’ajouter une étape dans le processus d’authentification. En l’occurrence, l’envoi d’un code réceptionné par SMS ou via une application mobile telle que Google Authenticator. Déployé dans la nouvelle version du client (1.5.2) pour smartphones, tablettes et ordinateurs de bureau, le système n’est pas opérationnel par défaut. La protection ne s’enclenche qu’à l’initiative de l’utilisateur, qui devra à cet effet se connecter sur l’interface Web de Dropbox et se rendre dans l’onglet « Sécurité », enrichi à répétition ces dernières semaines : les options de confidentialité y sont désormais légion. Le fonctionnement semble rester hasardeux au dire de certains. Security in the cloud a top priority for the UK.