Blog

GoGrid Security Team discover an unauthorized party accessed customer records. Here is a copy of the breach notification I received.

Marketers of cloud services and software as a service continue to find ever more creative ways to get targeted exposure to their offerings. I experienced this first hand when a blog post I wrote was turned into a video with professional actors.

The Cloud Security Alliance is running a survey to find out which cloud security threats security professionals are most concerned about.

When it comes to security due diligence and on-going operational security visibility of cloud services, enterprise security pros are acting out the childrens game, Pin the Tail on the Donkey.

Research team publish paper analyzing potential security weaknesses in Infrastructure a a Sercice cloud environmentsl

Vulnerability scanning of cloud services may be against cloud providers Terms and Conditions. How can we digitize requests to scan?

Cloud providers are suffering an Audit Denial of Service as customer security teams conduct reviews. How can we eliminate unncessary duplication and gain digital trust of claims?

Legal Cloud caters to the specific security, compliance and audit needs of Law firms. Will vertical specific clouds drive greater cloud adoption by enterprises?

Cloud terminology can be confusing. Learn the difference between cloud security and security in the cloud.

The slides from my talk at Black Hat Europe 2009 are now available

Amazon introduces fine grained access control using new policy language. Learn how you can limit access to your cloud services.

Always read the terms and conditions before signing up for a cloud service. Especially if you are a weapons developer.

Google App Engine introduces the Google Secure Data Connector to help organisations connect their network to the Google public cloud.

Amazon Web Services claim their cloud platform can be used to create HIPAA compliant applcations. cloudsecurity.org challenges that claim...

Compliance as a Service could provide a means to bind your company security policy and regulations to your use of cloud services and APIs

What happens when a popular privacy group takes on the worlds largest cloud provider? EPIC files compliant with the FTC citing concerns with Googles' privacy and security.

Who are the cloud providers and what cloud services do they sell? Find out with this cloud ecosystem map.

The Microsoft Azure Technology Preview suffered a major outage that lasted 22 hours.

Amazon Reserved Instances provide a customer with a cheap way to reserve computer capacity in advance for Business Continuance (for example). But what are the Terms and Conditions?

What is a PCI compliant cloud service? Learn how to separate the hype from reality in cloud providers compliance claims.

How does your cloud provider handle vulnerability reports and how quickly do they inform you so you can assess retrospective risk? Baynote case study.

Share your cloud security startup and get free security consulting to help your startup prepare for 'Under The Radar'.

A vulnerability in the sharing feature in Google Docs led to unauthorized disclosure of private customer data. How did the Google Security Team handle it?

Large cloud providers employ evangelists to market their cloud services. But where are the security evangelists?

NIST creates a Cloud Computing Security Group to identify risks and develop standards for government agencies to safely use cloud services.

Craig Balding talks about the security challenges of cloud computing at the IGT2008 World Cloud Computing Summit [video]

Cloud security vulnerability in Amazon EC2 and SimpleDB fixed after 7.5 months. Customers notified by a forum post.

Web browsers may cache or store sensitive infoatmion, exposing your cloud credentials and data to risk.

A recent survey suggests IT decision makers consider cloud security the biggest challenge. What is your cloud provider doing to address your concerns?

Cloud Computing raises privacy concerns. A recent Pew Internet study highlights the growing use of cloud sercice. What is your privacy worth?

When collaboration technologies meet Virtual Worlds, what are the security implications?"

Amazon posted a forum message stating they had fixed a vulnerability in their cloud copmuting environment.

Interview with Guido van Rossum from Google talking about the security of Google App Engine and the Python programming language.

How do you know that the data you pushed to a cloud storage provider is the same as what you get back? An example is provided showing a problem with Amazon S3 integrity checks.

Interview with Craig Balding on US National Public Radio (NPR). Topics include the definition of cloud computing, how consumers can benefit and security challenges.

Security API calls and audit log entries may be billable for cloud services. How does your choice of cloud security tools impact your budget?

A light-hearted look at the early tell-tale signs that your company is already using cloud services - regardless of what your security policy does or doesn't say.

What measures do you have in place to assess potential security gaps in cloud services and how do you mitigate the risks?

Security professionals often dismiss cloud computing as hype or a label for mainframe service models. Here are 5 reasons why you should pay attention.

A cloud service may be composed of multiple cloud provider offerings. Security reviews need to consider the risk posed by API mashups on supply chain security.

Thin clients offer less features and expose less attack surface. But cleartext and proprietary protocols combined with weak security controls undermine their overall security.

What is Cloud Computing? A simple definition covering virtualization, commodity hardware and software and utility billing.

Cloud providers share dashboards showing operational metrics including uptime and outages over time. To speed enterprise cloud adoption, providers should expose cloud security metrics.