Blog

Articles, interviews and insights about cloud security

GoGrid Security Breach

GoGrid Security Team discover an unauthorized party accessed customer records. Here is a copy of the breach notification I received.

breachgogrid

How to Kick Ass in Cloud Computing Marketing

Marketers of cloud services and software as a service continue to find ever more creative ways to get targeted exposure to their offerings. I experienced this first hand when a blog post I wrote was turned into a video with professional actors.

publicity

Cloud Security Threats Survey

The Cloud Security Alliance is running a survey to find out which cloud security threats security professionals are most concerned about.

Are You Trying to Pin the Tail on the Cloud Donkey?

When it comes to security due diligence and on-going operational security visibility of cloud services, enterprise security pros are acting out the childrens game, Pin the Tail on the Donkey.

A6visibility

Cloud Cartography & Side Channel Attacks

Research team publish paper analyzing potential security weaknesses in Infrastructure a a Sercice cloud environmentsl

Infrastucture as a ServiceamazonDoSec2mappingresearchside channel attacks

Legal Cloud: Have It Your Way

Legal Cloud caters to the specific security, compliance and audit needs of Law firms. Will vertical specific clouds drive greater cloud adoption by enterprises?

Infrastucture as a Service

Is Amazon AWS Really HIPAA Compliant Today?

Amazon Web Services claim their cloud platform can be used to create HIPAA compliant applcations. cloudsecurity.org challenges that claim...

Infrastucture as a ServiceawsHIPAA

Compliance as a Service: Does It Exist?

Compliance as a Service could provide a means to bind your company security policy and regulations to your use of cloud services and APIs

Cloud Computing Security

Dissecting the EPIC Complaint against Google

What happens when a popular privacy group takes on the worlds largest cloud provider? EPIC files compliant with the FTC citing concerns with Googles' privacy and security.

Cloud Computing SecuritySoftware as a Servicecomplaintepicftcgooglegoogle docsprivacy

Amazon Reserved Instances: Always Read The Label

Amazon Reserved Instances provide a customer with a cheap way to reserve computer capacity in advance for Business Continuance (for example). But what are the Terms and Conditions?

Infrastucture as a Serviceaws

US Government Creates Cloud Computing Security Group

NIST creates a Cloud Computing Security Group to identify risks and develop standards for government agencies to safely use cloud services.

Cloud Computing SecurityNISTstandards

Biggest Cloud Challenge: Security

A recent survey suggests IT decision makers consider cloud security the biggest challenge. What is your cloud provider doing to address your concerns?

Cloud Computing Security

Privacy In the Cloud: Show Me The Money

Cloud Computing raises privacy concerns. A recent Pew Internet study highlights the growing use of cloud sercice. What is your privacy worth?

Cloud Computing Security

A Question of Integrity: To MD5 or Not to MD5

How do you know that the data you pushed to a cloud storage provider is the same as what you get back? An example is provided showing a problem with Amazon S3 integrity checks.

Cloud Computing Securitycloud storageamazon aws

12 Signs that Your Company is Already in the Cloud

A light-hearted look at the early tell-tale signs that your company is already using cloud services - regardless of what your security policy does or doesn't say.

Cloud Computing Security

Cloud Stacks: Please Mind The Gap

What measures do you have in place to assess potential security gaps in cloud services and how do you mitigate the risks?

Cloud Computing Security

Security In The Cloud: Introducing Cloud Mashups

A cloud service may be composed of multiple cloud provider offerings. Security reviews need to consider the risk posed by API mashups on supply chain security.

Cloud Computing SecurityapiappiriomashupsportabilitySaaSsalesforce.com

Thin Client Security: Wise up!

Thin clients offer less features and expose less attack surface. But cleartext and proprietary protocols combined with weak security controls undermine their overall security.

Cloud Computing Securitythin clients

Cloud Computing Defined

What is Cloud Computing? A simple definition covering virtualization, commodity hardware and software and utility billing.

Cloud Computing Securitydefinitions

Where are the Security Dashboards for Cloud Services?

Cloud providers share dashboards showing operational metrics including uptime and outages over time. To speed enterprise cloud adoption, providers should expose cloud security metrics.