Articles about Cloud Security

Man relaxes, stretches out, outs his feet up on a cloud.... Fun but hammy stock pic. Photo by Shutterstock

Getting comfortable with cloud-based security: Who to trust to do what

There are some bits of computing that you just don’t want to trust other people with. They’re just too sensitive. But at the same time, there are some things that people can do as well or better than you, for a lower cost. Finding a balance between the two can be tricky, but useful. Take cybersecurity as an example. It’s …
Danny Bradbury, 27 Jul 2016

Exploit kit miscreants rush to plug gap in cyber-crime marketplace

Cybercrooks behind the Sundown Exploit Kit are rapidly updating the hacking tool in a bid to exploit a gap in the market created by the demise of the Angler and Nuclear exploit kits. While RIG and Neutrino have been the primary protagonists in the void left by Angler and Nuclear, Sundown is also vying for an increased share in …
John Leyden, 13 Jul 2016

Biz security deadline knocked back 3 months 'cos Brits ignored it

A deadline for businesses to make sure they were compatible with new payment security measures has been extended after around 1,000 UK companies failed to take the necessary action. These businesses risked being unable to pay staff and suppliers, forcing Bacs Payment Schemes Limited to extend its deadline by three months from …
John Leyden, 15 Jun 2016

Cloud security 101: Get a little more intimate with your provider

You can get many different services in the cloud these days, and cyber security is among them. These days, cloud service providers will take care of everything from email scanning through to watching where your employees surf (and stopping them from going there, if necessary). Most of them claim to do a better job than the …
Danny Bradbury, 16 May 2016
Cloud security image

DNS root zone key boost

The internet's DNS root zone is about to get more secure with the rollout of a 2048-bit zone signing key (ZSK), in place of today's 1024-bit RSA key. The change reflects a gradual increase in the digital security of this critical piece of internet infrastructure. With the recent introduction of DNSSEC, the 1024-bit ZSK now …
Kieren McCarthy, 09 May 2016
Microsoft's Scott Guthrie announces new Azure features at Build 2016

Microsoft explains which cloud security problems are your problem

Microsoft has issued guidelines about Azure security that spell out when a problem is your problem and when a problem is Microsoft's problem. Two documents explain Redmond's approach to problem-solving. The first is called Shared Responsibilities for Cloud Computing (PDF) and explains how Microsoft divides responsibility for …
Simon Sharwood, 15 Apr 2016

Cloud security harder than 'encrypt everything'

Australia's wildly-enthusiastic adoption of cloud computing is providing the rest of the world a crucible in which a host of security challenges can be cultured, according to F5 security researcher David Holmes. Speaking to The Register's networking desk while visiting the antipodes, Holmes said that “Australia is becoming the …
Pennies in a jar. Photo via Shutterstock

Staff 'fury' as penny pinching IBM offers legal minimum redundo payoffs

IBMers at risk of losing their jobs have reacted with “fury” to Big Blue’s confirmation it can only afford to pay the bare statutory minimum in their redundancy packages. Staff at IBM's Global Technology Services (GTS), Global Business Services (GBS) and UK Labs entered into a 45-day consultation period recently. Around 400 …
Paul Kunert, 14 Mar 2016
Rose and Jack drowning scene Titanic. Pic: Fox pictures

Cloud sellers who acted on Heartbleed sink when it comes to DROWN

Response to the critical web-crypto-blasting DROWN vulnerability in SSL/TLS by cloud services has been much slower than the frantic patching witnessed when the Heartbleed vulnerability surfaced two years ago. DROWN (which stands for Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects …
John Leyden, 08 Mar 2016
norse

Securo-bods snigger into sleeves at Norse Corp as conf sponsor

RSA 2016 Judging from comments both public and private, a lot of attendees at this year's RSA 2016 conference were somewhat surprised to pick up badges and lanyards emblazoned with the logo of threat intelligence firm Norse Corp. RSA badge Norse shows it's still out there The firm has had a rocky road over the last few months, …
Iain Thomson, 03 Mar 2016

HTTPS DROWN flaw: Security bods' hearts sink as tatty protocols wash away web crypto

The discovery of a HTTPS encryption vulnerability, dubbed DROWN, again proves that supporting tired old protocols weakens modern crypto systems. DROWN (aka Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects HTTPS websites and other network services that rely on SSL and TLS – which are …
John Leyden, 01 Mar 2016
Paul Winchell and dummy

Cisco leans in close, coughs, whispers: If you want 100GE for 40GE prices, I know a person...

Cisco Partner Summit Cisco has announced new Nexus 9000 and 3000 switches with a theme of 25 and 100 gig Ethernet for 10 and 40 gig prices, calling them cloud-scale products. It's also buying cloud app wrangler startup CliQr. Switchzilla has adding the 9200, 9300 and 9500 models to its 9000 family. The latest gear sports a new ASIC delivering 10/ …
Chris Mellor, 01 Mar 2016

Go full SHA-256 by June or get locked out, say payments bods Bacs

Online businesses in the UK will have to update their systems and adopt SHA-2 before June in order to avoid losing access to vital payment and money transfer services. Failure to change before a 13 June deadline will leave merchants unable to use Bacs Payment Schemes Limited (Bacs) to make salary or supplier payments or to …
John Leyden, 17 Feb 2016
White Hat for Hackers by Zeevveez, Flickr under CC2.0

School network manager wins £10,000 in NCC Group Cyber 10K challenge

The second edition of a business-development focused cyber security challenge, the Cyber 10K, has concluded – with the worthy winner receiving £10,000 to further develop an innovative security dashboard tool. The challenge was run by the information assurance firm NCC Group supported by a judging panel including your …
John Leyden, 11 Feb 2016
Cisco RFGW-1-D Edge QAM

Enterprise network spend hits the brakes – and Cisco's OK with that

The financial market turmoil that's characterized 2016 has led Cisco to set modest expectations for the coming three months. Having said that, the networking giant is pleased with its performance in Q2 of its fiscal 2016, aka the quarter to January 23. Its US$11.8bn second quarter revenue (normalized to exclude the cable …

Dragons and butterflies: The chaos of other people's clouds

Cloud computing was meant to solve the reliability problem, but in practice, it still has a long way to go. Is that an endemic problem with the complexity of cloud computing, or a problem with the way people use it? Cloud infrastructures are meant to be resilient, because they tend to use lots of cheap servers and scale out. …
Danny Bradbury, 05 Feb 2016
The Seeing Eye by Valerie Everett, Flickr, CC2.0

Computer sales not a matter of life and death, they're more important than that

Warmer business sentiments towards Windows 10, Intel’s latest chip architecture and stabilising currencies still won’t translate into swelling PC sales this year. The entrail pokers at Gartner have spoken, and while device shipments are tipped to grow 1.9 per cent in 2016 to 2.44bn units, it won’t be the classic computer that …
Paul Kunert, 20 Jan 2016

Cloud Security Alliance says infosec wonks would pay $1m ransoms

Some companies will pay hackers up to US$1 million in ransoms to claw back stolen data according to a poll by the Cloud Security Alliance. The survey garnered 209 respondents of which half were in IT security and a third from tech with most hailing from companies with up to 1000 staff and a quarter from large enterprises with …
Team Register, 14 Jan 2016

Last call for the NCC Group Cyber 10K challenge

Competition The November 30 deadline for entering NCC Group’s Cyber 10K challenge is coming up fast – so get those entries in now. To recap, the Cyber 10K is designed to encourage students and recent grads to take up careers in IT security. NCC Group challenges entrants to put forward fresh and innovative ideas to help solve cyber security …
David Gordon, 26 Nov 2015

Shocker: Smut-viewing Android apps actually steal your data

A brace of supposed porn apps for Android actually push ransomware or steal personal data from mobile device, cloud security firm Zscaler warns. One strain of Android malware scares the user with a warning screen that falsely accusing them of watching images of child abuse. After installing the app on a device, the user will …
John Leyden, 23 Nov 2015
Broken piggy bank with coins surrounding it. Image via Shutterstock

NCC Group sowing the seeds of disruption in the cyber security industry

Competition It's 2015, the cyber attacks keep on coming, and the bad guys appear to be winning – some may argue this is because devastating data breaches are more newsworthy than businesses upping their security defences. We see a relentless battle between businesses trying to protect themselves and those with malicious intent attacking …
David Gordon, 20 Nov 2015

UK cyber-spy law takes Snowden's revelations of mass surveillance – and sets them in stone

IPB The encryption bothering parts of the UK's Investigatory Powers Bill have left IT security experts flabbergasted. Introducing the draft internet surveillance law in the House of Commons on Wednesday, Home Secretary Theresa May presented it as consolidating and updating existing investigatory powers. She spun it as a break from …
John Leyden, 05 Nov 2015

Cisco takes Security Everywhere™ to throw blanket over shadow IT

Cisco wants you to know it has Security Everywhere™, but that it doesn't mean it is Gossamer Thin. Rather, the messaging from the Borg is that its newly-boosted security suites cover just about everything that needs to be securable. That it says includes the things you don't know you even own, or to use advertising lingo, …
Darren Pauli, 04 Nov 2015
Chef Logo 648p

Chef kicks off London conference with buyout and product releases

Chef served up a surprise acquisition and a flurry of enterprise friendly product releases at its UK summit today. However, the automation developer also yanked a trio of recent builds of its Reporting product. Chef said it had “recently acquired” a German security software outfit, Vulcanosec, which markets a Compliance …
Joe Fay, 03 Nov 2015

Akamai buys out Scottish web security firm Bloxx

Scottish websec firm Bloxx has been acquired by American giants Akamai in a cash deal, for an undisclosed amount, to shore up its cloud security services. Bloxx, established in 1999, had 55 employees spread between its facilities in West Lothian and Massachusetts. There has been no comment regarding restructuring at the …
Oracle OpenWorld cloud

Oracle's Hurd mentality: We (and one other) will own all of cloud by 2025

Two companies will own 80 per cent of the software-as-a-service market by 2025 and one of them will be Oracle, the firm's co-CEO Mark Hurd has predicted. Speaking at his keynote on the second day of Oracle OpenWorld in San Francisco, Hurd said that Oracle has spent the last five years rewriting its code base with the cloud in …
Iain Thomson, 26 Oct 2015

Students, graduates, amateurs: Win £10,000 in Cyber 10K challenge

Competition NCC Group is running the Cyber 10K security challenge to encourage young people and security amateurs to join the industry – and The Register is the exclusive media partner. You can scroll down for details of how to enter the competition. As a background, the UK, as many of us know, has an ongoing shortage of skills in …
Miatta Momoh, 16 Oct 2015

Malware, restoring data: What keeps data center techies up all night

A majority of organizations polled in a data center and cloud security survey are dissatisfied with their malware containment and recovery times. More than half (55 per cent) of survey respondents were dissatisfied with the length of time it takes them to contain and recover from hacker infiltrations and malware infections, …
John Leyden, 15 Oct 2015

DDoS defences spiked by CloudPiercer tool - paper

The real IP addresses of some 70 per cent of websites protected by popular distributed denial of service attack protection providers like CloudFlare, Prolexic and Incapsula can be revealed using a simple web tool built on newly uncovered flaws, according to a recent paper. Sensitive websites admins wishing to protect against …
Darren Pauli, 08 Oct 2015
Bulls_eye_target

Barracuda misses Q2 results target

Cloud security and storage supplier Barracuda recorded growing revenues in its latest quarter, but fell short of expectations and made a loss because of poor sales in Europe and large deal push-outs. However, it announced it was buying a managed service provider software company to grow its market. Revenues for the second …
Chris Mellor, 01 Oct 2015
trolley_shopping_648

Cisco borgs UK infosec bods

Cisco Systems is buying Portcullis Computer Security, a UK-based firm specialising in consulting to enterprise and government clients. Both firms are staying tight-lipped about the value of the deal which is expected to complete early in 2016. When that happens Portcullis employees will become part of the Cisco Security …

IT security spending to hit $75.4bn in 2015 despite currency issues, says Gartner

Worldwide spending on information security will reach $75.4bn in 2015 – an increase of 4.7 per cent over 2014 – despite a currency-driven price hike causing some customers to delay purchases until next year. Government initiatives, increased legislation and high-profile data breaches are the hot topics shaping the latest …
John Leyden, 23 Sep 2015
Sheriff Woody

IBM: Listen up, we're the sheriffs of this leaky external app town

IBM is finally waking up to the potential threat that employees’ Bring Your Own Cloud-based apps pose for corporate enterprises, prompting it to roll out a security service. The Cloud Security Enforcer includes ID management-as-a-service and scans the corporate network to discover external apps that workers are using, then …
Paul Kunert, 22 Sep 2015

Students! Graduates! Win £10,000 with the Cyber 10K challenge

Competition In a bid to help address the cyber skills gap in the UK, NCC Group is calling on Britain’s students and graduates to solve the cyber security challenges both businesses and consumers face today. The winner of the Cyber 10K challenge will receive £10,000 and expert advice from the company to develop their own security solution …
David Gordon, 14 Sep 2015
storage arrays superimposed on cloudy sky

HP overtakes Cisco in cloud infrastructure revenues

HP sells more cloud infrastructure equipment than anyone else, including Cisco, which was shunted into second place for the first time in Q2, 2015. Cisco is unlikely to be too dismayed, as both companies are recording "stellar growth in the burgeoning market", running at some $16bn a quarter and growing 25 per cent year on …
Drew Cullen, 10 Sep 2015
Microsoft monopoly

Microsoft in SaaS-y cloud data security slurp

Microsoft has acquired cloud security outfit Adallom. Adallom was founded in 2012 and follows the “R&D in Israel, sales in Silicon Valley” template for a range of data security products for clouds. The company's wares bring data loss prevention and reporting to cloud storage services, offering users the chance to see just who' …
Simon Sharwood, 09 Sep 2015
£10 notes. Pic: Howard Lake

Show us your security chops with the Cyber 10K challenge

Competition NCC Group has devised a lovely cyber security competition, Cyber 10K, which sees the winning contestant receive £10,000 and expert advice from the company to develop their own security solution.Enter and find out more here. We like the Cyber 10K concept so much that El Reg’s very own John Leyden, who has covered the IT …
David Gordon, 20 Aug 2015

Ashley Madison keeps calm, carries on after hackers expose lives of millions of its users

Infidelity website Ashley Madison has pledged to continue operations after hackers leaked its customer database online. The Impact Team, which claimed responsibility for the hack on Ashley Madison and sister site Established Men, have made good on their threat to publish compromising information on millions of people. Around …
John Leyden, 19 Aug 2015

Blue Coat acquires the cloud-crypto monkeys at Perspecsys

Controversial and suspicious netsec outfit Blue Coat Systems has acquired Perspecsys, for the want of some weight in its cloud security portfolio. Recently bought by Bain, Blue Coat reckons the acquisition (on undisclosed terms) establishes it as "a leader in the Cloud Access Security Broker segment". Cloud-crypto outfit …
band_aid_648

Four phone hijack bugs revealed in Internet Explorer after Microsoft misses patch deadline

Updated Microsoft has run out of time to fix four critical security vulnerabilities in the mobile edition of Internet Explorer – prompting HP's Zero Day Initiative (ZDI) to disclose their existence without revealing any damaging details. All four of the flaws present a remote code execution (i.e. malicious code injection on a Windows …
John Leyden, 23 Jul 2015

Ashley Madison invites red-faced cheats to bolt stable door for free

Adulterous hook-up site Ashley Madison is allowing all members to fully delete their profiles without charge in the aftermath of a serious data breach that threatens the site' future. Previously, if users wanted to delete their records (profile, pictures and messages sent through the system) they were obliged to pay around $20 …
John Leyden, 21 Jul 2015

Papa don't breach: Wannabe singer jailed for hacking Madonna

An aspiring-singer-turned-hacker has been jailed for accessing Madonna's online accounts and stealing her unreleased music tracks. Adi Lederman, 39, had unsuccessfully appeared on Israel’s Kochav Nolad TV talent show before breaking into Team Madonna's email inbox and cloud-based systems last year to steal photographs and …
John Leyden, 10 Jul 2015

Cisco gobbles OpenDNS, sorts out cloud security portfolio

Cisco will buy privately held net security firm OpenDNS for $635m in cash, to make good its cloud security portfolio and boost the networking giant's "security everywhere" approach. Announcing the deal today, the leviathan is offering the bundle of cash alongside assumed equity awards, plus retention based incentives for …
Padlocks by Simon Cocks Flickr CC2 license

No more customisation? Cloud Security Alliance calls for Open APIs

The Cloud Security Alliance has teamed up with CipherCloud to try and impose some discipline on the sector by defining protocols and best practice. CipherCloud will co-lead a Cloud Security Open API Working Group to develop vendor neutral protocols and best practices under the the Cloud Access Security Broker Framework. The …
Joe Fay, 30 Jun 2015
Circuit board underwear by emiko-o

Whoops, there goes my data! Hold onto your privates in the Dropbox era

Your users are probably using cloud-based services that you’re not even aware of to organise their files and collaborate with each other. What are you going to do about it? “Shadow” IT — cloud services bought from third-party providers without authorisation by the IT department — is becoming a significant problem for many …
Danny Bradbury, 24 Jun 2015

$125m VC war chest awaits NTT Com Security's outgoing boss

The hedge fund that outgoing NTT Com Security overlord Simon Church is joining has $125m to splash on new investments in cyber defence and data services. Church, who provided consultancy for C5 Capital since its inception last year, and was made an advisory board member in April, is to become an "exec in residence" at the equity …
Paul Kunert, 24 Jun 2015

ISC2 launches security cert training for cloud-defending cherubs

ISC2 has announced the dates of its training courses for its new cloud security certification, created alongside Cloud Security Alliance (CSA), beginning with exam availability in PearsonVUE testing centres from 21 July. The pitch for the ISC2- and CSA-developed Certified Cloud Security Professional (CCSP) certification …
Cloud security image

Blackhat hack trick wallops popular routers

A cybercrime vigilante known as Kafeine says criminals are hitting thousands of victims with a hacking tool that targets more than 40 router models. The well-known hacker says the novel attacks use cross-site request forgery and exploits against new and old bugs to change router DNS settings. This bypasses the need to target …
Darren Pauli, 26 May 2015
Lego lumberjack

Average enterprise 'using 71 services vulnerable to LogJam'

As many as 575 cloud-based services have been left at risk to the newly discovered LogJam crypto vulnerability, according to cloud security specialists Skyhigh Networks. LogJam creates a means for hackers to weaken encrypted connections between a user and a web or email server. The vulnerability was discovered as part of …
John Leyden, 20 May 2015
Cloud security

Cloud Security Temperature Check

Survey Results It is increasingly common for users and business groups to drive their own adoption of cloud services. But even where IT is involved, as organisations ramp up their use of cloud, activity is often uncoordinated. Pulling the threads together across service silos to manage risks effectively can be a challenge. The right strategy …
Dale Vile, 20 May 2015