Feeds

Articles about Cloud Security

World+Dog hates PRISM: Cloud Security Alliance

Edward Snowden's PRISM revelations will soon impact the balance sheets of US cloud vendors, according to the Cloud Security Alliance. The group claims the latest survey (PDF) of its 500 members suggests the NSA leaks would make more than half non-US the respondents think twice about hosting their data with American-based …

Calling all resellers:Cloud, security, SMEs and you

Vendors may have declared that 2012 is the year of the cloud, but it's resellers who have to deal with the fall-out from over hyped expectations and half-baked product strategies. You know what your customers really think of the cloud, and what you need to help them make the switch. So please help us enlighten the vendor …
David Gordon, 18 Jun 2012
Cloud security

Cloud vid wrangler Zencoder STRADDLES Amazon and Google

Cloud video encoder Zencoder has taken a deep breath and gingerly straddled two cloud providers in an attempt to offer customers greater infrastructure choice. The Brightcove-owned firm announced support for Google's just-released Google Compute Engine on Monday, giving Chocolate Factory aficionados access to a new …
Jack Clark, 10 Dec 2013

Stratsec critical of cloud security

A study conducted by BAE security subsidiary Stratsec claims that cloud services aren’t doing enough to secure their instances against being used to host attacks. The company has described a series of experiments here. Stratsec says it was able to set up botnets – it refers to them as botClouds – on all five of the cloud …
Cloud security

Neither Snowden nor the NSA puts CIOs off the cloud, it's just FUD

The Edward Snowden affair has not put CIOs off the public cloud, but only because IT professionals were already wary of the security issues and vendor lock-in, a Bloomberg tech conference heard last week. A panel discussing the cloud and the enterprise at the Bloomberg Enterprise Technology Summit in London focused on the …
Joe Fay, 17 Dec 2013
Cloud security

Microsoft beefs up cloud login security in PhoneFactor gobble

Microsoft has bought PhoneFactor, the maker of software that allows punters to securely identify themselves to computer systems using their mobiles. Terms of the deal, announced yesterday, were undisclosed. The snapped-up biz offers phone-based authentication as an alternative to physical security tokens that can, for instance, …
John Leyden, 05 Oct 2012
The last Canon shot, above the clouds, showing the edge of space

Study shows SMB cloud security fears largely overstated

Research into small businesses in the US and Asian markets has shown that there's an increasing mismatch between the theory and practice of cloud security. When questioned in a blind test conducted by comScore and funded by Microsoft, a third of SMBs said they didn’t use cloud security because of fears over the cost of …
Iain Thomson, 14 May 2012
NSA parody T-shirt

Prez Obama cyber-guru: Think your data is safe in an EU cloud? The NSA will raid your servers

A former White House security advisor has suggested that you, dear reader, are naive if you think hosting data outside of the US will protect a business from the NSA. "NSA and any other world-class intelligence agency can hack into databases even if they not in the US," said former White House security advisor Richard Clarke in …
Jack Clark, 24 Feb 2014
borg_cube

Oracle spins-up public sector 'Cloud'

Oracle has fired up its big red branding machine and coated some of its software-as-a-service products with a cloud label as it tries to create a suite of tech for public-sector organizations. Just as Amazon, Dell, and others have forged their own dedicated cloud services for the US public sector, so too has Oracle. But there's …
Jack Clark, 06 Sep 2013
The Register breaking news

McAfee upgrades cloud security and Intel identity kit

McAfee has upgraded its enterprise Cloud Security Platform and activated the first in a series of integrations with parent company Intel's identity management systems. The security company has beefed up data loss systems to cover email and web gateways and added in a simplified management control and reporting panel that allow …
Iain Thomson, 12 Jun 2012
Cloud security

Google follows Amazon with auto-encryption of cloud data

Google has tossed a crumb of reassurance to people with cloudy security concerns by adding automatic server-side encryption to Google Cloud Storage. The free security measure was announced by Google on Thursday and spun as a way to "make securing your data as painless as possible," according to a blog post by the company. The …
Jack Clark, 15 Aug 2013
Cloud security

Microsoft defends Azure with two-factor auth security

Microsoft's multi-factor authentication service has gone into general availability, doubling prices and giving enterprises a service-level agreement. Microsoft announced the general availability of the product in a blog post on Thursday. The MFA technology allows admins to add an additional layer of security to accounts using …
Jack Clark, 26 Sep 2013

Win XP security deadline: Biz bods MUST protect user data – ICO

The end of support for XP on Tuesday doesn't only mean increased risk from hackers exploiting vulnerabilities that will never be patched. It also creates a heightened data protection risk to businesses, the UK's data privacy watchdog has warned. The Information Commissioner's Office (ICO) also warned that the end of support for …
John Leyden, 08 Apr 2014

A potted history of cloud computing

1960s John McCarthy Many of the key concepts of Cloud Computing are rooted in the early 1960s and the trailblazer was John McCarthy (above), the celebrated computer scientist, who is best known as the father of Artificial Intelligence. He devised the notion of timesharing, enabling organisations to simultaneously use an …
David Gordon, 07 Mar 2014

Report: NSA spying deals billion dollar knockout to US cloud prospects

Sustained violations of civil liberties at home and abroad? Yawn. The manifestation of Orwell's nightmares? Snooze. The potential loss of scads and scads of money? Egad, we should really do something about this! That's the gist of a report published on Monday assessing the likely commercial fallout for the US cloud computing …
Jack Clark, 06 Aug 2013

Revoke, reissue, invalidate: Stat! Security bods scramble to plug up Heartbleed

The startling password-spaffing vulnerability in OpenSSL affects far more than web servers, with everything from routers to smartphones also at risk. The so-called “Heartbleed” vulnerability (CVE-2014-0160) can be exploited to extract information from the servers running vulnerable version of OpenSSL, and this includes email …
John Leyden, 09 Apr 2014
The Register breaking news

Startup decloaks, rolls out cloudy security 'conductor'

Security startup NetCitadel is tackling the problem of automatically applying security policies across physical and virtual environments with a cloud-based approach. NetCitadel's OneControl Security Orchestration Platform enables the application of network security policy changes across cloud, virtual and physical environments …
John Leyden, 30 Jan 2013
The Register breaking news

Clear next Tues: Incoming Outlook, IE, Windows critical security patches

Microsoft will squash 14 sets of security vulnerabilities - four of which are deemed critical - in the next edition of its monthly batch of Patch Tuesday updates, due next week. Those four critical patches will address flaws in the Sharepoint server software, the Outlook component of Microsoft Office 2007 and 2010, Internet …
John Leyden, 06 Sep 2013
The Register breaking news

Secure cloud biz Trustwave equips M86 anti-malware guns

Cloud-security firm Trustwave has bought web security and anti-malware firm M86 Security. Financial terms of the acquisition, announced Tuesday, were undisclosed. Trustwave said the deal allowed it to add web security to its portfolio of compliance, application, network and data security products and services. It promised that …
John Leyden, 07 Mar 2012
The Register breaking news

NHS goes for in-cloud security from Zscaler

It appears that the NHS will move security for its million-plus users to in-cloud services from Zscaler. The deal has not officially been announced but news is leaking out, such as in an agenda item entitled "Zscaler – Web Security Service Within N3" for an N3 user conference happening now. There is also a Satisnet Zscaler …
Chris Mellor, 01 Jul 2011

Cloud Security Alliance crosses the Pond

“The cloud agenda has to move beyond the security field and into business,” says Jacqui Taylor, freshly minted director of communications for the UK and Ireland wing of the Cloud Security Alliance (CSA). “There is an education process that has to be done, and it needs an independent voice. That is where we come in.” A not-for- …
Lucy Sherriff, 04 Sep 2011
Cloud security

Amazon carefully stitches up Heartbleed OpenSSL hole

Amazon is working to patch "Heartbleed" memory-leak vulnerablities in its Amazon Web Services hosting infrastructure. The mammoth cloud company confirmed on Tuesday that it has dealt with some of the parts of its infrastructure that were vulnerable to the nasty OpenSSL 1.0.1 bug nicknamed "Heartbleed" that was disclosed on …
Jack Clark, 08 Apr 2014
McAfee_logo

Er, you remember you tried to sell me that security package...

We all know a real world example can make all the difference when selling technology. Nothing mows down those objections like seeing the company's crowd jewels disappearing as fast as your broadband provider can upload. But at the same time, you can't wait till all your customers have had a major security scare before warning …
Team Register, 12 Jul 2012
EMC Atmos

Atmos: Give us your tired, your poor... Heck, our cloud will even take that S3 app

EMC has launched a hat-trick of Atmos updates: new hardware, new software and new interfaces. The system holds 33 per cent more data, chews through it more quickly and provides more and faster ways of getting to it. Potential customers can try Atmos software out using a virtual edition running on any VMware-certified storage. …
Chris Mellor, 13 Dec 2012
Cloud security

Google's App Engine architect defects to Snapchat

One of Google's top cloud product managers has left the gold-plated confines of Page and Brin's search palace to work for one of his former top customers – the obscenely popular SnapChat app. Peter Magnusson, the man who spent the past three years running engineering for Google's 'Google App Engine' (GAE) platform cloud, …
Jack Clark, 19 Feb 2014
Cat 5 cable

Akamai to gobble down Prolexic for its enterprise DDoS defences

Content delivery and security services firm Akamai has announced its plans to slurp Prolexic, a cloud security outfit, for $370m. Prolexic will help Akamai strengthen its protection for corporate clients with online protection from distributed denial of service (DDoS) attacks for data centres and enterprise IP apps. "Any …
For Sale sign detail

Qualys pushes out cloud-based tech for website protection

Security software-as-a-service specialist Qualys has branched out from vulnerability assessment and policy compliance for corporate networks with a cloud-based website protection service. QualysGuard Web Application Firewall (WAF) is designed to protect sites from threats including SQL injection and DDoS. The service is also …
John Leyden, 27 Feb 2012
The Register breaking news

Team HP: Cloud Police

When HP announced it was exploring options for its PC business, the company said it'd move into the more profitable arena of enterprise solutions. From a speech given at HP's yearly Security conference yesterday, the titan is eyeing up cloud security as a big growth area. Policing the cloud and monitoring employee mobiles are …
Anna Leach, 12 Sep 2011
channel

G-Cloud rep: We'll mop up data breach flood with red tape

The government is speaking out about “myths and confusion” surrounding its plans for security accreditation on G-Cloud. A civil servant working on No 10’s big IT catalogue has re-assured Whitehall types that G-Cloud accreditation is most certainly not an unnecessary piece of bureaucracy. She has also warned, however, that just …
Gavin Clarke, 03 Apr 2012
padlock

Palo Alto Networks splashes $US200 million on Cyvera

Palo Alto Networks has announced that it's buying Tel Aviv-based Cyvera for $US200 million, including $US88 million in cash. The attraction is the Israeli company's TRAPS (Targeted Remote Attack Prevention System), an endpoint protection system for Windows machines, which PAN will add to its existing firewall and cloud security …
The Register breaking news

The cloud, security and hosted apps

Today at 8am PST / 11am EST / 4pm GMT our usual host Tim Phillips will be joined by Andrew Buss, service director with Freeform Dynamics, and Eran Feigenbaum, director of security for Google Apps, to discuss the security and privacy issues surrounding hosted apps. Whatever your plans for the desktop, whether you're upgrading to …
Phil Mitchell, 26 Jan 2011
Cloud security

CloudBees straddles firewall with VPN connection

Cloud startup CloudBees has launched a technology that lets customers of the developer-oriented cloud connect their sensitive on-premises resources to the company's cloud via VPN. By building hosted OpenVPN into its infrastructure, the Java cloud has been able to launch the service which it says can assuage security concerns and …
Jack Clark, 23 Sep 2013
The Register breaking news

Crypto boffins uncover rogue task risk on Amazon cloud

Security researchers have unearthed a flaw in Amazon Web Services that created a possible mechanism for hackers to take over control of cloud-based systems and run administrative tasks. The flaw, which affected Amazon's EC2 cloud and has already been plugged, could have been abused to start and stop virtual machines or create …
John Leyden, 27 Oct 2011

A couple of whitepapers about SIEM

In our first visit to the Reg whitepaper library in some time, we took time out to inspect the security pitches. Here is a couple of vendor papers about SIEM (security information and event management) software that we thought deserved a wider airing. Registration is, as per usual, required. Data control in the cloud This …
David Gordon, 05 Jun 2013
Windows XP BSOD

Final Windows XP Patch Tuesday will plug Word RTF vuln

The final Patch Tuesday for Windows XP will bring four bulletins, including a critical fix for a zero-day Word vulnerability uncovered last week. The critical 0-day vulnerability - already the object of targeted attacks - opens the door to remote code execution nasties if a user opens a RTF file in Word 2010 or in Outlook while …
John Leyden, 04 Apr 2014
The Register breaking news

Microsoft skills up IT pros for jobs in the cloud

You can tell that cloud computing is huge by the number of certifications and training programmes and user groups setting out their stalls. We have spotted two this week, a vendor training initiative, and a strong-arm grouping for IT security practitioners. Say hello to the Microsoft Virtual Academy, a free training facility …
Team Register, 24 Mar 2011
TrueCrypt

TrueCrypt audit: Probe's nearly all the way in ... no backdoor hit yet

The first phase of crowd-funded audit of TrueCrypt has turned up several vulnerabilities, but nothing particularly amiss and certainly nothing that looks like a backdoor. iSEC Partners, which was contracted to carry out the audit by the Open Crypto Audit Project (OCAP), ‪found‬ 11 vulnerabilities in the full disk and file …
John Leyden, 15 Apr 2014

Don't lose sleep over cloud crypto hole, says Amazon

Amazon has played down the significance of a recently discovered vulnerability affecting its flagship Amazon Web Services cloud computing platform. Interlinked security shortcomings created a theoretical mechanism for hackers to issue rogue admin requests, such as stopping virtual machines in an EC2 virtual environment or either …
John Leyden, 01 Nov 2011
Cloud security

Who wants to start a Kickstarter for a more secure Kickstarter? Account data hacked

Crowd-funding site Kickstarter is the latest high-profile Internet property to call on users to reset their passwords, after announcing that an attacker had made off with their account records. However, the site is at pains to emphasise that attackers won't have access to credit card data. In this announcement, the company's …
The Ultima Tool Chest's fridge

Cybercrooks slide fingers into TELLIES+FRIDGES, spam splurge ensues

Miscreants have launched an Internet of Things-based cyberattack involving household "smart" appliances. The global spam distribution campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets. Items such as home-networking routers, connected multi-media centres, …
John Leyden, 17 Jan 2014
The Four Horsemen Apocalypse ride up the grassy mound that adorns the WinXP desktop

Win XP usage down but not out as support cutoff deadline looms

Windows XP usage on the web is decreasing as the venerable operating system edges ever closer towards its "end of life" from Microsoft support next week. Data from cloud security firm's Qualys QualysGuard shows that the percentage of XP on machines decreased from 35 per cent as of January 2013 to 14 per cent in February 2014. …
John Leyden, 04 Apr 2014
Cloud security

Mirantis: Hey guys, here's an idea - we're putting 'open' in OpenStack

OpenStack consultancy Mirantis has launched a distribution of the cloud operating system that it says is "lock-in free" – which makes us wonder just how the numerous other distributions aren't. The company announced the release of "Mirantis OpenStack" on Monday, and claimed that its version of the open-source cloud control freak …
Jack Clark, 21 Oct 2013
Collapsed house

MUM's WordPress recipe blog USED AS ZOMBIE in DDoS attacks

Tens of thousands of vulnerable WordPress sites have been co-opted into a server-based botnet being used to run DDoS attacks. More than 160,000 legitimate WordPress sites were abused to run a large HTTP-based (layer 7) distributed flood attack against a target, which called in cloud security firm Sucuri for help. Security …
John Leyden, 12 Mar 2014

Firewall-floggers in FLAMING MESS: Where'd our mystery margin go?

If you work in the fields of technology distribution, services and resale, you'll surely hear about cloud, mobile, social and virtual more than anything else. However, it is the changing patterns in security spending that are perhaps most dramatically re-shaping our businesses. Gone are the good old days of pushing traditional …
channel

Bytes swallows Security Partnerships

Surrey-based Bytes Technology Group has swallowed Security Partnerships (SP) in a bid to start reducing its software division's reliance on Microsoft licensing. Bytes has forked out for a couple of Xerox concessionaires in the past half decade, buying Xclusive in 2006 and Planflow Systems two years later, but has been relatively …
Paul Kunert, 02 Aug 2011
Cloud security

Ninefold preps infrastructure to help roll out Rails

On the back of its newly-launched Rails Cloud infrastructure offering, Australian elastic public cloud outfit Ninefold has reconfirmed its ongoing expansion plans, with new presences planned for California, the US east coast and Ireland by July 2014. Ninefold chair Peter James told The Register the data centre expansion plans …
The Register breaking news

Fed watchdog barks at cloud security

The US federal consumer protection watchdog is barking at security and privacy risks posed by cloud computing. With ever-more products and services asking users to upload personal and sensitive information to centralized online servers in the nebulous (but trendy) notion of "the cloud," the US Federal Trade Commission is …
Austin Modine, 06 Jan 2010

Scam emails tell people they have cancer to trick them into installing a money-stealing Trojan

Sick fraudsters have put out a batch of malware-riddled hoax emails warning recipients that they may have cancer. The scam emails purport to come from the UK National Institute for Health and Care Excellence (Nice). The emails - which arrive with the header "important blood analysis result" - ask prospective victims to download …
John Leyden, 14 Mar 2014
The Register breaking news

The cloud's impact on security?

We tried to get through this workshop without using the five letter C-word, but we could not quite make it to the end. There are good reasons for considering whether cloud will have an impact on security - not least because it is being discussed so much that you need to know if there is any substance behind the hype. What's the …
Tony Lock, 01 Jul 2010
Cloud security

Use strong passwords and install antivirus, mmkay? UK.gov pushes awareness campaign

The UK government has launched a new campaign aimed at changing attitudes to online security among consumers and small businesses, dubbed Cyber Streetwise. Cyber Streetwise is urging people to take five actions in order to protect themselves and others from cyber crime: Use strong, memorable passwords Install anti-virus …
John Leyden, 14 Jan 2014