Feeds

Articles about Cloud Security

iiNet Logo

iiNet cans cloud security and storage services

iiNet has, of late, signalled an intention to build on its reputation as a carrier by offering subscription services. Yet the internet service provider yesterday cancelled two such services, namely the security-as-a-service “Protection Pack”. The protection pack was a $AUD9.99 a month service that baked malware scanning and …
Simon Sharwood, 30 Apr 2014
Cloud security image

Skiddies turn Amazon cloud into 'crime-as-a-service' – security bod

Amazon Web Services' share of cloud-hosted malware-slingers has more than doubled in the last six months. That's according to NTT subsidiary Solutionary, which revealed the finding in its Q2 2014 Security Engineering Research Team (SERT) report published on Tuesday. The infosec researchers said that, out of the top ten ISPs and …
Jack Clark, 17 Jul 2014

AWS levels up in game of government security – and now one step below classified access

Amazon Web Services (AWS) has leveled up its US government security certification, winning the right to handle more sensitive work from the Department of Defense (DoD). The company has, of course, blogged the news that it has won provisional authorization to operate levels three to five of the DoD's cloud security model. Level …
Simon Sharwood, 21 Aug 2014

World+Dog hates PRISM: Cloud Security Alliance

Edward Snowden's PRISM revelations will soon impact the balance sheets of US cloud vendors, according to the Cloud Security Alliance. The group claims the latest survey (PDF) of its 500 members suggests the NSA leaks would make more than half non-US the respondents think twice about hosting their data with American-based …

Calling all resellers:Cloud, security, SMEs and you

Vendors may have declared that 2012 is the year of the cloud, but it's resellers who have to deal with the fall-out from over hyped expectations and half-baked product strategies. You know what your customers really think of the cloud, and what you need to help them make the switch. So please help us enlighten the vendor …
David Gordon, 18 Jun 2012

Stratsec critical of cloud security

A study conducted by BAE security subsidiary Stratsec claims that cloud services aren’t doing enough to secure their instances against being used to host attacks. The company has described a series of experiments here. Stratsec says it was able to set up botnets – it refers to them as botClouds – on all five of the cloud …
Cloud security

Cloud vid wrangler Zencoder STRADDLES Amazon and Google

Cloud video encoder Zencoder has taken a deep breath and gingerly straddled two cloud providers in an attempt to offer customers greater infrastructure choice. The Brightcove-owned firm announced support for Google's just-released Google Compute Engine on Monday, giving Chocolate Factory aficionados access to a new …
Jack Clark, 10 Dec 2013
Cloud security

Neither Snowden nor the NSA puts CIOs off the cloud, it's just FUD

The Edward Snowden affair has not put CIOs off the public cloud, but only because IT professionals were already wary of the security issues and vendor lock-in, a Bloomberg tech conference heard last week. A panel discussing the cloud and the enterprise at the Bloomberg Enterprise Technology Summit in London focused on the …
Joe Fay, 17 Dec 2013
Cloud security

Microsoft beefs up cloud login security in PhoneFactor gobble

Microsoft has bought PhoneFactor, the maker of software that allows punters to securely identify themselves to computer systems using their mobiles. Terms of the deal, announced yesterday, were undisclosed. The snapped-up biz offers phone-based authentication as an alternative to physical security tokens that can, for instance, …
John Leyden, 05 Oct 2012
Cloud security image

Microsoft parts Azure cloud, reveals NoSQL doc database

Microsoft has slipped out DocumentDB for Windows Azure, the company’s first-ever non-relational database – and its first new database product since SQL Server. DocumentDB is a complete departure from Microsoft’s relational roots, being a schema-free, NoSQL offering built entirely for consumption as a service on its cloud. …
Gavin Clarke, 22 Aug 2014
The last Canon shot, above the clouds, showing the edge of space

Study shows SMB cloud security fears largely overstated

Research into small businesses in the US and Asian markets has shown that there's an increasing mismatch between the theory and practice of cloud security. When questioned in a blind test conducted by comScore and funded by Microsoft, a third of SMBs said they didn’t use cloud security because of fears over the cost of …
Iain Thomson, 14 May 2012
Cloud security

Let cloud apps manage your systems – if you have nothing to hide

There are a growing number of cloud-based security and systems management (CSSM) applications available to consumers and small and medium-sized businesses (SMBs), and I am ambivalent about their use. On the one hand, I am not fan of things cloudy, especially where they involves trusting US-based companies*. On the other hand, …
Trevor Pott, 12 Jun 2014
The Register breaking news

McAfee upgrades cloud security and Intel identity kit

McAfee has upgraded its enterprise Cloud Security Platform and activated the first in a series of integrations with parent company Intel's identity management systems. The security company has beefed up data loss systems to cover email and web gateways and added in a simplified management control and reporting panel that allow …
Iain Thomson, 12 Jun 2012
borg_cube

Oracle spins-up public sector 'Cloud'

Oracle has fired up its big red branding machine and coated some of its software-as-a-service products with a cloud label as it tries to create a suite of tech for public-sector organizations. Just as Amazon, Dell, and others have forged their own dedicated cloud services for the US public sector, so too has Oracle. But there's …
Jack Clark, 06 Sep 2013
NSA parody T-shirt

Prez Obama cyber-guru: Think your data is safe in an EU cloud? The NSA will raid your servers

A former White House security advisor has suggested that you, dear reader, are naive if you think hosting data outside of the US will protect a business from the NSA. "NSA and any other world-class intelligence agency can hack into databases even if they not in the US," said former White House security advisor Richard Clarke in …
Jack Clark, 24 Feb 2014

EMC aims Elastic Cloud Storage band at Amazon, Google

EMC is in Vegas to gamble, and had all of its software-defined storage bets on show at its EMC World storagefest – everything from Project Nile and ViPR 2.0 to its massively scale-out ScaleIO server SAN. First up is its Amazon-attacking Project Nile, embodied as an Elastic Cloud Storage (ECS) appliance. It was previewed in …
Chris Mellor, 06 May 2014
Cloud security

Google follows Amazon with auto-encryption of cloud data

Google has tossed a crumb of reassurance to people with cloudy security concerns by adding automatic server-side encryption to Google Cloud Storage. The free security measure was announced by Google on Thursday and spun as a way to "make securing your data as painless as possible," according to a blog post by the company. The …
Jack Clark, 15 Aug 2013
Cloud security

Microsoft defends Azure with two-factor auth security

Microsoft's multi-factor authentication service has gone into general availability, doubling prices and giving enterprises a service-level agreement. Microsoft announced the general availability of the product in a blog post on Thursday. The MFA technology allows admins to add an additional layer of security to accounts using …
Jack Clark, 26 Sep 2013

Win XP security deadline: Biz bods MUST protect user data – ICO

The end of support for XP on Tuesday doesn't only mean increased risk from hackers exploiting vulnerabilities that will never be patched. It also creates a heightened data protection risk to businesses, the UK's data privacy watchdog has warned. The Information Commissioner's Office (ICO) also warned that the end of support for …
John Leyden, 08 Apr 2014

A potted history of cloud computing

1960s John McCarthy Many of the key concepts of Cloud Computing are rooted in the early 1960s and the trailblazer was John McCarthy (above), the celebrated computer scientist, who is best known as the father of Artificial Intelligence. He devised the notion of timesharing, enabling organisations to simultaneously use an …
David Gordon, 07 Mar 2014

Report: NSA spying deals billion dollar knockout to US cloud prospects

Sustained violations of civil liberties at home and abroad? Yawn. The manifestation of Orwell's nightmares? Snooze. The potential loss of scads and scads of money? Egad, we should really do something about this! That's the gist of a report published on Monday assessing the likely commercial fallout for the US cloud computing …
Jack Clark, 06 Aug 2013

Revoke, reissue, invalidate: Stat! Security bods scramble to plug up Heartbleed

The startling password-spaffing vulnerability in OpenSSL affects far more than web servers, with everything from routers to smartphones also at risk. The so-called “Heartbleed” vulnerability (CVE-2014-0160) can be exploited to extract information from the servers running vulnerable version of OpenSSL, and this includes email …
John Leyden, 09 Apr 2014
The Register breaking news

Startup decloaks, rolls out cloudy security 'conductor'

Security startup NetCitadel is tackling the problem of automatically applying security policies across physical and virtual environments with a cloud-based approach. NetCitadel's OneControl Security Orchestration Platform enables the application of network security policy changes across cloud, virtual and physical environments …
John Leyden, 30 Jan 2013
The Register breaking news

Clear next Tues: Incoming Outlook, IE, Windows critical security patches

Microsoft will squash 14 sets of security vulnerabilities - four of which are deemed critical - in the next edition of its monthly batch of Patch Tuesday updates, due next week. Those four critical patches will address flaws in the Sharepoint server software, the Outlook component of Microsoft Office 2007 and 2010, Internet …
John Leyden, 06 Sep 2013
The Register breaking news

Secure cloud biz Trustwave equips M86 anti-malware guns

Cloud-security firm Trustwave has bought web security and anti-malware firm M86 Security. Financial terms of the acquisition, announced Tuesday, were undisclosed. Trustwave said the deal allowed it to add web security to its portfolio of compliance, application, network and data security products and services. It promised that …
John Leyden, 07 Mar 2012
The Register breaking news

NHS goes for in-cloud security from Zscaler

It appears that the NHS will move security for its million-plus users to in-cloud services from Zscaler. The deal has not officially been announced but news is leaking out, such as in an agenda item entitled "Zscaler – Web Security Service Within N3" for an N3 user conference happening now. There is also a Satisnet Zscaler …
Chris Mellor, 01 Jul 2011

Cloud Security Alliance crosses the Pond

“The cloud agenda has to move beyond the security field and into business,” says Jacqui Taylor, freshly minted director of communications for the UK and Ireland wing of the Cloud Security Alliance (CSA). “There is an education process that has to be done, and it needs an independent voice. That is where we come in.” A not-for- …
Lucy Sherriff, 04 Sep 2011
McAfee_logo

Er, you remember you tried to sell me that security package...

We all know a real world example can make all the difference when selling technology. Nothing mows down those objections like seeing the company's crowd jewels disappearing as fast as your broadband provider can upload. But at the same time, you can't wait till all your customers have had a major security scare before warning …
Team Register, 12 Jul 2012
Cloud security

Amazon carefully stitches up Heartbleed OpenSSL hole

Amazon is working to patch "Heartbleed" memory-leak vulnerablities in its Amazon Web Services hosting infrastructure. The mammoth cloud company confirmed on Tuesday that it has dealt with some of the parts of its infrastructure that were vulnerable to the nasty OpenSSL 1.0.1 bug nicknamed "Heartbleed" that was disclosed on …
Jack Clark, 08 Apr 2014
EMC Atmos

Atmos: Give us your tired, your poor... Heck, our cloud will even take that S3 app

EMC has launched a hat-trick of Atmos updates: new hardware, new software and new interfaces. The system holds 33 per cent more data, chews through it more quickly and provides more and faster ways of getting to it. Potential customers can try Atmos software out using a virtual edition running on any VMware-certified storage. …
Chris Mellor, 13 Dec 2012
For Sale sign detail

Qualys pushes out cloud-based tech for website protection

Security software-as-a-service specialist Qualys has branched out from vulnerability assessment and policy compliance for corporate networks with a cloud-based website protection service. QualysGuard Web Application Firewall (WAF) is designed to protect sites from threats including SQL injection and DDoS. The service is also …
John Leyden, 27 Feb 2012
The Register breaking news

Team HP: Cloud Police

When HP announced it was exploring options for its PC business, the company said it'd move into the more profitable arena of enterprise solutions. From a speech given at HP's yearly Security conference yesterday, the titan is eyeing up cloud security as a big growth area. Policing the cloud and monitoring employee mobiles are …
Anna Leach, 12 Sep 2011
The Register breaking news

The cloud, security and hosted apps

Today at 8am PST / 11am EST / 4pm GMT our usual host Tim Phillips will be joined by Andrew Buss, service director with Freeform Dynamics, and Eran Feigenbaum, director of security for Google Apps, to discuss the security and privacy issues surrounding hosted apps. Whatever your plans for the desktop, whether you're upgrading to …
Phil Mitchell, 26 Jan 2011
channel

G-Cloud rep: We'll mop up data breach flood with red tape

The government is speaking out about “myths and confusion” surrounding its plans for security accreditation on G-Cloud. A civil servant working on No 10’s big IT catalogue has re-assured Whitehall types that G-Cloud accreditation is most certainly not an unnecessary piece of bureaucracy. She has also warned, however, that just …
Gavin Clarke, 03 Apr 2012
Cat 5 cable

Akamai to gobble down Prolexic for its enterprise DDoS defences

Content delivery and security services firm Akamai has announced its plans to slurp Prolexic, a cloud security outfit, for $370m. Prolexic will help Akamai strengthen its protection for corporate clients with online protection from distributed denial of service (DDoS) attacks for data centres and enterprise IP apps. "Any …
Cloud security

Google's App Engine architect defects to Snapchat

One of Google's top cloud product managers has left the gold-plated confines of Page and Brin's search palace to work for one of his former top customers – the obscenely popular SnapChat app. Peter Magnusson, the man who spent the past three years running engineering for Google's 'Google App Engine' (GAE) platform cloud, …
Jack Clark, 19 Feb 2014
Version 4.0 of Google's Play store

Whoah! How many Google Play apps want to read your texts?

A security firm has criticised Android's all-or-nothing permission approach, arguing it unnecessarily creates extra privacy risks for businesses and consumers. Users are obliged to accept an entire laundry list of requested permissions before they can download an Android app. Disagreement on any point means that the software …
John Leyden, 16 Jul 2014
The Register breaking news

Crypto boffins uncover rogue task risk on Amazon cloud

Security researchers have unearthed a flaw in Amazon Web Services that created a possible mechanism for hackers to take over control of cloud-based systems and run administrative tasks. The flaw, which affected Amazon's EC2 cloud and has already been plugged, could have been abused to start and stop virtual machines or create …
John Leyden, 27 Oct 2011
Cloud security image

AWS breaks silence over Truecrypt's role in data import/export

Amazon Web Services (AWS) has issued some advice on how it uses the kept mum on whether it will dump the troubled TrueCrypt platform used to encrypt data imported and exported to its Simple Storage Service, Amazon EBS snapshots and Glacier cold storage offerings. . The popular crypto platform recently became a pariah after its …
Darren Pauli, 11 Jun 2014
padlock

Palo Alto Networks splashes $US200 million on Cyvera

Palo Alto Networks has announced that it's buying Tel Aviv-based Cyvera for $US200 million, including $US88 million in cash. The attraction is the Israeli company's TRAPS (Targeted Remote Attack Prevention System), an endpoint protection system for Windows machines, which PAN will add to its existing firewall and cloud security …

iDevice ransomware stalks OZ, demands payoff

Apple fans across Australia are finding their iPad and iPhones held for ransom by miscreants demanding $50 and more for unlock fee. The extortionate demands appeared in messages claiming the device had been "hacked by Oleg Pliss" – but it'd be highly unlikely that the cybercrooks behind the scam, which appears to be localised to …
John Leyden, 27 May 2014

AVG on Heartbleed: It's dangerous to go alone. Take this (an AVG tool)

It's the bug that keeps on bleeding. Thousands of websites are still vulnerable to Heartbleed more than a month after a patch for the password-leaking OpenSSL bug was released, we're told. Researchers at AVG’s Virus Labs said they scanned Alexa's league table of the top 800,000 sites in the world, and found 12,043 (1.5 per cent …
John Leyden, 20 May 2014
The Register breaking news

Microsoft skills up IT pros for jobs in the cloud

You can tell that cloud computing is huge by the number of certifications and training programmes and user groups setting out their stalls. We have spotted two this week, a vendor training initiative, and a strong-arm grouping for IT security practitioners. Say hello to the Microsoft Virtual Academy, a free training facility …
Team Register, 24 Mar 2011
Cloud security

CloudBees straddles firewall with VPN connection

Cloud startup CloudBees has launched a technology that lets customers of the developer-oriented cloud connect their sensitive on-premises resources to the company's cloud via VPN. By building hosted OpenVPN into its infrastructure, the Java cloud has been able to launch the service which it says can assuage security concerns and …
Jack Clark, 23 Sep 2013

A couple of whitepapers about SIEM

In our first visit to the Reg whitepaper library in some time, we took time out to inspect the security pitches. Here is a couple of vendor papers about SIEM (security information and event management) software that we thought deserved a wider airing. Registration is, as per usual, required. Data control in the cloud This …
David Gordon, 05 Jun 2013

Supervalu supermarket stores stung by sneaky sales system scammers

Supervalu, one of the biggest supermarket chains in the US, is warning customers who shopped with them between June 22 and July 17 to check their bank statements, after investigators discovered hackers have been at work. "The safety of our customers' personal information is a top priority for us," said CEO Sam Duncan. "The …
Iain Thomson, 15 Aug 2014

Don't lose sleep over cloud crypto hole, says Amazon

Amazon has played down the significance of a recently discovered vulnerability affecting its flagship Amazon Web Services cloud computing platform. Interlinked security shortcomings created a theoretical mechanism for hackers to issue rogue admin requests, such as stopping virtual machines in an EC2 virtual environment or either …
John Leyden, 01 Nov 2011
Windows XP BSOD

Final Windows XP Patch Tuesday will plug Word RTF vuln

The final Patch Tuesday for Windows XP will bring four bulletins, including a critical fix for a zero-day Word vulnerability uncovered last week. The critical 0-day vulnerability - already the object of targeted attacks - opens the door to remote code execution nasties if a user opens a RTF file in Word 2010 or in Outlook while …
John Leyden, 04 Apr 2014
Bring out your dead - Monty Python

Telstra backs a couple of percent of NICTA's budget

Australia's incumbent telco, Telstra, has put forward a touch over a million dollars with negotiable extensions to research body NICTA, which is at risk of being a casualty of the Australian government's cuts to science, research, and education. The federal government announced in its budget that public funding for NICTA would …
The Register breaking news

Fed watchdog barks at cloud security

The US federal consumer protection watchdog is barking at security and privacy risks posed by cloud computing. With ever-more products and services asking users to upload personal and sensitive information to centralized online servers in the nebulous (but trendy) notion of "the cloud," the US Federal Trade Commission is …
Austin Modine, 06 Jan 2010