Feeds

Articles about Cloud Security

Cloud security

Xen security bug, you say? Amazon readies GLORIOUS GLOBAL CLOUD REBOOT

Amazon will tomorrow begin a bloody global reboot of its Elastic Compute Cloud (EC2) compute instances after it found a security bug within the Xen virtualisation platform. The rolling minutes-long reboots would be completed by 30 September. Amazon did not name the reason for the upgrade, widely thought to be a security issue …
Darren Pauli, 25 Sep 2014
Cloud security

Defence giant BAE coughs $230m for cloud heavy SilverSky

BAE Systems has bought cloud-based email and network security firm SilverSky for $232.5m, seemingly finding the US company's products and customer base irresistible. Ian King, chief executive, BAE Systems, said: "SilverSky has an established sales force, a complementary suite of scalable products and a large installed customer …
John Leyden, 21 Oct 2014
iiNet Logo

iiNet cans cloud security and storage services

iiNet has, of late, signalled an intention to build on its reputation as a carrier by offering subscription services. Yet the internet service provider yesterday cancelled two such services, namely the security-as-a-service “Protection Pack”. The protection pack was a $AUD9.99 a month service that baked malware scanning and …
Simon Sharwood, 30 Apr 2014
Cloud security image

Skiddies turn Amazon cloud into 'crime-as-a-service' – security bod

Amazon Web Services' share of cloud-hosted malware-slingers has more than doubled in the last six months. That's according to NTT subsidiary Solutionary, which revealed the finding in its Q2 2014 Security Engineering Research Team (SERT) report published on Tuesday. The infosec researchers said that, out of the top ten ISPs and …
Jack Clark, 17 Jul 2014

AWS levels up in game of government security – and now one step below classified access

Amazon Web Services (AWS) has leveled up its US government security certification, winning the right to handle more sensitive work from the Department of Defense (DoD). The company has, of course, blogged the news that it has won provisional authorization to operate levels three to five of the DoD's cloud security model. Level …
Simon Sharwood, 21 Aug 2014

World+Dog hates PRISM: Cloud Security Alliance

Edward Snowden's PRISM revelations will soon impact the balance sheets of US cloud vendors, according to the Cloud Security Alliance. The group claims the latest survey (PDF) of its 500 members suggests the NSA leaks would make more than half non-US the respondents think twice about hosting their data with American-based …
Screenshot of Microsoft promotional video touting Office 2013's cloud integration

Most cloud apps flout EU data protection rules – study

Three in four cloud services do not conform to the current EU Data Protection Directive, according to a new study. Enterprise cloud visibility firm Skyhigh Networks found that nearly three-quarters (72 per cent) of the cloud services used by European organisations do not meet the requirements of the current privacy regulations, …
John Leyden, 21 Oct 2014

FBI: Your real SECURITY TERROR? An ANGRY INSIDE MAN

Disgruntled workers are causing more problems for their employers, the FBI warns. Employees, ex-workers or contractors with a grudge against their former paymasters are abusing cloud storage sites or remote access to enterprise networks to steal trade secrets, customer lists or other sensitive information. Insider threats have …
John Leyden, 25 Sep 2014

Calling all resellers:Cloud, security, SMEs and you

Vendors may have declared that 2012 is the year of the cloud, but it's resellers who have to deal with the fall-out from over hyped expectations and half-baked product strategies. You know what your customers really think of the cloud, and what you need to help them make the switch. So please help us enlighten the vendor …
David Gordon, 18 Jun 2012

Cloud? We prefer, er, reselling tech, say tech resellers

Good old fashioned kit and licence reselling remains the primary way local tech suppliers pay the bills, with IT services still accounting for less than a quarter of revenue generation. This is according to a Canalys survey, which probed 352 channel businesses across the globe to ascertain the impact that classic product sales, …
Paul Kunert, 24 Sep 2014
Lenticular Cloud

Cloud skills certification can add zeros to your pay cheque

As IT recruiters collectively bemoan the dearth of cloud professionals, the doom-and-gloom predictions that cloud services would result in the death of the IT department now seem nothing short of laughable. The most recent research from industry body the Cloud Industry Forum suggests that cloud computing has achieved mainstream …
Rachel Willcox, 16 Oct 2014

Keep a beady eye on your business's cloud service shopping

If you believe the hype, it is only a question of time before every Tom, Dick and Harriet in your organisation becomes a tech decision maker who can spend your company's money, with the power to do so a mere click away. “Shadow IT”, the term emerging to describe the buying of IT and technology services without any central …
Stuart Burns, 16 Oct 2014

Stratsec critical of cloud security

A study conducted by BAE security subsidiary Stratsec claims that cloud services aren’t doing enough to secure their instances against being used to host attacks. The company has described a series of experiments here. Stratsec says it was able to set up botnets – it refers to them as botClouds – on all five of the cloud …
Cloud security

Cloud vid wrangler Zencoder STRADDLES Amazon and Google

Cloud video encoder Zencoder has taken a deep breath and gingerly straddled two cloud providers in an attempt to offer customers greater infrastructure choice. The Brightcove-owned firm announced support for Google's just-released Google Compute Engine on Monday, giving Chocolate Factory aficionados access to a new …
Jack Clark, 10 Dec 2013
Cloud security

Microsoft beefs up cloud login security in PhoneFactor gobble

Microsoft has bought PhoneFactor, the maker of software that allows punters to securely identify themselves to computer systems using their mobiles. Terms of the deal, announced yesterday, were undisclosed. The snapped-up biz offers phone-based authentication as an alternative to physical security tokens that can, for instance, …
John Leyden, 05 Oct 2012
The last Canon shot, above the clouds, showing the edge of space

Study shows SMB cloud security fears largely overstated

Research into small businesses in the US and Asian markets has shown that there's an increasing mismatch between the theory and practice of cloud security. When questioned in a blind test conducted by comScore and funded by Microsoft, a third of SMBs said they didn’t use cloud security because of fears over the cost of …
Iain Thomson, 14 May 2012
Cloud security

Neither Snowden nor the NSA puts CIOs off the cloud, it's just FUD

The Edward Snowden affair has not put CIOs off the public cloud, but only because IT professionals were already wary of the security issues and vendor lock-in, a Bloomberg tech conference heard last week. A panel discussing the cloud and the enterprise at the Bloomberg Enterprise Technology Summit in London focused on the …
Joe Fay, 17 Dec 2013
Cloud security image

Microsoft parts Azure cloud, reveals NoSQL doc database

Microsoft has slipped out DocumentDB for Windows Azure, the company’s first-ever non-relational database – and its first new database product since SQL Server. DocumentDB is a complete departure from Microsoft’s relational roots, being a schema-free, NoSQL offering built entirely for consumption as a service on its cloud. …
Gavin Clarke, 22 Aug 2014
The Register breaking news

McAfee upgrades cloud security and Intel identity kit

McAfee has upgraded its enterprise Cloud Security Platform and activated the first in a series of integrations with parent company Intel's identity management systems. The security company has beefed up data loss systems to cover email and web gateways and added in a simplified management control and reporting panel that allow …
Iain Thomson, 12 Jun 2012
borg_cube

Oracle spins-up public sector 'Cloud'

Oracle has fired up its big red branding machine and coated some of its software-as-a-service products with a cloud label as it tries to create a suite of tech for public-sector organizations. Just as Amazon, Dell, and others have forged their own dedicated cloud services for the US public sector, so too has Oracle. But there's …
Jack Clark, 06 Sep 2013
Cloud security

Let cloud apps manage your systems – if you have nothing to hide

There are a growing number of cloud-based security and systems management (CSSM) applications available to consumers and small and medium-sized businesses (SMBs), and I am ambivalent about their use. On the one hand, I am not fan of things cloudy, especially where they involves trusting US-based companies*. On the other hand, …
Trevor Pott, 12 Jun 2014
NSA parody T-shirt

Prez Obama cyber-guru: Think your data is safe in an EU cloud? The NSA will raid your servers

A former White House security advisor has suggested that you, dear reader, are naive if you think hosting data outside of the US will protect a business from the NSA. "NSA and any other world-class intelligence agency can hack into databases even if they not in the US," said former White House security advisor Richard Clarke in …
Jack Clark, 24 Feb 2014
iPad Psycho image

NUDE SELFIE CLOUD PERV menace: Apple 2FA? Sweet FA, more like

Apple’s two-factor authentication doesn't actually protect iCloud backups or photo streams, contrary to what many iPhone and iPad fondlers might wish to believe. Scores of (mostly female) celebrities, including Oscar winner Jennifer Lawrence, had their iCloud hacked before miscreants siphoned off private nude snaps which …
John Leyden, 03 Sep 2014

EMC aims Elastic Cloud Storage band at Amazon, Google

EMC is in Vegas to gamble, and had all of its software-defined storage bets on show at its EMC World storagefest – everything from Project Nile and ViPR 2.0 to its massively scale-out ScaleIO server SAN. First up is its Amazon-attacking Project Nile, embodied as an Elastic Cloud Storage (ECS) appliance. It was previewed in …
Chris Mellor, 06 May 2014
Cloud security

Google follows Amazon with auto-encryption of cloud data

Google has tossed a crumb of reassurance to people with cloudy security concerns by adding automatic server-side encryption to Google Cloud Storage. The free security measure was announced by Google on Thursday and spun as a way to "make securing your data as painless as possible," according to a blog post by the company. The …
Jack Clark, 15 Aug 2013
Cloud security

Microsoft defends Azure with two-factor auth security

Microsoft's multi-factor authentication service has gone into general availability, doubling prices and giving enterprises a service-level agreement. Microsoft announced the general availability of the product in a blog post on Thursday. The MFA technology allows admins to add an additional layer of security to accounts using …
Jack Clark, 26 Sep 2013

Win XP security deadline: Biz bods MUST protect user data – ICO

The end of support for XP on Tuesday doesn't only mean increased risk from hackers exploiting vulnerabilities that will never be patched. It also creates a heightened data protection risk to businesses, the UK's data privacy watchdog has warned. The Information Commissioner's Office (ICO) also warned that the end of support for …
John Leyden, 08 Apr 2014

A potted history of cloud computing

1960s John McCarthy Many of the key concepts of Cloud Computing are rooted in the early 1960s and the trailblazer was John McCarthy (above), the celebrated computer scientist, who is best known as the father of Artificial Intelligence. He devised the notion of timesharing, enabling organisations to simultaneously use an …
David Gordon, 07 Mar 2014

Report: NSA spying deals billion dollar knockout to US cloud prospects

Sustained violations of civil liberties at home and abroad? Yawn. The manifestation of Orwell's nightmares? Snooze. The potential loss of scads and scads of money? Egad, we should really do something about this! That's the gist of a report published on Monday assessing the likely commercial fallout for the US cloud computing …
Jack Clark, 06 Aug 2013

Revoke, reissue, invalidate: Stat! Security bods scramble to plug up Heartbleed

The startling password-spaffing vulnerability in OpenSSL affects far more than web servers, with everything from routers to smartphones also at risk. The so-called “Heartbleed” vulnerability (CVE-2014-0160) can be exploited to extract information from the servers running vulnerable version of OpenSSL, and this includes email …
John Leyden, 09 Apr 2014
The Register breaking news

Startup decloaks, rolls out cloudy security 'conductor'

Security startup NetCitadel is tackling the problem of automatically applying security policies across physical and virtual environments with a cloud-based approach. NetCitadel's OneControl Security Orchestration Platform enables the application of network security policy changes across cloud, virtual and physical environments …
John Leyden, 30 Jan 2013
Josh and some superheroes at Spiceworld 2013

CloudMask dons cape and sets foot on the mean streets of Blighty

Cloud-based security services firm CloudMask, whose technology offers to protect sensitive information in the cloud, even in the case of a network breach, launched in the UK on Tuesday. CloudMask's technology works on the premise that no one can be trusted with data - including cloud administrators, governments, employees, and …
John Leyden, 09 Sep 2014
The Register breaking news

Secure cloud biz Trustwave equips M86 anti-malware guns

Cloud-security firm Trustwave has bought web security and anti-malware firm M86 Security. Financial terms of the acquisition, announced Tuesday, were undisclosed. Trustwave said the deal allowed it to add web security to its portfolio of compliance, application, network and data security products and services. It promised that …
John Leyden, 07 Mar 2012
The Register breaking news

Clear next Tues: Incoming Outlook, IE, Windows critical security patches

Microsoft will squash 14 sets of security vulnerabilities - four of which are deemed critical - in the next edition of its monthly batch of Patch Tuesday updates, due next week. Those four critical patches will address flaws in the Sharepoint server software, the Outlook component of Microsoft Office 2007 and 2010, Internet …
John Leyden, 06 Sep 2013
The Register breaking news

NHS goes for in-cloud security from Zscaler

It appears that the NHS will move security for its million-plus users to in-cloud services from Zscaler. The deal has not officially been announced but news is leaking out, such as in an agenda item entitled "Zscaler – Web Security Service Within N3" for an N3 user conference happening now. There is also a Satisnet Zscaler …
Chris Mellor, 01 Jul 2011
Transporter_Genesis_bezel

Dropbox-but-with-an-actual-box firm touts new biz appliances

Private cloud firm Connected Data has birthed a business-class, private cloud/file sync 'n' share product based on its consumer Transporter product's base. Transporter is a mini-cooling tower desktop lookalike housing a hard drive with internet connectivity. Peer-to-peer networks of Transporters can share and synchronise files …
Chris Mellor, 24 Oct 2014

Cloud Security Alliance crosses the Pond

“The cloud agenda has to move beyond the security field and into business,” says Jacqui Taylor, freshly minted director of communications for the UK and Ireland wing of the Cloud Security Alliance (CSA). “There is an education process that has to be done, and it needs an independent voice. That is where we come in.” A not-for- …
Lucy Sherriff, 04 Sep 2011
McAfee_logo

Er, you remember you tried to sell me that security package...

We all know a real world example can make all the difference when selling technology. Nothing mows down those objections like seeing the company's crowd jewels disappearing as fast as your broadband provider can upload. But at the same time, you can't wait till all your customers have had a major security scare before warning …
Team Register, 12 Jul 2012
Cloud security

Amazon carefully stitches up Heartbleed OpenSSL hole

Amazon is working to patch "Heartbleed" memory-leak vulnerablities in its Amazon Web Services hosting infrastructure. The mammoth cloud company confirmed on Tuesday that it has dealt with some of the parts of its infrastructure that were vulnerable to the nasty OpenSSL 1.0.1 bug nicknamed "Heartbleed" that was disclosed on …
Jack Clark, 08 Apr 2014
EMC Atmos

Atmos: Give us your tired, your poor... Heck, our cloud will even take that S3 app

EMC has launched a hat-trick of Atmos updates: new hardware, new software and new interfaces. The system holds 33 per cent more data, chews through it more quickly and provides more and faster ways of getting to it. Potential customers can try Atmos software out using a virtual edition running on any VMware-certified storage. …
Chris Mellor, 13 Dec 2012
The Register breaking news

Team HP: Cloud Police

When HP announced it was exploring options for its PC business, the company said it'd move into the more profitable arena of enterprise solutions. From a speech given at HP's yearly Security conference yesterday, the titan is eyeing up cloud security as a big growth area. Policing the cloud and monitoring employee mobiles are …
Anna Leach, 12 Sep 2011
For Sale sign detail

Qualys pushes out cloud-based tech for website protection

Security software-as-a-service specialist Qualys has branched out from vulnerability assessment and policy compliance for corporate networks with a cloud-based website protection service. QualysGuard Web Application Firewall (WAF) is designed to protect sites from threats including SQL injection and DDoS. The service is also …
John Leyden, 27 Feb 2012
The Register breaking news

The cloud, security and hosted apps

Today at 8am PST / 11am EST / 4pm GMT our usual host Tim Phillips will be joined by Andrew Buss, service director with Freeform Dynamics, and Eran Feigenbaum, director of security for Google Apps, to discuss the security and privacy issues surrounding hosted apps. Whatever your plans for the desktop, whether you're upgrading to …
Phil Mitchell, 26 Jan 2011
channel

G-Cloud rep: We'll mop up data breach flood with red tape

The government is speaking out about “myths and confusion” surrounding its plans for security accreditation on G-Cloud. A civil servant working on No 10’s big IT catalogue has re-assured Whitehall types that G-Cloud accreditation is most certainly not an unnecessary piece of bureaucracy. She has also warned, however, that just …
Gavin Clarke, 03 Apr 2012
Cat 5 cable

Akamai to gobble down Prolexic for its enterprise DDoS defences

Content delivery and security services firm Akamai has announced its plans to slurp Prolexic, a cloud security outfit, for $370m. Prolexic will help Akamai strengthen its protection for corporate clients with online protection from distributed denial of service (DDoS) attacks for data centres and enterprise IP apps. "Any …
Cloud security

Google's App Engine architect defects to Snapchat

One of Google's top cloud product managers has left the gold-plated confines of Page and Brin's search palace to work for one of his former top customers – the obscenely popular SnapChat app. Peter Magnusson, the man who spent the past three years running engineering for Google's 'Google App Engine' (GAE) platform cloud, …
Jack Clark, 19 Feb 2014
The Register breaking news

Crypto boffins uncover rogue task risk on Amazon cloud

Security researchers have unearthed a flaw in Amazon Web Services that created a possible mechanism for hackers to take over control of cloud-based systems and run administrative tasks. The flaw, which affected Amazon's EC2 cloud and has already been plugged, could have been abused to start and stop virtual machines or create …
John Leyden, 27 Oct 2011

SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches

The majority of Fortune 1000 and Global 2000 companies have already deployed, or are now deploying, Shellshock patches to fend off code attacks, according to cloud security firm CloudPassage. The Shellshock vulnerability allows remote attackers to execute arbitrary code on servers using a variety of techniques, with the CVE-2014 …
John Leyden, 29 Sep 2014
The Register breaking news

Microsoft skills up IT pros for jobs in the cloud

You can tell that cloud computing is huge by the number of certifications and training programmes and user groups setting out their stalls. We have spotted two this week, a vendor training initiative, and a strong-arm grouping for IT security practitioners. Say hello to the Microsoft Virtual Academy, a free training facility …
Team Register, 24 Mar 2011
Version 4.0 of Google's Play store

Whoah! How many Google Play apps want to read your texts?

A security firm has criticised Android's all-or-nothing permission approach, arguing it unnecessarily creates extra privacy risks for businesses and consumers. Users are obliged to accept an entire laundry list of requested permissions before they can download an Android app. Disagreement on any point means that the software …
John Leyden, 16 Jul 2014