Week of 16 Feb 2015 Symantec quietly drops cloud security certification due to lack of adoption (18 Feb 2015)
After nearly three years, the Symantec Certified Professional-Cloud Security certification has been discontinued due to a lack of adoption, causing observers to question Symantec's cloud security...
Week of 09 Feb 2015 Box introduces BYOK encryption key management service (10 Feb 2015)
Box will give enterprise cloud data storage customers the ability to control and store their own encryption keys through its new Enterprise Key Management service.
Week of 02 Feb 2015 Enterprise shadow cloud usage eclipses authorized cloud services (04 Feb 2015)
New research by CipherCloud shows that majority of enterprises don't know extent of unsanctioned cloud usage by their employees.
MeriTalk and Palo Alto Networks say the U.S. government's thinks its data center modernization effort is going well, but research shows basic cloud security protections are nowhere to be found.
Week of 26 Jan 2015 Apple eyes cloud storage for Touch ID biometric data (30 Jan 2015)
According to a new patent application, Apple is looking to expand its Touch ID biometric verification system through the cloud. But will the biometric data be secure?
As DDoS attacks get bigger, more frequent, and more varied, new hybrid and cloud-based DDoS prevention methods are emerging, but some fear too much automation in DDoS defense may result in a loss of...
Rackspace hopes its new emphasis on security-centric managed cloud services will be enough to overcome past security and availability problems, as well as differentiate itself from public cloud...
Week of 19 Jan 2015 Microsoft Azure had more downtime in 2014 than main cloud rivals (ComputerWeekly.com | 19 Jan 2015)
Microsoft Azure suffered more downtime than its main rivals in 2014, according to detailed analysis
Week of 12 Jan 2015 Ribose first to achieve CSA STAR Attestation status (16 Jan 2015)
Cloud collaboration firm Ribose became the first company to achieve the Cloud Security Alliance's STAR Attestation process.
Week of 05 Jan 2015 'Shadow cloud' services a growing threat to enterprises (09 Jan 2015)
Cloud Security Alliance findings show many enterprises struggle to identify and control shadow cloud apps and services; half of those surveyed told the CSA they have no program in place manage cloud...
A hacking tool released on New Year's Day highlighted a security hole in Apple's public cloud service that left user accounts vulnerable.
Week of 29 Dec 2014 CSA to closely monitor enterprise cloud data privacy issues in 2015 (30 Dec 2014)
The Cloud Security Alliance says cloud data privacy has emerged as a top issue for industry amid Microsoft's battle with the U.S. government over customer emails stored in Ireland.
Week of 15 Dec 2014 Microsoft, rivals challenge U.S. government over cloud data privacy (16 Dec 2014)
Microsoft's refusal to give the U.S. government customer emails stored in Ireland will likely have implications for enterprise cloud data privacy and security.
Week of 01 Dec 2014 Microsoft focuses on Azure security in cloud race against AWS (04 Dec 2014)
Microsoft is working to improve Azure security, but analysts say Amazon Web Services is still in the lead when it comes to cloud security capabilities.
Week of 17 Nov 2014 IT pros disappointed in Microsoft response to Azure outage (SearchCloudComputing.com | 21 Nov 2014)
Microsoft’s slow response to the recent Azure outage left some users wondering if they should entrust critical business data to the cloud environment.
Week of 27 Oct 2014 Research shows enterprises leaking shadow data to the cloud (31 Oct 2014)
A new study by cloud security startup Elastica shows that enterprise employees are unknowingly leaking sensitive data through cloud apps and services.
Week of 20 Oct 2014 Apple iCloud hit with MitM attacks in China (20 Oct 2014)
There is more potential trouble for Apple iCloud users as a nationwide man-in-the-middle attack struck the iCloud website in China amid the country's launch of the new iPhone 6.
Week of 13 Oct 2014 Dropbox hack denied, but company encourages 2FA use anyway (14 Oct 2014)
Dropbox refuted reports that a hacker had obtained 6.9 million customer usernames and passwords from the cloud storage service, but encouraged customers to use its 2FA security feature regardless.
Week of 06 Oct 2014 Provider reboots call cloud computing hypervisor security into question (09 Oct 2014)
After a Xen hypervisor flaw led several major cloud providers to reboot their host servers, experts say future cloud computing hypervisor security issues will likely cause further service disruptions.
Sophos looks to strengthen its cloud security offerings for mobile security with the acquisition of Mojave Networks, a mobile security startup.
Week of 29 Sep 2014 Cloud security experts call for global data privacy standards (29 Sep 2014)
A recent study from the Cloud Security Alliance shows strong support for global data privacy standards as well as a consumer bill of rights, but there are major obstacles for privacy in the cloud.
Week of 22 Sep 2014 Experts: Expect cloud breaches to endanger data privacy (23 Sep 2014)
Attendees and speakers at the CSA Congress and IAPP Privacy Academy stressed the need for better data classification to reduce the effects of cloud breaches.
Shining a light on shadow cloud apps and services (25 Sep 2014)
Security pros from Hewlett-Packard and SkyHigh Networks offer insight on how to identify shadow cloud apps and services within the enterprise.
Week of 15 Sep 2014 Apple rolls out more robust iCloud two-factor authentication (SearchSecurity.com | 17 Sep 2014)
Following a high-profile leak of celebrity photos, Apple has moved to improve its iCloud two-factor authentication mechanisms.
Pandora balancing cloud app security and shadow IT (19 Sep 2014)
Internet radio company Pandora explains how it found a strategy to embrace shadow IT and still secure cloud app usage within the company.
Week of 08 Sep 2014 Cloud computing threat intelligence platforms: The next big thing? (12 Sep 2014)
Following FireEye's new threat analytics platform for Amazon Web Services, are enterprises ready to embrace the benefits of cloud-based threat analytics?
Week of 01 Sep 2014 Apple two-factor authentication fail leaves iCloud users vulnerable (SearchSecurity.com | 03 Sep 2014)
Apple's decision to not extend its two-factor authentication security mechanism to all iCloud services may leave users more vulnerable to attacks
Following the iCloud hack and resulting leak of celebrity photos, experts say many enterprises 'don't have a clue' that corporate data could also be at risk.
CERN and the Cloud Security Alliance explain how federated identity management protects Helix Nebula, a European cloud platform that's running applications for such research projects as the Large...
Week of 11 Aug 2014 Amazon Workspaces gets MFA security update (13 Aug 2014)
Amazon Web Services has added multifactor authentication to its WorkSpaces cloud desktop service, the first step in a larger effort to bolster AWS security.
IBM ups cloud IAM offering with Lighthouse acquisition (12 Aug 2014)
IBM made its second cloud security acquisition in as many weeks with the purchase of Lighthouse Security Group, which specializes in cloud-based IAM services.
Week of 28 Jul 2014 Study: Cloud app data sharing growth increases risks (31 Jul 2014)
Netskope's Cloud Report shows the average number of cloud apps used in the enterprise is growing -- but the majority of those apps lack proper security and policy controls.
Week of 14 Jul 2014 Cloud malware analysis a must-have for advanced threat protection (14 Jul 2014)
Cloud-based malware analysis is becoming a must-have feature for both established and upstart advanced threat protection vendors.
Exclusive: The co-founder of One More Cloud explains how an old AWS API key was used to take down the company's services, and the hard lessons learned.
Verizon unveils cloud-based WAF (15 Jul 2014)
Verizon bolstered its cloud security presence with a new web application firewall. The cloud-based WAF puts the telecom giant in the growing cloud firewall market with Akamai, Imperva and others.
Week of 07 Jul 2014 Multifactor authentication key to cloud security success (SearchSecurity.com | 08 Jul 2014)
Following the collapse of an AWS-based cloud hosting provider, experts say enterprises should prioritize use of multifactor authentication.
Week of 30 Jun 2014 Netflix Security Monkey plugs AWS cloud security gaps (SearchAWS.com | 02 Jul 2014)
AWS shops say new open source software from Netflix will go a long way to help customers manage their part of the cloud security burden.
Week of 16 Jun 2014 Amazon EC2 control panel hack submarines hosting provider (SearchSecurity.com | 19 Jun 2014)
Update: Following a hack that destroyed much of Code Spaces' AWS EC2 data, cloud app provider One More Cloud reported similar compromises.
Amazon EC2 control panel hack submarines hosting provider (SearchSecurity.com | 19 Jun 2014)
Update: Following a hack that destroyed much of Code Spaces' AWS EC2 data, cloud app provider One More Cloud reported similar compromises.
Week of 09 Jun 2014 AWS cloud security earns federal government approval (SearchAWS.com | 11 Jun 2014)
AWS cloud security gets a lift past skeptics with new federal government approval for some insurance issuers to collect healthcare data using EC2.
HP cloud encryption gives IT pros data security control (SearchCloudComputing.com | 11 Jun 2014)
HP split-key cloud encryption technology could be just what IT shops concerned about cloud security need to feel comfortable to make the move.
Week of 26 May 2014 As FedRAMP deadline nears, slow approvals leave CSPs in the queue (29 May 2014)
The consequences for cloud service providers missing the FedRAMP deadline remain unclear, though experts say those in the queue are in good shape.
Security pros say infosec teams must be proactive on cloud security management to reduce risk related to rapid growth in enterprise cloud computing.
Week of 05 May 2014 Cloud security policy exceptions thwart rogue usage controls (07 May 2014)
A Netskope report shows a flood of cloud security policy exceptions commonly thwart rogue cloud app security controls.
Week of 21 Apr 2014 Report: Gap between on-premises and cloud attacks closing (25 Apr 2014)
A new report shows the volume of cloud attacks is rising, as attack types traditionally associated with on-premises environments migrate with users.
Week of 31 Mar 2014 Cloud attacks sneak past gap between enterprises and providers (01 Apr 2014)
Emerging cloud attacks threaten cloud data security by exploiting the gap between enterprise controls and provider transparency.
Week of 03 Mar 2014 On cloud data security validation, providers offer few promises (04 Mar 2014)
Until a common cloud provider assessment paradigm is agreed upon, experts say enterprises will be left wanting on cloud data security validation.
Week of 24 Feb 2014 For BYOD-SaaS security, consider established IT security controls (25 Feb 2014)
Panelists at the Cloud Security Alliance Summit assert that federated identity and gateways, hardly new technologies, are best for BYOD-SaaS security.
Richard Clarke: NSA revelations show potential for police state (SearchSecurity.com | 24 Feb 2014)
At the 2014 CSA Summit, presidential cybersecurity advisor Richard Clarke said NSA monitoring efforts are negatively affecting U.S. cloud providers.
Week of 27 Jan 2014 Future uncertain for Safe Harbor, enterprise data privacy compliance (SearchSecurity.com | 31 Jan 2014)
An attorney says the rumored suspension of Safe Harbor is unlikely, but either way, data privacy compliance will get harder for U.S. companies.
Week of 16 Dec 2013 CSA Cloud Trust Protocol working group to foster cloud transparency (19 Dec 2013)
The Cloud Security Alliance hopes Cloud Trust Protocol will boost cloud transparency by automating customer requests for cloud provider security data.
Week of 09 Dec 2013 Expert: Security automation can thwart attacks on cloud computing (09 Dec 2013)
Nation-states are turning their attacks toward the cloud. One expert explains why he believes security automation is the only viable defense tactic.
Week of 02 Dec 2013 Cloud incident response planning: Know cloud provider responsibilities (05 Dec 2013)
A practitioner at the 2013 CSA Congress says enterprises must plan for a cloud incident because providers often fail to detail their responsibilities.
As business demands and rogue users introduce cloud computing security risks into many enterprises, infosec pros understand they must be enablers.
At the 2013 CSA Congress, executives from Microsoft and AWS made the case for why cloud provider security is superior to traditional IT security.
Week of 18 Nov 2013 Verizon pursues 'Internet of Things' security with digital certificates (SearchSecurity.com | 19 Nov 2013)
Based on need created by 'Internet of Things' security regulations, Verizon has announced a new-cloud based platform for assigning digital certificates.
Week of 11 Nov 2013 CSA's software-defined perimeter to secure BYOD, 'Internet of Things' (13 Nov 2013)
The Cloud Security Alliance software-defined perimeter initiative is meant to secure BYOD and the collective 'Internet of Things.'
Week of 21 Oct 2013 Survey: IT's cloud, BYOD policies don't deter Gen Y use (SearchSecurity.com | 22 Oct 2013)
A Fortinet survey shows that a majority of young users will violate IT security policies governing BYOD and cloud services to boost productivity.
Week of 14 Oct 2013 Vendor provides cloud app security ratings, downplays app blocking (14 Oct 2013)
Startup vendor Netskope released a report detailing cloud app security ratings, but the company's CEO warned against simply blocking riskier apps.
Week of 23 Sep 2013 Security expert: FedRAMP cloud security standard not yet fully baked (26 Sep 2013)
The CEO of a FedRAMP 3PAO warned of the limitations of the FedRAMP cloud security standard when using it to assess cloud security.
Week of 16 Sep 2013 CipherCloud adds AES 256-bit encryption to Box product, expands abroad (16 Sep 2013)
CipherCloud announced the addition of AES 256-bit encryption capabilities to its Box DLP offering amid growing demand from abroad.
Week of 09 Sep 2013 Echopass achieves PCI Level 1 certification; CISO offers PCI guidance (13 Sep 2013)
On the heels of Echopass achieving PCI Level 1 certification, CISO Dennis Empey offers PCI guidance for other cloud providers navigating the process.
Week of 10 Jun 2013 Gartner: Negotiate cloud contracts with detailed security, control (14 Jun 2013)
When negotiating with cloud providers, enterprises must demand cloud contracts with specific security and control provisions, Gartner analysts say.
Week of 20 May 2013 AWS FedRAMP certification fast-tracks Amazon cloud for U.S. government (23 May 2013)
AWS becomes the biggest cloud provider to earn FedRAMP certification, easing the transition to AWS for U.S. government agencies.
When it comes to cloud backup and disaster recovery, organizations are holding back due to insufficient bandwidth and lengthy recovery times.
Week of 22 Apr 2013 (ISC)2 and the CSA announce certification for cloud security (ComputerWeekly.com | 25 Apr 2013)
Information security professional body (ISC)2 and the Cloud Security Alliance (CSA) have signed an agreement to collaborate on a new professional certification for information security
(ISC)2, CSA partner on new cloud security certification (26 Apr 2013)
The yet-unnamed certification will seek to validate skills of cloud security pros, but it's unclear how it may complement or overlap with existing certs.
In response to growing SMB cloud security issues, the Cloud Security Alliance announced a new working group and membership level focused on SMBs.
Week of 15 Apr 2013 Gartner forecasts rising interest in cloud-based security services (17 Apr 2013)
Gartner forecasts that security services in the cloud will soon account for 10% of the enterprise IT security market, largely driven by compliance.
Week of 25 Mar 2013 Report suggests cloud security concerns are overblown (26 Mar 2013)
A study by Alert Logic downplays cloud security concerns when compared to traditional IT infrastructure, but indicates Web app attacks are a problem.
Week of 25 Feb 2013 CSA updates push toward cloud provider security assurance at 2013 CSA Summit (25 Feb 2013)
The Cloud Security Alliance expanded its cloud security training and cloud provider security assurance efforts Monday at its 2013 CSA Summit.
A panel of cloud security experts fielded questions on cloud provider transparency, the CSA's Notorious Nine report and more at RSA Conference 2013.
DHS cybersecurity boss pushes 'cyber 911', new voluntary standards (SearchSecurity.com | 25 Feb 2013)
At the CSA Summit 2013, Mark Weatherford said the DHS 'cyber 911' service will better support the private sector, and new voluntary standards are in the works.
Panelists at the Cloud Security Alliance Summit say mobile security and cloud security are linked, and that preventing data loss demands securing the app layer.
Week of 14 Jan 2013 Cloud security key to BYOD, (ISC)2 study shows (ComputerWeekly.com | 16 Jan 2013)
(ISC)2 says businesses welcome bring your own device (BYOD) policies for cost savings and user experience, but need the right security skills
Week of 07 Jan 2013 Dell SecureWorks adds vulnerability management services for cloud (SearchSecurity.com | 11 Jan 2013)
Dell SecureWorks is bringing security vulnerability management services to its cloud customers, along with its Global Threat Intelligence Service.
Week of 17 Dec 2012 Enterprise cloud adoption in 2013 prompts data security questions (17 Dec 2012)
Adopting cloud-based services raises concerns and questions about data security, according to the Sophos 2013 Threat Report.
A survey conducted by database security vendor GreenSQL found a high level of distrust in cloud services, despite the perception that transparency is increasing.
Week of 03 Dec 2012 Symantec launches Endpoint Protection 12.1, VDI support (SearchSecurity.com | 04 Dec 2012)
Symantec joins other security firms in supporting VMware vShield Endpoint in a bid to reduce the problem of AV storms.
Week of 26 Nov 2012 AWS IAM tools essential to secure cloud services (29 Nov 2012)
Using AWS IAM tools to limit who has access to create and launch services should be essential to a cloud security strategy, say experts.
At its user conference, Amazon Web Services says customers must understand the implications of its shared security model before moving to the cloud.
IT pros praised the security of Amazon Web Services, saying the show eased their cloud computing security concerns.
Speaking at the company's first user conference, Amazon Web Services CISO Stephen Schmidt said security in the cloud is a shared responsibility.
Amazon CEO Jeff Bezos will headline this week's first-ever AWS re: Invent cloud computing conference, where several sessions will cover security issues.
Online assessment tests the security posture, but more detailed guidance documents and reports are available from government agencies and organizations.
Week of 19 Nov 2012 Cloud security begins with the contract, says expert (21 Nov 2012)
Enterprises must empower their legal teams to ask the right questions and write contracts based on risk management, explains Tom Kellermann of Trend Micro.
Week of 05 Nov 2012 CSA 2012 keynote: Attack data vital to securing cloud-based systems (07 Nov 2012)
Security pros need to share anonymous attack information or face dire consequences, said Dave Cullinane, CEO of Security Starfish and chairman of the Cloud Security Alliance.
Mobile impacting cloud security issues, says panel (07 Nov 2012)
Bring-your-own-device (BYOD) makes securing cloud services complex, say experts. Enterprises should set mobile guidelines consistent with cloud policies.
Sandy put business continuity planning in spotlight (05 Nov 2012)
Some firms struggled while others smoothly executed disaster procedures. Experts said cloud computing aided data center resiliency.
Week of 29 Oct 2012 Cloud adoption prompts secure data management, access control issues (01 Nov 2012)
Managing information, providing strong access controls and setting up appropriate data destruction policies are a challenge, experts say.
Week of 01 Oct 2012 Cloud security issues will only be solved by user demands, CSA chief says (03 Oct 2012)
Enterprises must insist transparency, authentication and other key issues are addressed, said Jim Reavis, executive director of the Cloud Security Alliance.
Credit union finds cloud GRC tool fits the bill (03 Oct 2012)
Cloud-based service for managing risk is designed to meet the needs of small and midsize businesses.
U.S. Mint CISO Chris Carpenter said his cloud provider wasn't ready for either his security questions or to share continuous monitoring and log data.
Week of 17 Sep 2012 Bromium launches Windows PC security product (19 Sep 2012)
Company uses virtualization technology to isolate malware from the rest of the system.
Using the cloud can streamline secure software development, but comes with challenges and risks.
Week of 03 Sep 2012 Cloud Security Alliance forms group to focus on cloud data privacy (05 Sep 2012)
Group will develop standards for communicating cloud data privacy measures.
Week of 27 Aug 2012 Cloud Security Alliance tackles big data security (31 Aug 2012)
CSA will work with Fujitsu Laboratories of America on best practices, standards for securing big data.
Trend Micro says Crisis VMware threat overblown (Security Bytes blog | 29 Aug 2012)
Malware doesn't threaten the typical hypervisor deployment used in the enterprise, company executives say
VMware unveils vCloud Networking and Security (28 Aug 2012)
The vCloud Networking and Security package, featuring vShield Edge and vShield App, is designed to make virtualization security easier to implement.
At VMworld 2012, security suppliers plan to showcase new antimalware protection, policy enforcement products to secure VMware environments.
Week of 20 Aug 2012 CSA partners with BSI on cloud security certification program (21 Aug 2012)
The British Standards Institution will help the CSA develop a certification program for cloud providers.
The AV giant says the Windows version of the Crisis Trojan may be the first malware that can spread to so many different platforms.
Week of 13 Aug 2012 Trend Micro updates Smart Protection Network, adds four capabilities (14 Aug 2012)
Trend Micro adds to its cloud-based security technology, but one expert says the additions haven't put it ahead of the competition.
Week of 06 Aug 2012 Survey: Cloud security concerns not holding back cloud adoption (08 Aug 2012)
Global study shows that some organizations are moving sensitive data to the cloud at the expense of security.
Week of 23 Jul 2012 AWS security now documented in CSA STAR (24 Jul 2012)
Amazon Web Services has filed details on its security controls with Cloud Security Alliance online registry, showing a new level of transparency.
FFIEC statement on cloud risk misses the mark (Security Bytes | 26 Jul 2012)
Bank regulators provide few details on managing cloud risks.
Week of 16 Jul 2012 Cisco acquires VM security startup (17 Jul 2012)
Deal boosts networking giant's cloud security technology.
Federal cloud computing strategy faces challenges, GAO finds (ITKE | 18 Jul 2012)
Audit of federal agencies adoption of cloud computing services finds familiar challenges
Week of 09 Jul 2012 AWS outage doesn't discourage Netflix (Security Bytes blog | 11 Jul 2012)
Netflix says it remains bullish on the cloud despite major Amazon outage.
Maintaining PCI DSS compliance in the cloud is possible, but merchants often have the difficult job of maintaining transparency and getting log data from their cloud payment provider.
Week of 02 Jul 2012 Z Gallerie leverages Amazon VPC with cloud VPN from Vyatta (02 Jul 2012)
Home décor and furniture retailer uses Vyatta’s software-based network operating system to provide secure remote connectivity within its Amazon Virtual Private Cloud environment.
Week of 18 Jun 2012 Gary McGraw on cloud computing pros and cons for security (19 Jun 2012)
Cloud computing can help improve SMB security operations but doesn’t bode well for software security.
Week of 11 Jun 2012 Cloud identity and access management aids biotech company (14 Jun 2012)
Okta service streamlines unmanageable number of accounts and passwords for Genomic Health.
The GSA says cloud providers are lining up for FedRAMP certification, and its continuous cloud monitoring guidelines are a few weeks away.
Week of 04 Jun 2012 CSO chat: The BYOD trend, big data security and cloud (Security Bytes blog | 08 Jun 2012)
The Cornerstones of Trust Conference featured an intriguing CSO discussion of some of the hottest topics security pros are dealing with today.
A sophisticated attack on the website security firm involved Google Apps, AT&T security problems.
Week of 28 May 2012 Cloud study debunks Patriot Act assumptions (Security Bytes blog | 30 May 2012)
Law firm study of 10 countries finds that all allow government to access cloud data
Todd Coen of Dynamic Research Corporation talks about what 3PAOs will do and what happens next with FedRAMP.
Google Apps for Business wins ISO 27001 certification (ComputerWeekly.com | 30 May 2012)
Google Apps for Business has earned ISO 27001 certification, a move welcomed by analysts and the UK cloud computing industry.
Week of 21 May 2012 Officials name FedRAMP cloud security assessors (Security Bytes blog | 23 May 2012)
Third-party assessors will review cloud providers’ security controls for FedRAMP compliance.
Week of 07 May 2012 CSA launches cloud security certification initiative for service providers (10 May 2012)
Plan calls for working with certification bodies, government agencies, as well as an independent CSA certification.
Companies lagging on cloud security training (Security Bytes blog | 09 May 2012)
Symantec survey indicates companies don’t feel prepared to secure public cloud but aren’t leaping to get trained.
Companies offer up collection of technologies to help overcome enterprise concern about cloud security.
PCI virtualization compliance still a challenge (09 May 2012)
No black and white when it comes to PCI compliance in virtualized environments, experts say.
Week of 30 Apr 2012 Virtualization security best practices in wake of ESX code leak (Security Bytes blog | 02 May 2012)
Virtualization security experts offer advice as organizations wait for more details about code leak.
Week of 23 Apr 2012 AWS Marketplace offers one-click cloud security (Security Bytes blog | 25 Apr 2012)
Endpoint protection and vulnerability assessment are among the offerings in Amazon’s new AWS Marketplace cloud shop.
Investigation reveals serious cloud computing data security flaws (ComputerWeekly.com | 24 Apr 2012)
Context Information Security found that data stored by a cloud customer could be accessed by the next customer to spin up a VM on the same disk.
VMware downplays ESX hypervisor source code leak (25 Apr 2012)
Company says source code was leaked online but says may not mean increased risk.
Week of 16 Apr 2012 Cloud security vendors win funding (Security Bytes blog | 18 Apr 2012)
VCs bet their money on cloud security technologies.
Week of 09 Apr 2012 Azure boosts CSA’s STAR (Security Bytes blog | 11 Apr 2012)
Cloud Security Alliance transparency effort expands with addition of Windows Azure.
Week of 02 Apr 2012 ENISA offers governance guide for cloud computing contracts (04 Apr 2012)
European agency provides framework for monitoring cloud provider security after a contract is signed.
Week of 26 Mar 2012 CloudFlare aims to differentiate itself with DDoS protection service (29 Mar 2012)
Startup aims to provide affordable cloud-based website protection and acceleration.
More companies eyeing SIEM in the cloud (29 Mar 2012)
A cloud service can help companies get around some hurdles with SIEM systems.
Verizon sheds some light on cloud breaches (Security Bytes Blog | 28 Mar 2012)
Verizon says cloud breaches are more about giving up control of assets rather than technology vulnerabilities.
Week of 19 Mar 2012 2012 Verizon DBIR: Hacktivists make impact on data breach statistics (SearchSecurity.com | 22 Mar 2012)
The Verizon DBIR says hacktivists conduct opportunistic attacks targeting mainly large businesses using tactics akin to a smash-and-grab burglary, stealing any data they can access.
Microsoft vows to improve cloud service after Azure outage (Security Bytes blog | 23 Mar 2012)
Software giant said it will apply lessons learned after Leap Day outage of its cloud service.
Verizon 2012 DBIR recommends log analysis and password management (SearchSecurity.com | 22 Mar 2012)
The 2012 DBIR highlights prevalent problems with simple, relatively inexpensive recommendations.
Verizon DBIR 2012: Automated large-scale attacks taking down SMBs (SearchSecurity.com | 22 Mar 2012)
The Verizon DBIR says cybercrime groups automate attacks against SMBs with lax controls on remote access services and point-of-sale systems.
Week of 12 Mar 2012 Information security roles and the cloud (Security Bytes blog | 13 Mar 2012)
How will security pros’ jobs change as cloud use grows?
Week of 05 Mar 2012 How CloudFlare’s website service protected LulzSec (Security Bytes blog | 07 Mar 2012)
The LulzSec hacking group signed used CloudFlare to protect its website. CloudFlare CEO Matthew Prince shared how the service defended the site against attacks.
Week of 27 Feb 2012 Leap year glitch triggers Azure outage (Security Bytes Blog | 01 Mar 2012)
A Microsoft Azure outage that affected customers worldwide was apparently triggered by a leap year software glitch. Windows Azure Storage was not impacted.
Organizations need to plan ahead for possible cloud breaches, legal experts advise.
Security pros need to get in front of cloud computing trend, RSA panel says (SearchSecurityAU.com | 29 Feb 2012)
Security teams need to innovate and adapt to cloud, according to CISO panel
Alert Logic analysis finds cloud service provider environments suffer fewer security incidents.
Week of 13 Feb 2012 Cloud computing security issues on tap at RSA Conference 2012 (16 Feb 2012)
Data privacy, cloud security standards among the topics to be discussed.
Week of 23 Jan 2012 Eye On: Cloud Compliance (SearchSecurity.com | 23 Jan 2012)
SearchSecurity.com's "Eye On" series looks at the emerging compliance issues due to the explosion of enterprise adoption of cloud computing services.
Panel debates cloud computing governance issues (27 Jan 2012)
Problems with data governance in the cloud aren’t much different than traditional outsourcing.
Week of 16 Jan 2012 Calls for cloud security transparency getting louder (20 Jan 2012)
Enterprises need cloud security transparency and must understand cloud provider security in order to move forward with engagements.
Merchants are ultimately responsible for locking down credit card data and maintaining PCI compliance, according to experts.
Week of 09 Jan 2012 FedRAMP cloud computing standards initiative spurs optimism, criticism (12 Jan 2012)
Federal cloud security framework aims to speed cloud security assessments and agency cloud adoption.
Week of 19 Dec 2011 Google Gmail doesn't meet LAPD security needs (SearchCloudComputing.com | 21 Dec 2011)
Worried about email security, the Los Angeles city government kills plans to move the LAPD to Gmail.
Week of 05 Dec 2011 Federal officials launch cloud computing security standards initiative (08 Dec 2011)
FedRAMP establishes standard approach for federal agencies to assess cloud providers.
Week of 28 Nov 2011 Security SaaS options emerge to tackle mobile device security risks (02 Dec 2011)
Cloud-based mobile security services fend off malware, protect sensitive data.
Week of 21 Nov 2011 AWS credentials uncovered using Google Code Search (22 Nov 2011)
One mistake by a developer could expose an organization’s AWS infrastructure, security researcher says.
This guide discusses cloud computing risk management; how to prepare for cloud outages, conduct a cloud risk assessment, and evaluate cloud providers.
Week of 14 Nov 2011 CSA Congress roundup: Cloud SLAs, compliance and 7 dirty words (18 Nov 2011)
Topics highlight array of cloud security challenges
Security needs to change in order to defend against targeted attacks, RSA chairman says.
Updated CSA guidance offers practical tips and advice on cloud-based security
Week of 07 Nov 2011 Panel discusses cloud computing security issues (10 Nov 2011)
Companies need to educate developers, leverage asset inventories and vet cloud providers, panelists advise.
Week of 31 Oct 2011 Survey: IT and compliance pros differ on IaaS security (01 Nov 2011)
Compliance practitioners are more confident in cloud security than IT pros, study finds.
Week of 24 Oct 2011 Researchers uncover AWS security vulnerabilities (27 Oct 2011)
Amazon says vulnerabilities were fixed and no customers were affected.
Security SaaS helps financial portal stop server attacks (26 Oct 2011)
Startup Dome9 provides cloud-based firewall management service for public and private cloud servers.
Week of 03 Oct 2011 Amazon rolls out server-side S3 encryption service (05 Oct 2011)
New service offers alternative to client-side encryption for Amazon’s storage service.
Cloud risk management: CSA on its Cloud Controls Matrix (03 Oct 2011)
Co-chair of CSA project talks about the CCM and how organizations can leverage it.
Week of 19 Sep 2011 Cloud IAM catching on in the enterprise (20 Sep 2011)
Market for cloud-based identity and access management is growing, analysts say.
Company’s cloud security architect talks about advantages over data center model.