Week of 22 Apr 2013 (ISC)2 and the CSA announce certification for cloud security (ComputerWeekly.com | 25 Apr 2013)
Information security professional body (ISC)2 and the Cloud Security Alliance (CSA) have signed an agreement to collaborate on a new professional certification for information security
(ISC)2, CSA partner on new cloud security certification (26 Apr 2013)
The yet-unnamed certification will seek to validate skills of cloud security pros, but it's unclear how it may complement or overlap with existing certs.
In response to growing SMB cloud security issues, the Cloud Security Alliance announced a new working group and membership level focused on SMBs.
Week of 15 Apr 2013 Gartner forecasts rising interest in cloud-based security services (17 Apr 2013)
Gartner forecasts that security services in the cloud will soon account for 10% of the enterprise IT security market, largely driven by compliance.
Week of 25 Mar 2013 Report suggests cloud security concerns are overblown (26 Mar 2013)
A study by Alert Logic downplays cloud security concerns when compared to traditional IT infrastructure, but indicates Web app attacks are a problem.
Week of 25 Feb 2013 CSA updates push toward cloud provider security assurance at 2013 CSA Summit (25 Feb 2013)
The Cloud Security Alliance expanded its cloud security training and cloud provider security assurance efforts Monday at its 2013 CSA Summit.
A panel of cloud security experts fielded questions on cloud provider transparency, the CSA's Notorious Nine report and more at RSA Conference 2013.
DHS cybersecurity boss pushes 'cyber 911', new voluntary standards (SearchSecurity.com | 25 Feb 2013)
At the CSA Summit 2013, Mark Weatherford said the DHS 'cyber 911' service will better support the private sector, and new voluntary standards are in the works.
Panelists at the Cloud Security Alliance Summit say mobile security and cloud security are linked, and that preventing data loss demands securing the app layer.
Week of 14 Jan 2013 Cloud security key to BYOD, (ISC)2 study shows (ComputerWeekly.com | 16 Jan 2013)
(ISC)2 says businesses welcome bring your own device (BYOD) policies for cost savings and user experience, but need the right security skills
Week of 07 Jan 2013 Dell SecureWorks adds vulnerability management services for cloud (SearchSecurity.com | 11 Jan 2013)
Dell SecureWorks is bringing security vulnerability management services to its cloud customers, along with its Global Threat Intelligence Service.
Week of 17 Dec 2012 Enterprise cloud adoption in 2013 prompts data security questions (17 Dec 2012)
Adopting cloud-based services raises concerns and questions about data security, according to the Sophos 2013 Threat Report.
A survey conducted by database security vendor GreenSQL found a high level of distrust in cloud services, despite the perception that transparency is increasing.
Week of 03 Dec 2012 Symantec launches Endpoint Protection 12.1, VDI support (SearchSecurity.com | 04 Dec 2012)
Symantec joins other security firms in supporting VMware vShield Endpoint in a bid to reduce the problem of AV storms.
Week of 26 Nov 2012 AWS IAM tools essential to secure cloud services (29 Nov 2012)
Using AWS IAM tools to limit who has access to create and launch services should be essential to a cloud security strategy, say experts.
At its user conference, Amazon Web Services says customers must understand the implications of its shared security model before moving to the cloud.
IT pros praised the security of Amazon Web Services, saying the show eased their cloud computing security concerns.
Speaking at the company's first user conference, Amazon Web Services CISO Stephen Schmidt said security in the cloud is a shared responsibility.
Amazon CEO Jeff Bezos will headline this week's first-ever AWS re: Invent cloud computing conference, where several sessions will cover security issues.
Online assessment tests the security posture, but more detailed guidance documents and reports are available from government agencies and organizations.
Week of 19 Nov 2012 Cloud security begins with the contract, says expert (21 Nov 2012)
Enterprises must empower their legal teams to ask the right questions and write contracts based on risk management, explains Tom Kellermann of Trend Micro.
Week of 05 Nov 2012 CSA 2012 keynote: Attack data vital to securing cloud-based systems (07 Nov 2012)
Security pros need to share anonymous attack information or face dire consequences, said Dave Cullinane, CEO of Security Starfish and chairman of the Cloud Security Alliance.
Mobile impacting cloud security issues, says panel (07 Nov 2012)
Bring-your-own-device (BYOD) makes securing cloud services complex, say experts. Enterprises should set mobile guidelines consistent with cloud policies.
Sandy put business continuity planning in spotlight (05 Nov 2012)
Some firms struggled while others smoothly executed disaster procedures. Experts said cloud computing aided data center resiliency.
Week of 29 Oct 2012 Cloud adoption prompts secure data management, access control issues (01 Nov 2012)
Managing information, providing strong access controls and setting up appropriate data destruction policies are a challenge, experts say.
Week of 01 Oct 2012 Cloud security issues will only be solved by user demands, CSA chief says (03 Oct 2012)
Enterprises must insist transparency, authentication and other key issues are addressed, said Jim Reavis, executive director of the Cloud Security Alliance.
Credit union finds cloud GRC tool fits the bill (03 Oct 2012)
Cloud-based service for managing risk is designed to meet the needs of small and midsize businesses.
U.S. Mint CISO Chris Carpenter said his cloud provider wasn't ready for either his security questions or to share continuous monitoring and log data.
Week of 17 Sep 2012 Bromium launches Windows PC security product (19 Sep 2012)
Company uses virtualization technology to isolate malware from the rest of the system.
Using the cloud can streamline secure software development, but comes with challenges and risks.
Week of 03 Sep 2012 Cloud Security Alliance forms group to focus on cloud data privacy (05 Sep 2012)
Group will develop standards for communicating cloud data privacy measures.
Week of 27 Aug 2012 Cloud Security Alliance tackles big data security (31 Aug 2012)
CSA will work with Fujitsu Laboratories of America on best practices, standards for securing big data.
Trend Micro says Crisis VMware threat overblown (Security Bytes blog | 29 Aug 2012)
Malware doesn't threaten the typical hypervisor deployment used in the enterprise, company executives say
VMware unveils vCloud Networking and Security (28 Aug 2012)
The vCloud Networking and Security package, featuring vShield Edge and vShield App, is designed to make virtualization security easier to implement.
At VMworld 2012, security suppliers plan to showcase new antimalware protection, policy enforcement products to secure VMware environments.
Week of 20 Aug 2012 CSA partners with BSI on cloud security certification program (21 Aug 2012)
The British Standards Institution will help the CSA develop a certification program for cloud providers.
The AV giant says the Windows version of the Crisis Trojan may be the first malware that can spread to so many different platforms.
Week of 13 Aug 2012 Trend Micro updates Smart Protection Network, adds four capabilities (14 Aug 2012)
Trend Micro adds to its cloud-based security technology, but one expert says the additions haven't put it ahead of the competition.
Week of 06 Aug 2012 Survey: Cloud security concerns not holding back cloud adoption (08 Aug 2012)
Global study shows that some organizations are moving sensitive data to the cloud at the expense of security.
Week of 23 Jul 2012 AWS security now documented in CSA STAR (24 Jul 2012)
Amazon Web Services has filed details on its security controls with Cloud Security Alliance online registry, showing a new level of transparency.
FFIEC statement on cloud risk misses the mark (Security Bytes | 26 Jul 2012)
Bank regulators provide few details on managing cloud risks.
Week of 16 Jul 2012 Cisco acquires VM security startup (17 Jul 2012)
Deal boosts networking giant's cloud security technology.
Federal cloud computing strategy faces challenges, GAO finds (ITKE | 18 Jul 2012)
Audit of federal agencies adoption of cloud computing services finds familiar challenges
Week of 09 Jul 2012 AWS outage doesn't discourage Netflix (Security Bytes blog | 11 Jul 2012)
Netflix says it remains bullish on the cloud despite major Amazon outage.
Maintaining PCI DSS compliance in the cloud is possible, but merchants often have the difficult job of maintaining transparency and getting log data from their cloud payment provider.
Week of 02 Jul 2012 Z Gallerie leverages Amazon VPC with cloud VPN from Vyatta (02 Jul 2012)
Home décor and furniture retailer uses Vyatta’s software-based network operating system to provide secure remote connectivity within its Amazon Virtual Private Cloud environment.
Week of 18 Jun 2012 Gary McGraw on cloud computing pros and cons for security (19 Jun 2012)
Cloud computing can help improve SMB security operations but doesn’t bode well for software security.
Week of 11 Jun 2012 Cloud identity and access management aids biotech company (14 Jun 2012)
Okta service streamlines unmanageable number of accounts and passwords for Genomic Health.
The GSA says cloud providers are lining up for FedRAMP certification, and its continuous cloud monitoring guidelines are a few weeks away.
Week of 04 Jun 2012 CSO chat: The BYOD trend, big data security and cloud (Security Bytes blog | 08 Jun 2012)
The Cornerstones of Trust Conference featured an intriguing CSO discussion of some of the hottest topics security pros are dealing with today.
A sophisticated attack on the website security firm involved Google Apps, AT&T security problems.
Week of 28 May 2012 Cloud study debunks Patriot Act assumptions (Security Bytes blog | 30 May 2012)
Law firm study of 10 countries finds that all allow government to access cloud data
Todd Coen of Dynamic Research Corporation talks about what 3PAOs will do and what happens next with FedRAMP.
Google Apps for Business wins ISO 27001 certification (ComputerWeekly.com | 30 May 2012)
Google Apps for Business has earned ISO 27001 certification, a move welcomed by analysts and the UK cloud computing industry.
Week of 21 May 2012 Officials name FedRAMP cloud security assessors (Security Bytes blog | 23 May 2012)
Third-party assessors will review cloud providers’ security controls for FedRAMP compliance.
Week of 07 May 2012 CSA launches cloud security certification initiative for service providers (10 May 2012)
Plan calls for working with certification bodies, government agencies, as well as an independent CSA certification.
Companies lagging on cloud security training (Security Bytes blog | 09 May 2012)
Symantec survey indicates companies don’t feel prepared to secure public cloud but aren’t leaping to get trained.
Companies offer up collection of technologies to help overcome enterprise concern about cloud security.
PCI virtualization compliance still a challenge (09 May 2012)
No black and white when it comes to PCI compliance in virtualized environments, experts say.
Week of 30 Apr 2012 Virtualization security best practices in wake of ESX code leak (Security Bytes blog | 02 May 2012)
Virtualization security experts offer advice as organizations wait for more details about code leak.
Week of 23 Apr 2012 AWS Marketplace offers one-click cloud security (Security Bytes blog | 25 Apr 2012)
Endpoint protection and vulnerability assessment are among the offerings in Amazon’s new AWS Marketplace cloud shop.
Investigation reveals serious cloud computing data security flaws (ComputerWeekly.com | 24 Apr 2012)
Context Information Security found that data stored by a cloud customer could be accessed by the next customer to spin up a VM on the same disk.
VMware downplays ESX hypervisor source code leak (25 Apr 2012)
Company says source code was leaked online but says may not mean increased risk.
Week of 16 Apr 2012 Cloud security vendors win funding (Security Bytes blog | 18 Apr 2012)
VCs bet their money on cloud security technologies.
Week of 09 Apr 2012 Azure boosts CSA’s STAR (Security Bytes blog | 11 Apr 2012)
Cloud Security Alliance transparency effort expands with addition of Windows Azure.
Week of 02 Apr 2012 ENISA offers governance guide for cloud computing contracts (04 Apr 2012)
European agency provides framework for monitoring cloud provider security after a contract is signed.
Week of 26 Mar 2012 CloudFlare aims to differentiate itself with DDoS protection service (29 Mar 2012)
Startup aims to provide affordable cloud-based website protection and acceleration.
More companies eyeing SIEM in the cloud (29 Mar 2012)
A cloud service can help companies get around some hurdles with SIEM systems.
Verizon sheds some light on cloud breaches (Security Bytes Blog | 28 Mar 2012)
Verizon says cloud breaches are more about giving up control of assets rather than technology vulnerabilities.
Week of 19 Mar 2012 2012 Verizon DBIR: Hacktivists make impact on data breach statistics (SearchSecurity.com | 22 Mar 2012)
The Verizon DBIR says hacktivists conduct opportunistic attacks targeting mainly large businesses using tactics akin to a smash-and-grab burglary, stealing any data they can access.
Microsoft vows to improve cloud service after Azure outage (Security Bytes blog | 23 Mar 2012)
Software giant said it will apply lessons learned after Leap Day outage of its cloud service.
Verizon 2012 DBIR recommends log analysis and password management (SearchSecurity.com | 22 Mar 2012)
The 2012 DBIR highlights prevalent problems with simple, relatively inexpensive recommendations.
Verizon DBIR 2012: Automated large-scale attacks taking down SMBs (SearchSecurity.com | 22 Mar 2012)
The Verizon DBIR says cybercrime groups automate attacks against SMBs with lax controls on remote access services and point-of-sale systems.
Week of 12 Mar 2012 Information security roles and the cloud (Security Bytes blog | 13 Mar 2012)
How will security pros’ jobs change as cloud use grows?
Week of 05 Mar 2012 How CloudFlare’s website service protected LulzSec (Security Bytes blog | 07 Mar 2012)
The LulzSec hacking group signed used CloudFlare to protect its website. CloudFlare CEO Matthew Prince shared how the service defended the site against attacks.
Week of 27 Feb 2012 Leap year glitch triggers Azure outage (Security Bytes Blog | 01 Mar 2012)
A Microsoft Azure outage that affected customers worldwide was apparently triggered by a leap year software glitch. Windows Azure Storage was not impacted.
Organizations need to plan ahead for possible cloud breaches, legal experts advise.
Security pros need to get in front of cloud computing trend, RSA panel says (SearchSecurityAU.com | 29 Feb 2012)
Security teams need to innovate and adapt to cloud, according to CISO panel
Alert Logic analysis finds cloud service provider environments suffer fewer security incidents.
Week of 13 Feb 2012 Cloud computing security issues on tap at RSA Conference 2012 (16 Feb 2012)
Data privacy, cloud security standards among the topics to be discussed.
Week of 23 Jan 2012 Eye On: Cloud Compliance (SearchSecurity.com | 23 Jan 2012)
SearchSecurity.com's "Eye On" series looks at the emerging compliance issues due to the explosion of enterprise adoption of cloud computing services.
Panel debates cloud computing governance issues (27 Jan 2012)
Problems with data governance in the cloud aren’t much different than traditional outsourcing.
Week of 16 Jan 2012 Calls for cloud security transparency getting louder (20 Jan 2012)
Enterprises need cloud security transparency and must understand cloud provider security in order to move forward with engagements.
Merchants are ultimately responsible for locking down credit card data and maintaining PCI compliance, according to experts.
Week of 09 Jan 2012 FedRAMP cloud computing standards initiative spurs optimism, criticism (12 Jan 2012)
Federal cloud security framework aims to speed cloud security assessments and agency cloud adoption.
Week of 19 Dec 2011 Google Gmail doesn't meet LAPD security needs (SearchCloudComputing.com | 21 Dec 2011)
Worried about email security, the Los Angeles city government kills plans to move the LAPD to Gmail.
Week of 05 Dec 2011 Federal officials launch cloud computing security standards initiative (08 Dec 2011)
FedRAMP establishes standard approach for federal agencies to assess cloud providers.
Week of 28 Nov 2011 Security SaaS options emerge to tackle mobile device security risks (02 Dec 2011)
Cloud-based mobile security services fend off malware, protect sensitive data.
Week of 21 Nov 2011 AWS credentials uncovered using Google Code Search (22 Nov 2011)
One mistake by a developer could expose an organization’s AWS infrastructure, security researcher says.
This guide discusses cloud computing risk management; how to prepare for cloud outages, conduct a cloud risk assessment, and evaluate cloud providers.
Week of 14 Nov 2011 CSA Congress roundup: Cloud SLAs, compliance and 7 dirty words (18 Nov 2011)
Topics highlight array of cloud security challenges
Security needs to change in order to defend against targeted attacks, RSA chairman says.
Updated CSA guidance offers practical tips and advice on cloud-based security
Week of 07 Nov 2011 Panel discusses cloud computing security issues (10 Nov 2011)
Companies need to educate developers, leverage asset inventories and vet cloud providers, panelists advise.
Week of 31 Oct 2011 Survey: IT and compliance pros differ on IaaS security (01 Nov 2011)
Compliance practitioners are more confident in cloud security than IT pros, study finds.
Week of 24 Oct 2011 Researchers uncover AWS security vulnerabilities (27 Oct 2011)
Amazon says vulnerabilities were fixed and no customers were affected.
Security SaaS helps financial portal stop server attacks (26 Oct 2011)
Startup Dome9 provides cloud-based firewall management service for public and private cloud servers.
Week of 03 Oct 2011 Amazon rolls out server-side S3 encryption service (05 Oct 2011)
New service offers alternative to client-side encryption for Amazon’s storage service.
Cloud risk management: CSA on its Cloud Controls Matrix (03 Oct 2011)
Co-chair of CSA project talks about the CCM and how organizations can leverage it.
Week of 19 Sep 2011 Cloud IAM catching on in the enterprise (20 Sep 2011)
Market for cloud-based identity and access management is growing, analysts say.
Company’s cloud security architect talks about advantages over data center model.
Week of 29 Aug 2011 Analysis: Verizon CloudSwitch acquisition fosters cloud application security (31 Aug 2011)
Amy Larsen DeCarlo of Current Analysis says the Verizon CloudSwitch acquisition will bolster cloud application security following cloud migrations.
Antivirus for VMware options expand (30 Aug 2011)
New antivirus capabilities for virtual servers showcased at VMworld and Trend Micro updates Deep Security.
VMware boosts VM security with PacketMotion purchase (29 Aug 2011)
Technology that tracks user activity will be integrated into vShield product line.
Week of 22 Aug 2011 Verizon targets hybrid cloud security with CloudSwitch acquisition (25 Aug 2011)
The deal gives Verizon software to help companies maintain hybrid cloud security as they move applications to the cloud. Terms were not disclosed.
Week of 15 Aug 2011 Amazon launches U.S. government cloud (17 Aug 2011)
AWS GovCloud supports ITAR compliance requirements.
Week of 01 Aug 2011 Amazon launches new cloud identity management functionality (04 Aug 2011)
AWS customers can now use their existing identity management systems.
Free online registry will provide documentation of cloud provider security controls.
Cybercriminals using Amazon S3 to spread SpyEye toolkit (02 Aug 2011)
Security researchers detected large volume of the bank Trojan on Amazon’s cloud storage service.
Week of 25 Jul 2011 Challenges in protecting data in the cloud (29 Jul 2011)
Gartner analysts outline new attack vectors and security complications.
Cloud availability and resiliency: Planning for failure (29 Jul 2011)
Gartner advises companies to take responsibility for cloud service resiliency.
ISACA releases cloud computing governance guide (25 Jul 2011)
Guide explains how organizations can leverage COBIT to manage their cloud computing environments.
NASA’s Jet Propulsion Lab touts hybrid cloud security (28 Jul 2011)
The CTO of NASA’s famous JPL told a Gartner Catalyst 2011 crowd how his group conducts sensitive scientific work using a hybrid cloud security model.
Week of 11 Jul 2011 CSA licenses cloud transparency tool from CSC (14 Jul 2011)
Free tool gives organizations a standard way to obtain security and compliance information from a cloud provider.
New sensitive data discovery features in the virtualization giant’s updated platform will allow enterprises to discover and classify data inside VMs.
Opinion: CSA Executive Director Jim Reavis assesses the challenges associated with certifying the security capabilities of cloud providers.
Week of 27 Jun 2011 AWS cloud computing compliance paper details customer responsibilities (28 Jun 2011)
Cloud giant makes it clear the onus is on customers when it comes to HIPAA, GLBA and other regulations.
Gartner analysts say infosec teams can avoid tomorrow’s cloud computing security problems by anticipating future usage and becoming facilitators.
The Gartner VP discusses lacking cloud computing security standards, as well as advice for enterprises seeking to get a handle on cloud computing security.
Week of 20 Jun 2011 AWS customers open door to cloud computing security threats (23 Jun 2011)
Study shows that many AWS users are disregarding security and creating cloud vulnerabilities.
Cloud computing contracts and security’s role (21 Jun 2011)
Security teams need to be involved in the contract process to ensure data security provisions are included.
Week of 13 Jun 2011 PCI virtualization report cites challenges with PCI compliance in the cloud (15 Jun 2011)
Compliance with the PCI security standard tricky in public cloud environments, report says.
PCI virtualization: New guidelines, harder compliance (SearchSecurity.co.UK | 14 Jun 2011)
New guidelines on virtualization issued by the PCI SSC show PCI compliance is possible within a virtualized environment, but may not be feasible.
Week of 06 Jun 2011 Core Security launches penetration testing service for AWS security (10 Jun 2011)
AWS customers can use the on-demand service to test the security of their cloud deployments.
Week of 30 May 2011 Shabby cloud computing SLAs and other cloud security mistakes (02 Jun 2011)
Security consultant offers up list of missteps companies should avoid in cloud security.
Week of 23 May 2011 Survey: Cloud customers not taking steps to secure cloud computing (27 May 2011)
CDW study finds that cloud users aren’t implementing security capabilities or verifying cloud provider security.
Security companies look to overcome performance bottlenecks with retooled technology for virtual security.
Week of 16 May 2011 CSA: Cloud outages highlight need for better risk management (16 May 2011)
CSA Executive Director Jim Reavis reflects on the recent cloud provider outages.
Week of 09 May 2011 McAfee streamlines product set with Intel for cloud security services (09 May 2011)
McAfee’s security software changes bridge its Web, mobile and email security with Intel’s cloud access control products.
Week of 02 May 2011 Group to develop cloud computing audit specifications (06 May 2011)
Goal is to create standards that provide transparency into cloud infrastructures.
Businesses must hold cloud providers to the same security standards they hold themselves to, Symantec executives said at the company’s annual Vision user conference.
Week of 25 Apr 2011 Cloud provider security study reveals security gaps (28 Apr 2011)
Ponemon survey of cloud service providers shows little focus or spending on security
Week of 18 Apr 2011 Cloud Security Alliance teams with ISO on cloud security standards (20 Apr 2011)
CSA will collaborate on development of international standards for security and privacy of cloud computing services.
Cloud application security issues and considerations (20 Apr 2011)
Companies moving legacy applications to a cloud environment need to account for a different threat model, loss of control.
L.A. proving tarpit for Google, CSC (IT Knowledge Exchange | 21 Apr 2011)
Google's cloud deal with L.A. runs into problems over security.
Week of 04 Apr 2011 IBM cloud services target enterprise with security options (07 Apr 2011)
Company seeks to overcome enterprise cloud concerns with security capabilities like node isolation.
HCR ManorCare replaces in-house URL filtering with Zscaler’s cloud-based security service.
Week of 21 Mar 2011 Terremark on cloud computing risks, legal subpoenas (22 Mar 2011)
Mario Santana, vice president of secure information services, talks about security risks unique to the cloud, how Terremark addresses them, and how it responds to subpoenas.
Week of 07 Mar 2011 Cloud brokers emerge to sort out the chaos of cloud services (SearchCIO.com | 09 Mar 2011)
Faced with a chaotic mix of cloud services, IT execs now must sort through a crowd of cloud brokers that claim to minimize risks and improve interoperability.
Week of 14 Feb 2011 Cloud computing compliance: Visibility key (17 Feb 2011)
Transparency is essential for security and compliance when working with cloud services providers, RSA panelists say.
Cloud computing contracts: Tread carefully (16 Feb 2011)
RSA panel offers advice on legal considerations for organizations entering cloud service provider contracts.
Security professionals wary of cloud services for regulated data.
Week of 07 Feb 2011 Cloud computing security summit draws growing crowd (08 Feb 2011)
Cloud Security Alliance event expands to accommodate growing interest.
Security vendors at RSA Conference 2011 need to be more specific about the security technologies they are aiming at the “cloud,” industry analysts say.
Wound therapy provider moves IT infrastructure to cloud provider.
Encryption, server security and identity and access management for cloud services among the new offerings.
Week of 31 Jan 2011 Cloud compliance, cloud encryption top enterprise security concerns (04 Feb 2011)
Companies are worried about compliance and data protection in the cloud, according to a reader survey.
IT executives weighing cloud risks against the benefits (SearchCIO.com | 04 Feb 2011)
Myriad public cloud risks continue to give enterprise CIOs pause, despite all the advice given them last year to embrace the public cloud or risk losing control as divisions provision their own IT...