News

News

• March 27, 2015 27 Mar'15

  FISMA report highlights federal cloud security deficiencies

  A new report on government cybersecurity efforts delivered some troubling findings for the federal government's cloud operations.

• March 20, 2015 20 Mar'15

  Account credentials emerge as a weak spot for cloud app security

  Experts say attacks on cloud application credentials are increasing, and vulnerability scans and penetration tests can't tell if an account has been compromised.

• March 10, 2015 10 Mar'15

  Amazon dodges another AWS reboot, but how?

  In a surprise move, Amazon Web services was able to patch a Xen hypervisor security flaw without a mass reboot of its EC2 infrastructure. So how did AWS pull it off?

• March 06, 2015 06 Mar'15

  CSA introduces security frameworks for government cloud security

  The Cloud Security Alliance's new frameworks for the European Union offer baseline security measures for government agencies worldwide deploying secure cloud services.

• February 26, 2015 26 Feb'15

  Google scanner bolsters secure cloud application development

  Google's new cloud security scanner aims to make application vulnerability scanning easier for Google App Engine developers.

• February 26, 2015 26 Feb'15

  Cloud security still needs a lot more work, say European experts

  Security and privacy remain a stumbling block for cloud computing, according to information experts at the Trust in the Digital World conference

• February 18, 2015 18 Feb'15

  Symantec quietly drops cloud security certification due to lack of adoption

  After nearly three years, the Symantec Certified Professional-Cloud Security certification has been discontinued due to a lack of adoption, causing observers to question Symantec's cloud security strategy.

• February 10, 2015 10 Feb'15

  Box introduces BYOK encryption key management service

  Box will give enterprise cloud data storage customers the ability to control and store their own encryption keys through its new Enterprise Key Management service.

• February 06, 2015 06 Feb'15

  Study: Federal data center modernization failing on cloud security

  MeriTalk and Palo Alto Networks say the U.S. government's thinks its data center modernization effort is going well, but research shows basic cloud security protections are nowhere to be found.

• February 04, 2015 04 Feb'15

  Enterprise shadow cloud usage eclipses authorized cloud services

  New research by CipherCloud shows that majority of enterprises don't know extent of unsanctioned cloud usage by their employees.

• January 30, 2015 30 Jan'15

  Apple eyes cloud storage for Touch ID biometric data

  According to a new patent application, Apple is looking to expand its Touch ID biometric verification system through the cloud. But will the biometric data be secure?

• January 30, 2015 30 Jan'15

  Hybrid DDoS prevention emerges to counter variety of DDoS attacks

  As DDoS attacks get bigger, more frequent, and more varied, new hybrid and cloud-based DDoS prevention methods are emerging, but some fear too much automation in DDoS defense may result in a loss of control.

• January 26, 2015 26 Jan'15

  Rackspace security push eyes managed cloud, compliance services

  Rackspace hopes its new emphasis on security-centric managed cloud services will be enough to overcome past security and availability problems, as well as differentiate itself from public cloud rivals AWS and Microsoft.

• January 16, 2015 16 Jan'15

  Ribose first to achieve CSA STAR Attestation status

  Cloud collaboration firm Ribose became the first company to achieve the Cloud Security Alliance's STAR Attestation process.

• January 09, 2015 09 Jan'15

  'Shadow cloud' services a growing threat to enterprises

  Cloud Security Alliance findings show many enterprises struggle to identify and control shadow cloud apps and services; half of those surveyed told the CSA they have no program in place manage cloud apps and services.

• January 05, 2015 05 Jan'15

  Apple patches iCloud password vulnerability following hacking tool release

  A hacking tool released on New Year's Day highlighted a security hole in Apple's public cloud service that left user accounts vulnerable.

• August 07, 2014 07 Aug'14

  Black Hat 2014: Researcher reveals Amazon cloud security weaknesses

  At Black Hat 2014, a researcher showed how AWS cloud security flaws and misconfigurations can have devastating consequences for AWS customers that don't take security seriously.

• July 18, 2014 18 Jul'14

  CSA releases new Cloud Controls Matrix and CAIQ standards

  The Cloud Security Alliance has updated its Cloud Controls Matrix (CCM) and Consensus Assessments Questionnaire (CAIQ) to help enterprises standardize cloud provider security assessments.

• July 15, 2014 15 Jul'14

  Verizon unveils cloud-based WAF

  Verizon bolstered its cloud security presence with a new web application firewall. The cloud-based WAF puts the telecom giant in the growing cloud firewall market with Akamai, Imperva and others.

• December 10, 2013 10 Dec'13

  Q&A: Jim Reavis recaps news from Cloud Security Alliance Congress 2013

  Video: CSA CEO Jim Reavis recaps the 2013 Cloud Security Alliance Congress, including its SAFECode partnership and Software Defined Perimeter effort.

• November 05, 2012 05 Nov'12

  Sandy put business continuity planning in spotlight

  Some firms struggled while others smoothly executed disaster procedures. Experts said cloud computing aided data center resiliency.

• November 01, 2012 01 Nov'12

  Cloud adoption prompts secure data management, access control issues

  Managing information, providing strong access controls and setting up appropriate data destruction policies are a challenge, experts say.

• September 19, 2012 19 Sep'12

  The pros and cons of cloud-based static code analysis tools

  Using the cloud can streamline secure software development, but comes with challenges and risks.

• August 31, 2012 31 Aug'12

  Cloud Security Alliance tackles big data security

  CSA will work with Fujitsu Laboratories of America on best practices, standards for securing big data.

• July 24, 2012 24 Jul'12

  AWS security now documented in CSA STAR

  Amazon Web Services has filed details on its security controls with Cloud Security Alliance online registry, showing a new level of transparency.

• May 30, 2012 30 May'12

  Cloud study debunks Patriot Act assumptions

  Law firm study of 10 countries finds that all allow government to access cloud data

• March 23, 2012 23 Mar'12

  Microsoft vows to improve cloud service after Azure outage

  Software giant said it will apply lessons learned after Leap Day outage of its cloud service.

• March 13, 2012 13 Mar'12

  Information security roles and the cloud

  How will security pros’ jobs change as cloud use grows?

• October 03, 2011 03 Oct'11

  Cloud risk management: CSA on its Cloud Controls Matrix

  Co-chair of CSA project talks about the CCM and how organizations can leverage it.

• July 29, 2011 29 Jul'11

  Cloud availability and resiliency: Planning for failure

  Gartner advises companies to take responsibility for cloud service resiliency.

• July 25, 2011 25 Jul'11

  ISACA releases cloud computing governance guide

  Guide explains how organizations can leverage COBIT to manage their cloud computing environments.

• April 20, 2011 20 Apr'11

  Cloud application security issues and considerations

  Companies moving legacy applications to a cloud environment need to account for a different threat model, loss of control.

• March 22, 2011 22 Mar'11

  Terremark on cloud computing risks, legal subpoenas

  Mario Santana, vice president of secure information services, talks about security risks unique to the cloud, how Terremark addresses them, and how it responds to subpoenas.

• February 04, 2011 04 Feb'11

  Cloud compliance, cloud encryption top enterprise security concerns

  Companies are worried about compliance and data protection in the cloud, according to a reader survey.