News
News
- March 27, 2015
27 Mar'15
FISMA report highlights federal cloud security deficiencies
A new report on government cybersecurity efforts delivered some troubling findings for the federal government's cloud operations.
- March 20, 2015
20 Mar'15
Account credentials emerge as a weak spot for cloud app security
Experts say attacks on cloud application credentials are increasing, and vulnerability scans and penetration tests can't tell if an account has been compromised.
- March 10, 2015
10 Mar'15
Amazon dodges another AWS reboot, but how?
In a surprise move, Amazon Web services was able to patch a Xen hypervisor security flaw without a mass reboot of its EC2 infrastructure. So how did AWS pull it off?
-
- March 06, 2015
06 Mar'15
CSA introduces security frameworks for government cloud security
The Cloud Security Alliance's new frameworks for the European Union offer baseline security measures for government agencies worldwide deploying secure cloud services.
- February 26, 2015
26 Feb'15
Google scanner bolsters secure cloud application development
Google's new cloud security scanner aims to make application vulnerability scanning easier for Google App Engine developers.
- February 26, 2015
26 Feb'15
Cloud security still needs a lot more work, say European experts
Security and privacy remain a stumbling block for cloud computing, according to information experts at the Trust in the Digital World conference
- February 18, 2015
18 Feb'15
Symantec quietly drops cloud security certification due to lack of adoption
After nearly three years, the Symantec Certified Professional-Cloud Security certification has been discontinued due to a lack of adoption, causing observers to question Symantec's cloud security strategy.
- February 10, 2015
10 Feb'15
Box introduces BYOK encryption key management service
Box will give enterprise cloud data storage customers the ability to control and store their own encryption keys through its new Enterprise Key Management service.
- February 06, 2015
06 Feb'15
Study: Federal data center modernization failing on cloud security
MeriTalk and Palo Alto Networks say the U.S. government's thinks its data center modernization effort is going well, but research shows basic cloud security protections are nowhere to be found.
- February 04, 2015
04 Feb'15
Enterprise shadow cloud usage eclipses authorized cloud services
New research by CipherCloud shows that majority of enterprises don't know extent of unsanctioned cloud usage by their employees.
-
- January 30, 2015
30 Jan'15
Apple eyes cloud storage for Touch ID biometric data
According to a new patent application, Apple is looking to expand its Touch ID biometric verification system through the cloud. But will the biometric data be secure?
- January 30, 2015
30 Jan'15
Hybrid DDoS prevention emerges to counter variety of DDoS attacks
As DDoS attacks get bigger, more frequent, and more varied, new hybrid and cloud-based DDoS prevention methods are emerging, but some fear too much automation in DDoS defense may result in a loss of control.
- January 26, 2015
26 Jan'15
Rackspace security push eyes managed cloud, compliance services
Rackspace hopes its new emphasis on security-centric managed cloud services will be enough to overcome past security and availability problems, as well as differentiate itself from public cloud rivals AWS and Microsoft.
- January 16, 2015
16 Jan'15
Ribose first to achieve CSA STAR Attestation status
Cloud collaboration firm Ribose became the first company to achieve the Cloud Security Alliance's STAR Attestation process.
- January 09, 2015
09 Jan'15
'Shadow cloud' services a growing threat to enterprises
Cloud Security Alliance findings show many enterprises struggle to identify and control shadow cloud apps and services; half of those surveyed told the CSA they have no program in place manage cloud apps and services.
- January 05, 2015
05 Jan'15
Apple patches iCloud password vulnerability following hacking tool release
A hacking tool released on New Year's Day highlighted a security hole in Apple's public cloud service that left user accounts vulnerable.
- August 07, 2014
07 Aug'14
Black Hat 2014: Researcher reveals Amazon cloud security weaknesses
At Black Hat 2014, a researcher showed how AWS cloud security flaws and misconfigurations can have devastating consequences for AWS customers that don't take security seriously.
- July 18, 2014
18 Jul'14
CSA releases new Cloud Controls Matrix and CAIQ standards
The Cloud Security Alliance has updated its Cloud Controls Matrix (CCM) and Consensus Assessments Questionnaire (CAIQ) to help enterprises standardize cloud provider security assessments.
- July 15, 2014
15 Jul'14
Verizon unveils cloud-based WAF
Verizon bolstered its cloud security presence with a new web application firewall. The cloud-based WAF puts the telecom giant in the growing cloud firewall market with Akamai, Imperva and others.
- December 10, 2013
10 Dec'13
Q&A: Jim Reavis recaps news from Cloud Security Alliance Congress 2013
Video: CSA CEO Jim Reavis recaps the 2013 Cloud Security Alliance Congress, including its SAFECode partnership and Software Defined Perimeter effort.
- November 05, 2012
05 Nov'12
Sandy put business continuity planning in spotlight
Some firms struggled while others smoothly executed disaster procedures. Experts said cloud computing aided data center resiliency.
- November 01, 2012
01 Nov'12
Cloud adoption prompts secure data management, access control issues
Managing information, providing strong access controls and setting up appropriate data destruction policies are a challenge, experts say.
- September 19, 2012
19 Sep'12
The pros and cons of cloud-based static code analysis tools
Using the cloud can streamline secure software development, but comes with challenges and risks.
- August 31, 2012
31 Aug'12
Cloud Security Alliance tackles big data security
CSA will work with Fujitsu Laboratories of America on best practices, standards for securing big data.
- July 24, 2012
24 Jul'12
AWS security now documented in CSA STAR
Amazon Web Services has filed details on its security controls with Cloud Security Alliance online registry, showing a new level of transparency.
- May 30, 2012
30 May'12
Cloud study debunks Patriot Act assumptions
Law firm study of 10 countries finds that all allow government to access cloud data
- March 23, 2012
23 Mar'12
Microsoft vows to improve cloud service after Azure outage
Software giant said it will apply lessons learned after Leap Day outage of its cloud service.
- March 13, 2012
13 Mar'12
Information security roles and the cloud
How will security pros’ jobs change as cloud use grows?
- October 03, 2011
03 Oct'11
Cloud risk management: CSA on its Cloud Controls Matrix
Co-chair of CSA project talks about the CCM and how organizations can leverage it.
- July 29, 2011
29 Jul'11
Cloud availability and resiliency: Planning for failure
Gartner advises companies to take responsibility for cloud service resiliency.
- July 25, 2011
25 Jul'11
ISACA releases cloud computing governance guide
Guide explains how organizations can leverage COBIT to manage their cloud computing environments.
- April 20, 2011
20 Apr'11
Cloud application security issues and considerations
Companies moving legacy applications to a cloud environment need to account for a different threat model, loss of control.
- March 22, 2011
22 Mar'11
Terremark on cloud computing risks, legal subpoenas
Mario Santana, vice president of secure information services, talks about security risks unique to the cloud, how Terremark addresses them, and how it responds to subpoenas.
- February 04, 2011
04 Feb'11
Cloud compliance, cloud encryption top enterprise security concerns
Companies are worried about compliance and data protection in the cloud, according to a reader survey.