News

News

• March 20, 2015 20 Mar'15

  Account credentials emerge as a weak spot for cloud app security

  Experts say attacks on cloud application credentials are increasing, and vulnerability scans and penetration tests can't tell if an account has been compromised.

• March 10, 2015 10 Mar'15

  Amazon dodges another AWS reboot, but how?

  In a surprise move, Amazon Web services was able to patch a Xen hypervisor security flaw without a mass reboot of its EC2 infrastructure. So how did AWS pull it off?

• March 06, 2015 06 Mar'15

  CSA introduces security frameworks for government cloud security

  The Cloud Security Alliance's new frameworks for the European Union offer baseline security measures for government agencies worldwide deploying secure cloud services.

• February 26, 2015 26 Feb'15

  Google scanner bolsters secure cloud application development

  Google's new cloud security scanner aims to make application vulnerability scanning easier for Google App Engine developers.

• February 26, 2015 26 Feb'15

  Cloud security still needs a lot more work, say European experts

  Security and privacy remain a stumbling block for cloud computing, according to information experts at the Trust in the Digital World conference

• Sponsored News

  • How IT leaders can prepare IT architectures for an AI future using Intel Xeon® with DL Boost

    Sponsored by Intel - IT leaders are preparing their organisations for increasing use of artificial intelligence (AI) to extract the insights they need from growing amounts of data. To help them, Intel is enabling businesses to future-proof their IT architecture by building AI accelerators into its second-generation Xeon® scalable processors. See More

  • Looking to Improve Database Performance? With the Right Solution, You Can Now Turn to Public Cloud

    Sponsored by IBM - IT decision-makers are under pressure to accelerate the performance of their databases in today’s era of exponential data growth, the internet of things and big data analytics. Mission-critical databases such as Oracle and Microsoft SQL Server must deliver more data more quickly to more locations to support modern business initiatives and digital transformation. See More

  • Delivering datacentre performance and cost savings with Intel Optane technology

    Sponsored by Intel - Intel® Optane™ technology is the first memory and storage breakthrough in 25 years. Based on Intel® 3D XPoint™ memory media, it offers a new generation of solid-state devices (SSDs) and memory modules built from the ground up. See More

  • Reduce Network Complexity and Empower Your Hybrid Cloud with a Modern, Software-Defined Architecture

    Sponsored by IBM - As IT teams seek to move more of their mission-critical applications to hybrid cloud environments, they are facing growing pressure to reduce complexity in managing, securing and scaling their enterprise networks. See More

  View All Sponsored News
• February 18, 2015 18 Feb'15

  Symantec quietly drops cloud security certification due to lack of adoption

  After nearly three years, the Symantec Certified Professional-Cloud Security certification has been discontinued due to a lack of adoption, causing observers to question Symantec's cloud security strategy.

• February 10, 2015 10 Feb'15

  Box introduces BYOK encryption key management service

  Box will give enterprise cloud data storage customers the ability to control and store their own encryption keys through its new Enterprise Key Management service.

• February 06, 2015 06 Feb'15

  Study: Federal data center modernization failing on cloud security

  MeriTalk and Palo Alto Networks say the U.S. government's thinks its data center modernization effort is going well, but research shows basic cloud security protections are nowhere to be found.

• February 04, 2015 04 Feb'15

  Enterprise shadow cloud usage eclipses authorized cloud services

  New research by CipherCloud shows that majority of enterprises don't know extent of unsanctioned cloud usage by their employees.

• January 30, 2015 30 Jan'15

  Apple eyes cloud storage for Touch ID biometric data

  According to a new patent application, Apple is looking to expand its Touch ID biometric verification system through the cloud. But will the biometric data be secure?

• January 30, 2015 30 Jan'15

  Hybrid DDoS prevention emerges to counter variety of DDoS attacks

  As DDoS attacks get bigger, more frequent, and more varied, new hybrid and cloud-based DDoS prevention methods are emerging, but some fear too much automation in DDoS defense may result in a loss of control.

• January 26, 2015 26 Jan'15

  Rackspace security push eyes managed cloud, compliance services

  Rackspace hopes its new emphasis on security-centric managed cloud services will be enough to overcome past security and availability problems, as well as differentiate itself from public cloud rivals AWS and Microsoft.

• January 16, 2015 16 Jan'15

  Ribose first to achieve CSA STAR Attestation status

  Cloud collaboration firm Ribose became the first company to achieve the Cloud Security Alliance's STAR Attestation process.

• January 09, 2015 09 Jan'15

  'Shadow cloud' services a growing threat to enterprises

  Cloud Security Alliance findings show many enterprises struggle to identify and control shadow cloud apps and services; half of those surveyed told the CSA they have no program in place manage cloud apps and services.

• January 05, 2015 05 Jan'15

  Apple patches iCloud password vulnerability following hacking tool release

  A hacking tool released on New Year's Day highlighted a security hole in Apple's public cloud service that left user accounts vulnerable.

• December 30, 2014 30 Dec'14

  CSA to closely monitor enterprise cloud data privacy issues in 2015

  The Cloud Security Alliance says cloud data privacy has emerged as a top issue for industry amid Microsoft's battle with the U.S. government over customer emails stored in Ireland.

• December 16, 2014 16 Dec'14

  Microsoft, rivals challenge U.S. government over cloud data privacy

  Microsoft's refusal to give the U.S. government customer emails stored in Ireland will likely have implications for enterprise cloud data privacy and security.

• December 04, 2014 04 Dec'14

  Microsoft focuses on Azure security in cloud race against AWS

  Microsoft is working to improve Azure security, but analysts say Amazon Web Services is still in the lead when it comes to cloud security capabilities.

• November 19, 2014 19 Nov'14

  Amazon bolsters AWS security, adds encryption key management

  Newly announced Amazon Web Services security features include an encryption key management service intended to boost cloud security and strengthen appeal of AWS to enterprises.

• November 05, 2014 05 Nov'14

  IBM introduces new cloud platform for threat analytics

  With IBM Dynamic Cloud Security, Big Blue is shifting its entire security portfolio, from managed services to threat analytics, to the cloud.

• October 31, 2014 31 Oct'14

  Research shows enterprises leaking shadow data to the cloud

  A new study by cloud security startup Elastica shows that enterprise employees are unknowingly leaking sensitive data through cloud apps and services.

• October 20, 2014 20 Oct'14

  Apple iCloud hit with MitM attacks in China

  There is more potential trouble for Apple iCloud users as a nationwide man-in-the-middle attack struck the iCloud website in China amid the country's launch of the new iPhone 6.

• October 09, 2014 09 Oct'14

  Provider reboots call cloud computing hypervisor security into question

  After a Xen hypervisor flaw led several major cloud providers to reboot their host servers, experts say future cloud computing hypervisor security issues will likely cause further service disruptions.

• October 07, 2014 07 Oct'14

  Sophos acquires Mojave Networks to bolster mobile app security

  Sophos looks to strengthen its cloud security offerings for mobile security with the acquisition of Mojave Networks, a mobile security startup.

• September 29, 2014 29 Sep'14

  Cloud security experts call for global data privacy standards

  A recent study from the Cloud Security Alliance shows strong support for global data privacy standards as well as a consumer bill of rights, but there are major obstacles for privacy in the cloud.

• September 25, 2014 25 Sep'14

  Shining a light on shadow cloud apps and services

  Security pros from Hewlett-Packard and SkyHigh Networks offer insight on how to identify shadow cloud apps and services within the enterprise.

• September 23, 2014 23 Sep'14

  Experts: Expect cloud breaches to endanger data privacy

  Attendees and speakers at the CSA Congress and IAPP Privacy Academy stressed the need for better data classification to reduce the effects of cloud breaches.

• September 19, 2014 19 Sep'14

  Pandora balancing cloud app security and shadow IT

  Internet radio company Pandora explains how it found a strategy to embrace shadow IT and still secure cloud app usage within the company.

• September 12, 2014 12 Sep'14

  Cloud computing threat intelligence platforms: The next big thing?

  Following FireEye's new threat analytics platform for Amazon Web Services, are enterprises ready to embrace the benefits of cloud-based threat analytics?

• September 02, 2014 02 Sep'14

  Following iCloud hack, experts say enterprise data likely at risk

  Following the iCloud hack and resulting leak of celebrity photos, experts say many enterprises 'don't have a clue' that corporate data could also be at risk.

• September 02, 2014 02 Sep'14

  Helix Nebula cloud security hinges on federated identity management

  CERN and the Cloud Security Alliance explain how federated identity management protects Helix Nebula, a European cloud platform that's running applications for such research projects as the Large Hadron Collider.

• August 15, 2014 15 Aug'14

  Amazon Workspaces gets MFA security update

  Amazon Web Services has added multifactor authentication to its WorkSpaces cloud desktop service, the first step in a larger effort to bolster AWS security.

• August 13, 2014 13 Aug'14

  Amazon Workspaces gets MFA security update

  Amazon Web Services has added multifactor authentication to its WorkSpaces cloud desktop service, the first step in a larger effort to bolster AWS security.

• August 12, 2014 12 Aug'14

  IBM ups cloud IAM offering with Lighthouse acquisition

  IBM made its second cloud security acquisition in as many weeks with the purchase of Lighthouse Security Group, which specializes in cloud-based IAM services.

• August 07, 2014 07 Aug'14

  Black Hat 2014: Researcher reveals Amazon cloud security weaknesses

  At Black Hat 2014, a researcher showed how AWS cloud security flaws and misconfigurations can have devastating consequences for AWS customers that don't take security seriously.

• August 06, 2014 06 Aug'14

  Black Hat 2014: Researcher reveals Amazon cloud security weaknesses

  At Black Hat 2014, a researcher showed how AWS cloud security flaws and misconfigurations can have devastating consequences for AWS customers that don't take security seriously.

• July 31, 2014 31 Jul'14

  Study: Cloud app data sharing growth increases risks

  Netskope's Cloud Report shows the average number of cloud apps used in the enterprise is growing -- but the majority of those apps lack proper security and policy controls.

• July 18, 2014 18 Jul'14

  CSA releases new Cloud Controls Matrix and CAIQ standards

  The Cloud Security Alliance has updated its Cloud Controls Matrix (CCM) and Consensus Assessments Questionnaire (CAIQ) to help enterprises standardize cloud provider security assessments.

• July 15, 2014 15 Jul'14

  Verizon unveils cloud-based WAF

  Verizon bolstered its cloud security presence with a new web application firewall. The cloud-based WAF puts the telecom giant in the growing cloud firewall market with Akamai, Imperva and others.

• July 15, 2014 15 Jul'14

  Old AWS API key led to search provider's cloud security breach

  Exclusive: The co-founder of One More Cloud explains how an old AWS API key was used to take down the company's services, and the hard lessons learned.

• July 14, 2014 14 Jul'14

  Cloud malware analysis a must-have for advanced threat protection

  Cloud-based malware analysis is becoming a must-have feature for both established and upstart advanced threat protection vendors.

• May 30, 2014 30 May'14

  On cloud security management, security teams must be trusted advisers

  Security pros say infosec teams must be proactive on cloud security management to reduce risk related to rapid growth in enterprise cloud computing.

• May 29, 2014 29 May'14

  As FedRAMP deadline nears, slow approvals leave CSPs in the queue

  The consequences for cloud service providers missing the FedRAMP deadline remain unclear, though experts say those in the queue are in good shape.

• May 07, 2014 07 May'14

  Cloud security policy exceptions thwart rogue usage controls

  A Netskope report shows a flood of cloud security policy exceptions commonly thwart rogue cloud app security controls.

• April 25, 2014 25 Apr'14

  Report: Gap between on-premises and cloud attacks closing

  A new report shows the volume of cloud attacks is rising, as attack types traditionally associated with on-premises environments migrate with users.

• April 01, 2014 01 Apr'14

  Cloud attacks sneak past gap between enterprises and providers

  Emerging cloud attacks threaten cloud data security by exploiting the gap between enterprise controls and provider transparency.

• March 04, 2014 04 Mar'14

  On cloud data security validation, providers offer few promises

  Until a common cloud provider assessment paradigm is agreed upon, experts say enterprises will be left wanting on cloud data security validation.

• February 25, 2014 25 Feb'14

  For BYOD-SaaS security, consider established IT security controls

  Panelists at the Cloud Security Alliance Summit assert that federated identity and gateways, hardly new technologies, are best for BYOD-SaaS security.

• January 22, 2014 22 Jan'14

  A legal analysis of the updated EU General Data Protection Regulation

  The updated EU General Data Protection Regulation raises breach penalties for enterprises operating in the EU. Attorney Francois Gilbert explains.

• December 19, 2013 19 Dec'13

  CSA Cloud Trust Protocol working group to foster cloud transparency

  The Cloud Security Alliance hopes Cloud Trust Protocol will boost cloud transparency by automating customer requests for cloud provider security data.

• December 10, 2013 10 Dec'13

  Q&A: Jim Reavis recaps news from Cloud Security Alliance Congress 2013

  Video: CSA CEO Jim Reavis recaps the 2013 Cloud Security Alliance Congress, including its SAFECode partnership and Software Defined Perimeter effort.

• December 09, 2013 09 Dec'13

  Expert: Security automation can thwart attacks on cloud computing

  Nation-states are turning their attacks toward the cloud. One expert explains why he believes security automation is the only viable defense tactic.

• December 06, 2013 06 Dec'13

  Despite cloud computing security risks, infosec pros know their role

  As business demands and rogue users introduce cloud computing security risks into many enterprises, infosec pros understand they must be enablers.

• December 05, 2013 05 Dec'13

  Cloud incident response planning: Know cloud provider responsibilities

  A practitioner at the 2013 CSA Congress says enterprises must plan for a cloud incident because providers often fail to detail their responsibilities.

• December 05, 2013 05 Dec'13

  Providers at 2013 CSA Congress tout cloud security over traditional IT

  At the 2013 CSA Congress, executives from Microsoft and AWS made the case for why cloud provider security is superior to traditional IT security.

• October 09, 2013 09 Oct'13

  VMware NSX platform: Implications for network virtualization security

  Expert Paul Kirvan discusses the debut of the VMware NSX platform and what it means to both network virtualization security and cloud security.

• September 26, 2013 26 Sep'13

  Security expert: FedRAMP cloud security standard not yet fully baked

  The CEO of a FedRAMP 3PAO warned of the limitations of the FedRAMP cloud security standard when using it to assess cloud security.

• September 16, 2013 16 Sep'13

  CipherCloud adds AES 256-bit encryption to Box product, expands abroad

  CipherCloud announced the addition of AES 256-bit encryption capabilities to its Box DLP offering amid growing demand from abroad.

• September 13, 2013 13 Sep'13

  Echopass achieves PCI Level 1 certification; CISO offers PCI guidance

  On the heels of Echopass achieving PCI Level 1 certification, CISO Dennis Empey offers PCI guidance for other cloud providers navigating the process.

• June 14, 2013 14 Jun'13

  Gartner: Negotiate cloud contracts with detailed security, control

  When negotiating with cloud providers, enterprises must demand cloud contracts with specific security and control provisions, Gartner analysts say.

• May 23, 2013 23 May'13

  AWS FedRAMP certification fast-tracks Amazon cloud for U.S. government

  AWS becomes the biggest cloud provider to earn FedRAMP certification, easing the transition to AWS for U.S. government agencies.

• May 22, 2013 22 May'13

  For cloud backup and disaster recovery, bandwidth proves problematic

  When it comes to cloud backup and disaster recovery, organizations are holding back due to insufficient bandwidth and lengthy recovery times.

• April 26, 2013 26 Apr'13

  (ISC)2, CSA partner on new cloud security certification

  The yet-unnamed certification will seek to validate skills of cloud security pros, but it's unclear how it may complement or overlap with existing certs.

• April 26, 2013 26 Apr'13

  CSA offers new initiatives to address SMB cloud security issues

  In response to growing SMB cloud security issues, the Cloud Security Alliance announced a new working group and membership level focused on SMBs.

• April 17, 2013 17 Apr'13

  Gartner forecasts rising interest in cloud-based security services

  Gartner forecasts that security services in the cloud will soon account for 10% of the enterprise IT security market, largely driven by compliance.

• March 26, 2013 26 Mar'13

  Report suggests cloud security concerns are overblown

  A study by Alert Logic downplays cloud security concerns when compared to traditional IT infrastructure, but indicates Web app attacks are a problem.

• March 01, 2013 01 Mar'13

  Cloud security panel discusses transparency, Notorious Nine at RSA

  A panel of cloud security experts fielded questions on cloud provider transparency, the CSA's Notorious Nine report and more at RSA Conference 2013.

• February 25, 2013 25 Feb'13

  CSA updates push toward cloud provider security assurance at 2013 CSA Summit

  The Cloud Security Alliance expanded its cloud security training and cloud provider security assurance efforts Monday at its 2013 CSA Summit.

• February 25, 2013 25 Feb'13

  Experts at the CSA 2013 Summit say mobile security depends on cloud security

  Panelists at the Cloud Security Alliance Summit say mobile security and cloud security are linked, and that preventing data loss demands securing the app layer.

• December 19, 2012 19 Dec'12

  Trust a significant issue for cloud services, survey finds

  A survey conducted by database security vendor GreenSQL found a high level of distrust in cloud services, despite the perception that transparency is increasing.

• November 30, 2012 30 Nov'12

  AWS re:Invent 2012 IT pros have few cloud computing security concerns

  IT pros praised the security of Amazon Web Services, saying the show eased their cloud computing security concerns.

• November 30, 2012 30 Nov'12

  AWS cloud security model relies on shared security partnership

  At its user conference, Amazon Web Services says customers must understand the implications of its shared security model before moving to the cloud.

• November 29, 2012 29 Nov'12

  AWS IAM tools essential to secure cloud services

  Using AWS IAM tools to limit who has access to create and launch services should be essential to a cloud security strategy, say experts.

• November 28, 2012 28 Nov'12

  AWS security strategy relies on rigorous cloud security processes

  Speaking at the company's first user conference, Amazon Web Services CISO Stephen Schmidt said security in the cloud is a shared responsibility.

• November 28, 2012 28 Nov'12

  Inaugural AWS re:Invent show to highlight AWS security issues

  Amazon CEO Jeff Bezos will headline this week's first-ever AWS re: Invent cloud computing conference, where several sessions will cover security issues.

• November 27, 2012 27 Nov'12

  Trend Micro issues cloud, mobile security assessment tools

  Online assessment tests the security posture, but more detailed guidance documents and reports are available from government agencies and organizations.

• November 21, 2012 21 Nov'12

  Cloud security begins with the contract, says expert

  Enterprises must empower their legal teams to ask the right questions and write contracts based on risk management, explains Tom Kellermann of Trend Micro.

• November 07, 2012 07 Nov'12

  CSA 2012 keynote: Attack data vital to securing cloud-based systems

  Security pros need to share anonymous attack information or face dire consequences, said Dave Cullinane, CEO of Security Starfish and chairman of the Cloud Security Alliance.

• November 05, 2012 05 Nov'12

  Sandy put business continuity planning in spotlight

  Some firms struggled while others smoothly executed disaster procedures. Experts said cloud computing aided data center resiliency.

• November 01, 2012 01 Nov'12

  Cloud adoption prompts secure data management, access control issues

  Managing information, providing strong access controls and setting up appropriate data destruction policies are a challenge, experts say.

• October 03, 2012 03 Oct'12

  Cloud security issues will only be solved by user demands, CSA chief says

  Enterprises must insist transparency, authentication and other key issues are addressed, said Jim Reavis, executive director of the Cloud Security Alliance.

• October 03, 2012 03 Oct'12

  For U.S. Mint, cloud computing security transparency effort pays off

  U.S. Mint CISO Chris Carpenter said his cloud provider wasn't ready for either his security questions or to share continuous monitoring and log data.

• October 03, 2012 03 Oct'12

  Credit union finds cloud GRC tool fits the bill

  Cloud-based service for managing risk is designed to meet the needs of small and midsize businesses.

• September 19, 2012 19 Sep'12

  The pros and cons of cloud-based static code analysis tools

  Using the cloud can streamline secure software development, but comes with challenges and risks.

• September 19, 2012 19 Sep'12

  Bromium launches Windows PC security product

  Company uses virtualization technology to isolate malware from the rest of the system.

• September 05, 2012 05 Sep'12

  Cloud Security Alliance forms group to focus on cloud data privacy

  Group will develop standards for communicating cloud data privacy measures.

• August 31, 2012 31 Aug'12

  Cloud Security Alliance tackles big data security

  CSA will work with Fujitsu Laboratories of America on best practices, standards for securing big data.

• August 28, 2012 28 Aug'12

  VMware unveils vCloud Networking and Security

  The vCloud Networking and Security package, featuring vShield Edge and vShield App, is designed to make virtualization security easier to implement.

• August 27, 2012 27 Aug'12

  Vendors roll out new tools for securing VMware environments

  At VMworld 2012, security suppliers plan to showcase new antimalware protection, policy enforcement products to secure VMware environments.

• August 22, 2012 22 Aug'12

  Crisis Trojan can infect VMware machines, Windows Mobile devices

  The AV giant says the Windows version of the Crisis Trojan may be the first malware that can spread to so many different platforms.

• August 21, 2012 21 Aug'12

  CSA partners with BSI on cloud security certification program

  The British Standards Institution will help the CSA develop a certification program for cloud providers.

• August 14, 2012 14 Aug'12

  Trend Micro updates Smart Protection Network, adds four capabilities

  Trend Micro adds to its cloud-based security technology, but one expert says the additions haven't put it ahead of the competition.

• August 08, 2012 08 Aug'12

  Survey: Cloud security concerns not holding back cloud adoption

  Global study shows that some organizations are moving sensitive data to the cloud at the expense of security.

• July 24, 2012 24 Jul'12

  AWS security now documented in CSA STAR

  Amazon Web Services has filed details on its security controls with Cloud Security Alliance online registry, showing a new level of transparency.

• July 17, 2012 17 Jul'12

  Cisco acquires VM security startup

  Deal boosts networking giant's cloud security technology.

• July 10, 2012 10 Jul'12

  Cloud transparency still an issue with PCI DSS compliance, expert says

  Maintaining PCI DSS compliance in the cloud is possible, but merchants often have the difficult job of maintaining transparency and getting log data from their cloud payment provider.

• June 19, 2012 19 Jun'12

  Gary McGraw on cloud computing pros and cons for security

  Cloud computing can help improve SMB security operations but doesn’t bode well for software security.

• June 14, 2012 14 Jun'12

  Cloud identity and access management aids biotech company

  Okta service streamlines unmanageable number of accounts and passwords for Genomic Health.

• June 11, 2012 11 Jun'12

  FedRAMP certification draws interest; cloud monitoring guidelines coming soon

  The GSA says cloud providers are lining up for FedRAMP certification, and its continuous cloud monitoring guidelines are a few weeks away.

• June 05, 2012 05 Jun'12

  CloudFlare security breach reveals Google Apps security flaw

  A sophisticated attack on the website security firm involved Google Apps, AT&T security problems.