News

News

• May 30, 2012 30 May'12

  FedRAMP cloud security 3PAO on process, goals for program

  Todd Coen of Dynamic Research Corporation talks about what 3PAOs will do and what happens next with FedRAMP.

• May 30, 2012 30 May'12

  Cloud study debunks Patriot Act assumptions

  Law firm study of 10 countries finds that all allow government to access cloud data

• May 10, 2012 10 May'12

  CSA launches cloud security certification initiative for service providers

  Plan calls for working with certification bodies, government agencies, as well as an independent CSA certification.

• May 09, 2012 09 May'12

  PCI virtualization compliance still a challenge

  No black and white when it comes to PCI compliance in virtualized environments, experts say.

• May 07, 2012 07 May'12

  McAfee and Intel cloud computing security strategy unveiled

  Companies offer up collection of technologies to help overcome enterprise concern about cloud security.

• Sponsored News

  • How IT leaders can prepare IT architectures for an AI future using Intel Xeon® with DL Boost

    Sponsored by Intel - IT leaders are preparing their organisations for increasing use of artificial intelligence (AI) to extract the insights they need from growing amounts of data. To help them, Intel is enabling businesses to future-proof their IT architecture by building AI accelerators into its second-generation Xeon® scalable processors. See More

  • Looking to Improve Database Performance? With the Right Solution, You Can Now Turn to Public Cloud

    Sponsored by IBM - IT decision-makers are under pressure to accelerate the performance of their databases in today’s era of exponential data growth, the internet of things and big data analytics. Mission-critical databases such as Oracle and Microsoft SQL Server must deliver more data more quickly to more locations to support modern business initiatives and digital transformation. See More

  • Delivering datacentre performance and cost savings with Intel Optane technology

    Sponsored by Intel - Intel® Optane™ technology is the first memory and storage breakthrough in 25 years. Based on Intel® 3D XPoint™ memory media, it offers a new generation of solid-state devices (SSDs) and memory modules built from the ground up. See More

  • Reduce Network Complexity and Empower Your Hybrid Cloud with a Modern, Software-Defined Architecture

    Sponsored by IBM - As IT teams seek to move more of their mission-critical applications to hybrid cloud environments, they are facing growing pressure to reduce complexity in managing, securing and scaling their enterprise networks. See More

  View All Sponsored News
• April 25, 2012 25 Apr'12

  VMware downplays ESX hypervisor source code leak

  Company says source code was leaked online but says may not mean increased risk.

• April 04, 2012 04 Apr'12

  ENISA offers governance guide for cloud computing contracts

  European agency provides framework for monitoring cloud provider security after a contract is signed.

• March 29, 2012 29 Mar'12

  More companies eyeing SIEM in the cloud

  A cloud service can help companies get around some hurdles with SIEM systems.

• March 29, 2012 29 Mar'12

  CloudFlare aims to differentiate itself with DDoS protection service

  Startup aims to provide affordable cloud-based website protection and acceleration.

• March 23, 2012 23 Mar'12

  Microsoft vows to improve cloud service after Azure outage

  Software giant said it will apply lessons learned after Leap Day outage of its cloud service.

• March 13, 2012 13 Mar'12

  Information security roles and the cloud

  How will security pros’ jobs change as cloud use grows?

• February 29, 2012 29 Feb'12

  Plan ahead for cloud computing breaches in cloud contracts, experts say

  Organizations need to plan ahead for possible cloud breaches, legal experts advise.

• February 27, 2012 27 Feb'12

  CSA at RSA 2012: International cloud computing security standards needed

  Cloud providers and security experts discuss need for uniform rules that apply across international boundaries

• February 27, 2012 27 Feb'12

  Study shows cloud provider security better than on-premise

  Alert Logic analysis finds cloud service provider environments suffer fewer security incidents.

• February 16, 2012 16 Feb'12

  Cloud computing security issues on tap at RSA Conference 2012

  Data privacy, cloud security standards among the topics to be discussed.

• January 20, 2012 20 Jan'12

  PCI in the cloud: Segmentation, security compliance is possible, experts say

  Merchants are ultimately responsible for locking down credit card data and maintaining PCI compliance, according to experts.

• January 20, 2012 20 Jan'12

  Calls for cloud security transparency getting louder

  Enterprises need cloud security transparency and must understand cloud provider security in order to move forward with engagements.

• January 12, 2012 12 Jan'12

  FedRAMP cloud computing standards initiative spurs optimism, criticism

  Federal cloud security framework aims to speed cloud security assessments and agency cloud adoption.

• December 08, 2011 08 Dec'11

  Federal officials launch cloud computing security standards initiative

  FedRAMP establishes standard approach for federal agencies to assess cloud providers.

• December 02, 2011 02 Dec'11

  Security SaaS options emerge to tackle mobile device security risks

  Cloud-based mobile security services fend off malware, protect sensitive data.

• November 22, 2011 22 Nov'11

  AWS credentials uncovered using Google Code Search

  One mistake by a developer could expose an organization’s AWS infrastructure, security researcher says.

• November 18, 2011 18 Nov'11

  CSA Congress roundup: Cloud SLAs, compliance and 7 dirty words

  Topics highlight array of cloud security challenges

• November 17, 2011 17 Nov'11

  Updated CSA guidance offers tips, advice on cloud-based security

  Updated CSA guidance offers practical tips and advice on cloud-based security

• November 16, 2011 16 Nov'11

  Coviello talks about building a trusted cloud, resilient security

  Security needs to change in order to defend against targeted attacks, RSA chairman says.

• November 10, 2011 10 Nov'11

  Panel discusses cloud computing security issues

  Companies need to educate developers, leverage asset inventories and vet cloud providers, panelists advise.

• November 01, 2011 01 Nov'11

  Survey: IT and compliance pros differ on IaaS security

  Compliance practitioners are more confident in cloud security than IT pros, study finds.

• October 27, 2011 27 Oct'11

  Researchers uncover AWS security vulnerabilities

  Amazon says vulnerabilities were fixed and no customers were affected.

• October 26, 2011 26 Oct'11

  Security SaaS helps financial portal stop server attacks

  Startup Dome9 provides cloud-based firewall management service for public and private cloud servers.

• October 05, 2011 05 Oct'11

  Amazon rolls out server-side S3 encryption service

  New service offers alternative to client-side encryption for Amazon’s storage service.

• October 03, 2011 03 Oct'11

  Cloud risk management: CSA on its Cloud Controls Matrix

  Co-chair of CSA project talks about the CCM and how organizations can leverage it.

• September 22, 2011 22 Sep'11

  Netflix leverages cloud computing characteristics for security

  Company’s cloud security architect talks about advantages over data center model.

• September 20, 2011 20 Sep'11

  Cloud IAM catching on in the enterprise

  Market for cloud-based identity and access management is growing, analysts say.

• August 31, 2011 31 Aug'11

  Analysis: Verizon CloudSwitch acquisition fosters cloud application security

  Amy Larsen DeCarlo of Current Analysis says the Verizon CloudSwitch acquisition will bolster cloud application security following cloud migrations.

• August 30, 2011 30 Aug'11

  Antivirus for VMware options expand

  New antivirus capabilities for virtual servers showcased at VMworld and Trend Micro updates Deep Security.

• August 29, 2011 29 Aug'11

  VMware boosts VM security with PacketMotion purchase

  Technology that tracks user activity will be integrated into vShield product line.

• August 25, 2011 25 Aug'11

  Verizon targets hybrid cloud security with CloudSwitch acquisition

  The deal gives Verizon software to help companies maintain hybrid cloud security as they move applications to the cloud. Terms were not disclosed.

• August 17, 2011 17 Aug'11

  Amazon launches U.S. government cloud

  AWS GovCloud supports ITAR compliance requirements.

• August 04, 2011 04 Aug'11

  CSA cloud provider registry aims to boost cloud transparency

  Free online registry will provide documentation of cloud provider security controls.

• August 02, 2011 02 Aug'11

  Cybercriminals using Amazon S3 to spread SpyEye toolkit

  Security researchers detected large volume of the bank Trojan on Amazon’s cloud storage service.

• July 29, 2011 29 Jul'11

  Cloud availability and resiliency: Planning for failure

  Gartner advises companies to take responsibility for cloud service resiliency.

• July 29, 2011 29 Jul'11

  Challenges in protecting data in the cloud

  Gartner analysts outline new attack vectors and security complications.

• July 28, 2011 28 Jul'11

  NASA’s Jet Propulsion Lab touts hybrid cloud security

  The CTO of NASA’s famous JPL told a Gartner Catalyst 2011 crowd how his group conducts sensitive scientific work using a hybrid cloud security model.

• July 25, 2011 25 Jul'11

  ISACA releases cloud computing governance guide

  Guide explains how organizations can leverage COBIT to manage their cloud computing environments.

• July 15, 2011 15 Jul'11

  What about cloud security certifications for cloud providers?

  Opinion: CSA Executive Director Jim Reavis assesses the challenges associated with certifying the security capabilities of cloud providers.

• July 14, 2011 14 Jul'11

  CSA licenses cloud transparency tool from CSC

  Free tool gives organizations a standard way to obtain security and compliance information from a cloud provider.

• July 12, 2011 12 Jul'11

  Updated VMware vShield App 5 includes sensitive data discovery

  New sensitive data discovery features in the virtualization giant’s updated platform will allow enterprises to discover and classify data inside VMs.

• June 28, 2011 28 Jun'11

  AWS cloud computing compliance paper details customer responsibilities

  Cloud giant makes it clear the onus is on customers when it comes to HIPAA, GLBA and other regulations.

• June 27, 2011 27 Jun'11

  Gartner: Prepare today or face cloud computing security problems tomorrow

  Gartner analysts say infosec teams can avoid tomorrow’s cloud computing security problems by anticipating future usage and becoming facilitators.

• June 23, 2011 23 Jun'11

  AWS customers open door to cloud computing security threats

  Study shows that many AWS users are disregarding security and creating cloud vulnerabilities.

• June 21, 2011 21 Jun'11

  Cloud computing contracts and security’s role

  Security teams need to be involved in the contract process to ensure data security provisions are included.

• June 15, 2011 15 Jun'11

  PCI virtualization report cites challenges with PCI compliance in the cloud

  Compliance with the PCI security standard tricky in public cloud environments, report says.

• June 10, 2011 10 Jun'11

  Core Security launches penetration testing service for AWS security

  AWS customers can use the on-demand service to test the security of their cloud deployments.

• June 02, 2011 02 Jun'11

  Shabby cloud computing SLAs and other cloud security mistakes

  Security consultant offers up list of missteps companies should avoid in cloud security.

• May 27, 2011 27 May'11

  Survey: Cloud customers not taking steps to secure cloud computing

  CDW study finds that cloud users aren’t implementing security capabilities or verifying cloud provider security.

• May 24, 2011 24 May'11

  Vendors tackle challenges in securing virtual environments

  Security companies look to overcome performance bottlenecks with retooled technology for virtual security.

• May 16, 2011 16 May'11

  CSA: Cloud outages highlight need for better risk management

  CSA Executive Director Jim Reavis reflects on the recent cloud provider outages.

• May 09, 2011 09 May'11

  McAfee streamlines product set with Intel for cloud security services

  McAfee’s security software changes bridge its Web, mobile and email security with Intel’s cloud access control products.

• May 06, 2011 06 May'11

  Group to develop cloud computing audit specifications

  Goal is to create standards that provide transparency into cloud infrastructures.

• May 04, 2011 04 May'11

  Symantec executives caution customers on cloud provider security

  Businesses must hold cloud providers to the same security standards they hold themselves to, Symantec executives said at the company’s annual Vision user conference.

• April 28, 2011 28 Apr'11

  Cloud provider security study reveals security gaps

  Ponemon survey of cloud service providers shows little focus or spending on security

• April 20, 2011 20 Apr'11

  Cloud Security Alliance teams with ISO on cloud security standards

  CSA will collaborate on development of international standards for security and privacy of cloud computing services.

• April 20, 2011 20 Apr'11

  Cloud application security issues and considerations

  Companies moving legacy applications to a cloud environment need to account for a different threat model, loss of control.

• April 07, 2011 07 Apr'11

  Web security SaaS helps streamline security for health care provider

  HCR ManorCare replaces in-house URL filtering with Zscaler’s cloud-based security service.

• March 22, 2011 22 Mar'11

  PCI DSS compliant cloud providers: No PCI panacea

  Organizations shouldn’t expect a PCI-validated cloud provider to relieve them of their PCI obligations, security experts say.

• March 22, 2011 22 Mar'11

  Terremark on cloud computing risks, legal subpoenas

  Mario Santana, vice president of secure information services, talks about security risks unique to the cloud, how Terremark addresses them, and how it responds to subpoenas.

• February 17, 2011 17 Feb'11

  RSA attendees skeptical about cloud service provider security

  Security professionals wary of cloud services for regulated data.

• February 17, 2011 17 Feb'11

  Cloud computing compliance: Visibility key

  Transparency is essential for security and compliance when working with cloud services providers, RSA panelists say.

• February 16, 2011 16 Feb'11

  Cloud computing contracts: Tread carefully

  RSA panel offers advice on legal considerations for organizations entering cloud service provider contracts.

• February 15, 2011 15 Feb'11

  White House CIO talks up cloud computing strategy

  Sprawling IT infrastructure hard to manage and secure, Vivek Kundra tells CSA crowd.

• February 09, 2011 09 Feb'11

  New vendors unveil technologies for cloud computing security

  Encryption, server security and identity and access management for cloud services among the new offerings.

• February 09, 2011 09 Feb'11

  Emerging theme at RSA Conference 2011 may be ‘mostly cloudy’

  Security vendors at RSA Conference 2011 need to be more specific about the security technologies they are aiming at the “cloud,” industry analysts say.

• February 08, 2011 08 Feb'11

  Cloud computing security summit draws growing crowd

  Cloud Security Alliance event expands to accommodate growing interest.

• February 08, 2011 08 Feb'11

  HIPAA business associate agreement key to company’s cloud migration

  Wound therapy provider moves IT infrastructure to cloud provider.

• February 04, 2011 04 Feb'11

  Cloud compliance, cloud encryption top enterprise security concerns

  Companies are worried about compliance and data protection in the cloud, according to a reader survey.

• December 02, 2010 02 Dec'10

  Cloud computing technologies and financial services

  Cloud computing offers cost savings but how does it fit into the highly regulated financial services industry?

• November 17, 2010 17 Nov'10

  Don't fight cloud computing technology, says Symantec's Thompson

  Security professionals should embrace the inevitable shift to cloud computing, Symantec Chairman John Thompson says.

• June 28, 2010 28 Jun'10

  IT security must influence cloud computing decisions

  Security professionals must advise decision makers not to embark on new cloud computing projects without considering the security implications.

• June 16, 2010 16 Jun'10

  Former @stake researcher Aitel insists on data classification

  Know your data before turning to the cloud, says Dave Aitel, CTO of Immunity Inc. Aitel criticized traditional security technologies at FIRST Conference 2010.

• May 06, 2010 06 May'10

  Federal CISOs worry they can't effectively secure cloud computing

  An (ISC)2 survey finds federal CISOs pleased with the government's efforts to improve network security, but lack support for hiring skilled security pros.

• April 08, 2010 08 Apr'10

  Cloud computing risks outweigh benefits, survey finds

  The risks of cloud computing outweigh the benefits according to a survey of more than 1,800 U.S.-based IT professionals who are members of the ISACA organization.

• March 30, 2010 30 Mar'10

  RSA's Art Coviello: Embed security in virtual infrastructure

  RSA president Art Coviello made a bold statement during his RSA Conference keynote three years ago when he proclaimed that the security industry would cease to exist, and that security technologies would be embedded into computing infrastructure. ...

• March 01, 2010 01 Mar'10

  Cloud Security Alliance releases top cloud computing security threats

  The Cloud Security Alliance identifies seven top cloud computing security threats.

• December 24, 2009 24 Dec'09

  Web security strategy: Use cloud security services

  Web security used to be mainly URL filtering and protocol validation, but as Eric Ogren explains, Web security clouds improve security with little impact on performance.

• December 17, 2009 17 Dec'09

  Cloud Security Alliance releases updated guidance

  New version provides more actionable advice for ensuring cloud computing security

• November 10, 2009 10 Nov'09

  New vendor risk assessment tools address cloud computing

  Shared Assessments program unveils updated tools for assessing security of service providers, including cloud providers

• September 21, 2009 21 Sep'09

  Security challenges with cloud computing services

  Panel discusses cloud computing security issues including encryption and user authentication.

• June 10, 2009 10 Jun'09

  Cloud security begins with infrastructure assessment

  The challenge for security teams is to safely integrate extended cloud capabilities into corporate policies and procedures.

• May 14, 2009 14 May'09

  Forrester advises cautious approach to cloud computing services

  While it could save money, many firms should understand the security, privacy and legal issues when using cloud-based services.

• April 29, 2009 29 Apr'09

  Trend Micro to acquire Third Brigade for virtualization, cloud security

  Trend Micro said Third Brigade's technology bolsters its datacenter security strategy by helping its customers protect virtual servers and cloud computing initiatives.

• April 23, 2009 23 Apr'09

  Virtualization experts debate security of thin, robust hypervisors

  Experts and vendors make the case for the security attributes of thin and robust hypervisors, but rapid changes in virtualization technology could further complicate the virtualization security debate.

• April 22, 2009 22 Apr'09

  Cloud computing security group releases report outlining trouble areas

  The non-profit Cloud Security Alliance says its comprehensive report serves as the starting point for a broader discussion on cloud computing security issues.

• April 21, 2009 21 Apr'09

  Cloud, virtualization servers pose challenges for PCI compliance

  Troy Leach, technical director for the Payment Card Industry Security Standards Council recognizes a gap in the standard when it comes to addressing the security of payment card data in cloud computing and virtualized environments. In an interview,...

• April 21, 2009 21 Apr'09

  VMware releases long-awaited VMsafe security API

  With the release, the virtualization powerhouse will now enable third-party security vendors to apply security within the hypervisor to safeguard virtual machines at the host level.

• April 17, 2009 17 Apr'09

  Google to defend the cloud at RSA Conference

  Cloud computing is changing the way we do business; the scalability, flexibility and cost savings are seductive, even irresistible. But, as with every "next big thing" in technology, security is a potential stumbling point. The distributed computing...

• April 15, 2009 15 Apr'09

  Cloud computing group to face challenges ahead

  The Cloud Security Alliance will need to sharpen its focus if it expects to contribute useful information and foster a discussion around security in the cloud.

• September 15, 2008 15 Sep'08

  McAfee debuts protection for offline virtual environments

  Total Protection for Virtualization is a suite of products that includes a component that scans offline virtual images for configuration and security vulnerabilities.

• August 19, 2008 19 Aug'08

  Check Point adds virtual firewall appliance

  Indianapolis-based BlueLock LLC uses Check Point's virtual firewall appliance to secure its VMware infrastructure.