Cloud services. You may or may not think about them, but they are no longer a talk of the future. Some of you probably listen to Rhapsody and Rdio, which are cloud-based streaming music services. Others perhaps use a cloud-based compression service Onavo to shrink your smartphone data and your monthly bill. Storage (Dropbox), email, social media, banking, location-based services (GPS), just to name some, all at your fingertips. For small and mid-size businesses, there’s a wide range of cloud services including productivity, finance, and accounting. For many companies and organizations, cloud adoption is on top of their priority list.
Before we continue to ride the cloud at lightning speed, shall we pause a moment to reflect on the risks? After all, there are many things that can threaten our data and services. To learn more about the current threat landscape, watch a rich and compelling on-demand webcast by Patrick Gray, principal security strategist at Cisco. Here are some specific concerns and action to take.
Read More »
Tags: cloud, Cloud Computing, cloud security, cyber-security-month-2011, security
Yes, but only if there is Trust…
Do you remember not too long ago hopping into your car, driving, across town (when gas was $1- something) to your local retail store and searching the computer department to purchase a cereal box that contained between 2- 8 3.5” (or are you “wise” enough to remember 5.25” floppy) disks? The disk contained software that would entertain us, make us more productive and educate. If you don’t remember that, how about going to the record store and perusing the aisles for hours reading the CD boxes that were twice as big as the CD.
Well those days seem long past; and inserting a disk in anything these days….well, seems a bit ancient.
We’re now spoiled with the conveniences of iTunes, Salesforce.com, Facebook, Youtube, Yahoo Mail, etc.. In addition, we’re all too familiar with the seemingly millions of applications that run on a myriad of mobile appliances. None of these programs run on our PC’s hard drive. They’re browser based applications that are essentially utility services which we share with thousands of users.
So, I began to ponder the question, “What’s the big deal about the Cloud in Manufacturing and Enterprise?” Read More »
Tags: Borderless Networks, Cisco, cloud, cloud security, cloud_computing, collaboration, ERP, Factory, IaaS, innovation, Manufacturing, MES, mobility, paas, R&D, Research and Development, SaaS, SCADA, security, trust, unified communications, video, wireless, XaaS
Tell me if this sounds familiar… you are asked to perform a penetration test on customer’s network to determine the security posture of their assets and the first thing they do is give you a list of assets that you are NOT allowed to test, because they are critical systems to the business. Ironic isn’t it? This is exactly the difficulty you can expect when performing penetration testing in the cloud, but multiplied by ten.
There is a lot to think about and plan for when you want to perform a penetration test in a cloud service provider’s (CSP) network. Before we get into the technical details, we need to start with the basics.
Read More »
Tags: cloud, Cloud Computing, cloud security, penetration testing, vulnerability assessment
Yes, the question is “Are you really secure?” Now that I’ve asked a loaded question, let me get to the point.
The term “secure” sure has a lot of different meanings depending on the context in which it is used. If we take it from a corporate security perspective, your options are somewhat limited to physical security, as in video surveillance or physical access, or logical security, as in your laptop or data access. But, when you ask a security professional if they are secure, they will most certainly take that in the context of what they can control, and will most likely answer “yes”.
Well, what about the things you cannot control? You can control which products you buy to provide security, you control how they are installed and configured, and you control the processes and procedures that identify how they are managed and updated. But, can you control how they are manufactured?
Read More »
Tags: cloud security, cyber security, cybercrime, data center, information security, network security, privacy, RSA, secure information, secure-id, security, virtualization
While the IT industry is in many ways moving toward an outsourced model, with the widespread adoption of the cloud and XaaS, marketing has been moving in a similar direction as well. And while PR agencies have been around for quite some time and it has been normal to look to outside agencies for help with creatives, over the past several years a new kind of service provider, the Email Service Provider, or ESP, has emerged from the shadows. Not to be mistaken for cloud-based email security services, ESPs are in the business of sending mass email (typically opt-in), not blocking it. Unfortunately, for many, their first exposure to these companies (outside of an inbox full of enticing offers) has been via news around data breaches, first, in 2010 with Silverpop and now Epsilon.
Read More »
Tags: cloud, cloud security, email, phishing, security, spear phishing