Archive for the ‘Cloud Computing’ Category
December 10, 2011
Jaikumar Vijayan / ComputerWorld
Federal CIO Steven VanRoekel Thursday unveiled the Federal Risk and Authorization Management Program (FedRAMP), which establishes a set of baseline security and privacy standards that all cloud service providers will need to meet in order to sell their products to government agencies.
The program requires that all federal agencies use only FedRAMP-certified cloud services and technologies for public clouds, private clouds, hybrid clouds and community clouds. The program also covers all cloud service models, including Software as a Service (SaaS) and Platform as a Service (PaaS).
Posted in Cloud Computing, Laws and Regulations, Senate or House Bill, Standard / Framework | Leave a Comment »
November 26, 2011
Richard Dreger / InformationWeek
To provide segmentation, you need the physical hardware team, and maybe the systems team, to configure the SAN disk arrays to balance performance, storage, and access requirements. Sure, you could physically carve up the disks and give different slices to each customer to provide a physical boundary, but this concept is anathema to performance-minded shops and the private cloud model.
Posted in Cloud Computing, Infrastructure Security, Security Strategy | Leave a Comment »
November 5, 2011
Eric Chabrow / BankInfoSecurity
The National Institute of Standards and Technology said the draft publication defines high-priority requirements for standards, official guidance and technology developments that need to be met in order for agencies to accelerate their migration of existing IT systems to the cloud computing model. “A key contribution of the roadmap effort is to focus the discussion to achieve a clear understanding between the government and private sector, particularly on the specific technical steps – standards, guidance and technology solutions – needed to move federal IT from its current early-cloud state to a cloud-based foundation, as envisioned in the Federal Cloud Computing Strategy.
Posted in Cloud Computing, Infrastructure Security, Laws and Regulations, Policy and Governance | Leave a Comment »
October 11, 2011
Wolfgang Gruener / Tom’s Hardware
Researchers at North Carolina State University and IBM said they may have found a way to effectively protect certain information in cloud and services environments. A new technique called Strongly Isolated Computing Environment” (SICE) aims to isolate sensitive information and workload from the rest of the functions performed by a hypervisor, which serves as gateway to a virtual, cross-platform workspace shared by users in a cloud system.
Posted in Cloud Computing, Cybersecurity, DDoS | Leave a Comment »
October 2, 2011
Gunnar Peterson, in his feed on Intel’s Cloud Access Security blog, discusses four Anti-Patterns that have emerged in Cloud Security
The first step to dealing with Cloud Security Anti-Patterns is deploying a Policy Enforcement Point to give the Information Security team a place to implement controls that avoid the Anti-Patterns and enable more robust security architecture.
A checklist for Mitigating the Anti-Patterns
- Low/no access control – strong access control protocols for authentication and authorization
- Replicating user accounts – retain enterprise provisioning on Cloud Consumer side
- Copying credentials – implement federated identity
- “Trusted” proxy – improved audit logging and monitoring on the Gateway
Posted in Authentication, Cloud Computing, Cybersecurity | Leave a Comment »
May 31, 2011
@The Invisible Things Lab’s blog by Joanna Rutkowska
One doesn’t need to be especially smart or security conscious to realize how much this might be a threat to security and privacy. How much easier would it be to attack somebody’s laptop if I knew precisely in which hotel and when he or she is planning to stay? How much more expensive would my health and life insurance be, if they could get a look at my health and fitness progress? Etc.
But we’re willing to sacrifice our privacy and security in exchange for easy of syncing and sharing of our data. We decide to trust The Cloud. What specifically does that mean?
Posted in Cloud Computing, Consumer Information Protection, Cryptography, Privacy | Leave a Comment »
