Cloud
12/23/2013
06:06 AM
Jerry Irvine
Jerry Irvine
Commentary
Connect Directly
LinkedIn
RSS
E-Mail

Mobility & Cloud: A Double Whammy For Securing Data

In 2014, legacy security solutions like firewalls and intrusion detection systems will no longer be sufficient to protect corporate data against BYOD and cybercrime.

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
MiltonKer
50%
50%
MiltonKer,
User Rank: Apprentice
1/11/2014 | 7:54:41 AM
Re: SLAs and transparency
As such SLAs are to be transparent because if required user is going to touch in groups.When it comes to cloud management tools key element has to be more focused.For better option refer to this tools.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
12/23/2013 | 1:48:44 PM
Re: SLAs and transparency
Thanks Jerry. do you find that most CSPs are willing to 'open their kimino" about their security practices directly to customers? Or is there an advantage to organizations to go through a third party audit? 
jirvine
50%
50%
jirvine,
User Rank: Apprentice
12/23/2013 | 1:43:09 PM
Re: SLAs and transparency
Thank you. There are some considerations that should be included within SLAs, specifically Security and Access. You should include the provisions to receive periodic reports from third party security auditors and penetration tests.  These reports should be required to be delivered directly to you from the vendor.  Additionally, you should be allowed to monitor systems uptime directly or via an independent monitoring solution. Independent verification and reporting allows for complete transparency and accountability for the vendor.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
12/23/2013 | 12:41:39 PM
SLAs and transparency
It's always a good to be reminded that technology is never a bullletproof security solution. The layered approach that you outline makes a lot of sense -- particularly with that double whammy of mobility and cloud. One question with respect to cloud SLAs -- any speciric recommendations on key elements that an SLA should include, in terms of tranperency and reporting? 

 

 
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

CVE-2014-2716
Published: 2014-12-19
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.