Risk
7/20/2010
07:41 PM
Keith Ferrell
Keith Ferrell
Slideshows
Connect Directly
RSS
E-Mail
50%
50%

Slideshow: Cloud Security Pros And Cons

Securing your business in the cloud can offer substantial savings and resources balanced by large and unexpected risks. In this review of cloud security silver linings and storms warnings, we look at some of the brightest and darkest security clouds.
Previous
13 of 13
Next


Every one of the cloud caveats we've explored is countered, if not offset, by a cloud benefit. Perhaps the biggest benefit of all is the sheer momentum cloud computing now carries. Even stodgy, staid industries and businesses are looking to the cloud now. While conservative financial industries and businesses embrace of the cloud doesn't indicate that all security issues have been resolved, their presence does say that the cloud may be no more risky than ground-based computing and connection. That sounds like faint praise, and it may be. But the risks we live with on the ground are risks we also learn to manage and correct on the ground. The same is true in the cloud. Make sure your security protections and procedures are completely up-to-date. Limit access only to those who require access. Be sure you have non-cloud-based iterations of vital data stored in the cloud. Taking care with these and related issues will help see to it that your cloud-based experiences provide you with silver linings, rather than storms.

Previous
13 of 13
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0640
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.

CVE-2014-0641
Published: 2014-08-20
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.

CVE-2014-2505
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.

CVE-2014-2511
Published: 2014-08-20
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.

CVE-2014-2515
Published: 2014-08-20
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Dark Reading continuing coverage of the Black Hat 2014 conference brings interviews and commentary to Dark Reading listeners.