Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/20/2010
02:57 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Cloud Server Security Suite From CloudSigma

Software designed to work in conjunction with its existing innovative Web console interface

Zrich, Friday 17 September 2010 CloudSigma AG, a leading European provider of cloud servers, is pleased to announce the launch of the cloud security suite in conjunction with its cloud computing platform. Designed to work in conjunction with its existing innovative web console interface, the new security suite offers enterprise level security options for public cloud servers.

Patrick Baillie, CEO commented 'This latest announcement brings our cloud into the lead in terms of user controlled security options in the public cloud arena. Features such as two-stage authentification, IP white lists and more mean adding a public cloud to your infrastructure doesn't mean taking a step down in terms of security.'

By adopting best practices from other areas of the IT industry (such as banking), CloudSigma is leading the way in delivering public cloud servers that meet or exceed the level of security offered by traditional dedicated server hosting.

Control Access to your Cloud Servers Will full software level control of cloud servers in the CloudSigma cloud, protecting direct server access is 100% controlled by the user. This allows users to implement their own security policies on their servers with regards to OS and application access and networking firewalls. The new suite of security settings allow customers to fine tune the nature and method of access interfaces to the cloud management layer. These controls include:

- enable/disable FTP gateway functionality

- control web console inactivity timeout periods

- allow two stage login authentification using SMS

In this way customers can dial in the level of restriction they wish to achieve with their web console access. The two stage authentification combines the usual initial username/password combination with a second stage SMS code verification step. This system is similar to the latest generation systems employed by banks to secure retail access to their online banking. All failed attempts are logged and the account owner is alerted instantly informing customers when a password has become compromised as well as providing a comprehensive audit trail.

Customised API Access API access represents a double-edged sword for those looking to use public Infrastructure-as-a-Service clouds. On the one hand it allows full automation of cloud infrastructure allowing automatic scaling, load balancing and more. At the same time however such powerful tools represent a significant threat to a company's infrastructure if not secured correctly. Detailed access control to the API is an essential part of maintaining the integrity of a company's infrastructure. The following new settings allow customers to secure and limit access:

- switch off API access completely

- create an IP white list for API access

- allow http/https or only https API access

- choose between plain or digest authentification

- choose between username/password or UUID/API key authentification

These critical settings allow customers to tightly control the access and authentification to the API. The combination of secured web console access and secured API access present a robust answer to the concerns that have been raised with regards to securing infrastructure in a public cloud environment.

Hybrid Cloud Ready Increasingly companies are using a combination of existing infrastructure with public clouds to benefit from the advantages of both models. A critical part of integrating a public cloud with existing corporate infrastructure is the ability to secure and control API and web console access.

Patrick Baillie, CEO continued 'We are seeing more and more demand from our customers for very fine grain security controls and audit trails from their cloud computing. New features such as our API white list and improved authentification options allow companies to bolt-on our public cloud to their existing infrastructure. Our customers are deploying VPNs then carefully restricting access to cloud infrastructure management tools using this security suite.'

For More Information Main website: http://www.cloudsigma.com Press Release: http://www.cloudsigma.com/about-us/press-releases/170 Twitter: http://www.twitter.com/CloudSigma

About CloudSigma AG CloudSigma AG, based in Zrich, Switzerland provides a pure Infrastructure-as-a-Service (IaaS) platform offering high security, flexible cloud servers. Our innovative web console as well as API are designed to make cloud computing and cloud hosting straightforward. High availability redundant infrastructure is backed up by a generous Service Level Agreement that covers not only availability but also performance.

Press Contact

Robert Jenkins

[email protected]

+41 (0)44 585 39 07

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20934
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVE-2020-29368
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-29369
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
CVE-2020-29370
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
CVE-2020-29371
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.