Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How Cloud Security Drives Business Agility
Newest First  |  Oldest First  |  Threaded View
Ulf Mattsson
50%
50%
Ulf Mattsson,
User Rank: Moderator
1/7/2014 | 1:57:04 PM
New interesting data security method for Cloud data
I agree that "Looking at today's security problems, the landscape is littered with methods that are largely manual and disconnected".

I agree that "Business systems are launched and retired faster than security teams can identify, analyze, and track", but I think that data is more constant.

I agree that "Risks are implicitly accepted by business sponsors during design, development, and operation, but mitigated only when pressed by security and risk management", but I think that security should be built into the data values.

I agree that "Security policies are enforced primarily by manually executed audits and processes", but I think that they should instead be automated.

I agree that "Scaling today's information security and risk management problems to cloud velocity is untenable, but I found interesting new in a report from the Aberdeen Group that "saw a big advantage in performance" and also scalability over traditional security methods.

The report also revealed that "Over the last 12 months, tokenization users had 50% fewer security-related incidents(e.g., unauthorized access, data loss or data exposure than tokenization non-users". Nearly half of the respondents (47%) are currently using tokenization for something other than credit card data. The name of the study, released a few months ago, is "Tokenization Gets Traction". 

I think that the Aberdeen approach based on data tokenization is an interesting data security method for Cloud data.

Ulf Mattsson, CTO Protegrity.
cbabcock
50%
50%
cbabcock,
User Rank: Apprentice
1/7/2014 | 1:35:16 PM
Continuous protection is a good idea
Bankim Tejani has come up with an excellent idea. Scanning cloud applications as they start or restart is continuous protection, instead of occasional, manual protection. If there's any suspicion of intrustion, shut it down and restart. And the central idea of automating the task is a core idea of cloud operations. With such a scanning procedure in place, the public clolud would become a more secure scene of operations than most enterprise data centers.
Stratustician
50%
50%
Stratustician,
User Rank: Moderator
1/7/2014 | 1:34:53 PM
Secure begins in VM infancy
A great article, with some really great advice on how to properly secure these environments.  Another point to perhaps bring up is to create a secure VM image that is used to create additional VMs.  This way you can almost guarantee the right security controls are in place as long as they exist in the master image.  This means spinning off new VMs are quicker, more secure and have the right policies in place right from the start.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/7/2014 | 1:07:34 PM
Re: Cloud security -- FedRAMP
Thanks for the heads up about FedRAMP, Wyatt. I notice they have a cloud best practices document with a section devoted to cloud security. To access the link, click here
WKash
50%
50%
WKash,
User Rank: Apprentice
1/7/2014 | 11:31:40 AM
Cloud security
Any enterprise that wants a glimpse of what industrial strength cloud security controls look like should take a closer look at the FedRAMP protocols and controls establshed by the federal government and gaining wider adoption by leading cloud service providers.

Not familiar with FedRAMP? Read more at http://www.informationweek.com/security/risk-management/qanda-fedramp-director-discusses-cloud-security-innovation/d/d-id/1112142 or visit www.fedramp.gov.

 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-22392
PUBLISHED: 2021-08-05
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
CVE-2021-3591
PUBLISHED: 2021-08-05
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2021-3642
PUBLISHED: 2021-08-05
A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final.
CVE-2021-3655
PUBLISHED: 2021-08-05
A vulnerability was found in the Linux kernel in versions before v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
CVE-2021-32003
PUBLISHED: 2021-08-05
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.