[Log In] []

Exploring the science and magic of Identity and Access Management
Friday, March 29, 2024

CSA – State of Cloud Security in 2016

Cloud Computing, Information Security
Author: Mark Dixon
Wednesday, May 18, 2016
5:30 pm

CSA2016

The State of Cloud Security 2016, published by the Cloud Security Association Global Enterprise Advisory Board, is a short, but interesting document, focused on articulating the gaps in current cloud security practices to help cloud providers better understand the needs of their customers.

Cloud computing is an incredible innovation. While at its heart a simple concept, the packaging of compute resources as an on demand service is having a fundamental impact on information technology with far reaching consequences. Cloud is disrupting most industries in a rapid fashion and is becoming the back end for all other forms of computing, such as mobile, Internet of Things and future technologies not yet conceived. As governments, businesses and consumers move to adopt cloud computing en masse, the stakes could not be higher to gain assurance that cloud is a safe, secure, transparent, and trusted platform.

With the stakes rising in cloud adoption, cloud providers need to step up with better built-in security:

Cloud computing adoption is solid and increasing. Security and compliance can be adoption barriers. Now is the time to increase the pressure on cloud providers to build security in, not try to bolt it on as an afterthought.

Cloud computing demands new approaches to security:

We need to take a hard look at many of our existing security practices and retire them in favor of new “cloud inspired” approaches that offer higher levels of security.

Finally, solving these tough problems will require cooperative effort between cloud providers and their customers:

Both enterprises and cloud providers need to work together to better align their security programs, architectures and communications.

Let’s work together to conquer these tough challenges.  

Comments Off on CSA – State of Cloud Security in 2016 . Permalink . Trackback URL
WordPress Tags:
 

Cloud Security – 2016 Spotlight Report

Cloud Computing, Information Security
Author: Mark Dixon
Wednesday, May 18, 2016
5:02 pm

Spotlight title

This afternoon, I read the Cloud Security – 2016 Spotlight Report, presented by CloudPassage. It was an informative report based on responses from a Linkedin security community. Aside from the insight it provided about Cloud Security, I found it intriguing that social media groups are proving to be a valuable source of market information.

The report focuses on the risk factors facing enterprises as they progressively adopt cloud computing

Security of critical data and systems in the cloud remains a key barrier to adoption of cloud services. This report, the result of comprehensive research in partnership with the 300,000+ member Information Security Community on LinkedIn, reveals the drivers and risk factors of migrating to the cloud. Learn how organizations are responding to the security threats in the cloud and what tools and best practices IT cybersecurity leaders are considering in their move to the cloud.

It is no surprise that security is a key concern.  I would expect such a response from a self proclaimed information security community.

Cloud security concerns are on the rise. An overwhelming majority of 91% of organizations are very or moderately concerned about public cloud security. Today, perceived security risks are the single biggest factor holding back faster adoption of cloud computing. And yet, adoption of cloud computing is on the rise. The overwhelming benefits of cloud computing should drive organizations and security teams to find a way to “get cloud done”. This is a prime example to where security can have a profound impact on enabling business transformation.

Spotlight concern

It was not surprising that most respondents thought that traditional security tools were inadequate.

The survey results confirm that traditional tools work somewhat or not at all for over half of cybersecurity professionals (59%). Only 14% feel that traditional security tools are sufficient to manage security across the cloud.

Spotlight tools

I am not a expert on the validity of this type of survey vs. a more traditional survey conducted outside of the social media environment, but I think it provides some valuable insight.  There is a lot of work to do, folks!

Comments Off on Cloud Security – 2016 Spotlight Report . Permalink . Trackback URL
WordPress Tags:
 

The Treacherous Twelve: Cloud Computing Top Threats in 2016

Cloud Computing, Information Security
Author: Mark Dixon
Wednesday, May 18, 2016
4:24 pm

Treacherous12

This week, I read an interesting report created by the Top Threats Working Group of the Cloud Security Alliance and sponsored by Hewlett Packard. Entitled, “The Treacherous Twelve: Cloud Computing Top Threats in 2016,” this report points out that new security vulnerabilities are emerging …

the improved value offered by cloud computing advances have also created new security vulnerabilities, including security issues whose full impacts are still emerging.

… and that security is no longer just an IT issue. 

The 2016 Top Threats release mirrors the shifting ramifications of poor cloud computing decisions up through the managerial ranks. Instead of being an IT issue, it is now a boardroom issue.

More vulnerabilities and increased business awareness/responsibility. The urgency of security is rising.

The report identifies security concerns so business leaders can make better decisions about security:

The purpose of the report is to provide organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk management decisions regarding cloud adoption strategies. The report reflects the current consensus among security experts in CSA community about the most significant security issues in the cloud.

The 12 critical issues to cloud security (ranked in order of severity per survey results):

  1. Data Breaches
  2. Weak Identity, Credential and Access Management
  3. Insecure APIs
  4. System and Application Vulnerabilities
  5. Account Hijacking
  6. Malicious Insiders
  7. Advanced Persistent Threats (APTs)
  8. Data Loss
  9. Insufficient Due Diligence
  10. Abuse and Nefarious Use of Cloud Services
  11. Denial of Service
  12. Shared Technology Issues

The report provides includes a variety of useful information about each critical issue, including:

  1. Description
  2. Business Impact
  3. Anecdotes and Examples
  4. List of applicable controls from the Cloud Control Matrix (CCM)
  5. Links to further information

Some of the anecdotes are both intriguing and disturbing:

British telecom provider TalkTalk reported multiple security incidents in 2014 and 2015, which resulted in the theft of four million customers’ personal information. The breaches were followed by a rash of scam calls attempting to extract banking information from TalkTalk customers. TalkTalk was widely criticized for its failure to encrypt customer data.

Praetorian, an Austin, Texas-based provider of information security solutions, has launched a new cloud-based platform that leverages the computing power of Amazon AWS in order to crack password hashes in a simple fashion.

Heartbleed and Shellshock proved that even open source applications, which were believed more secure than their commercial counterparts … , were vulnerable to threats. They particularly affected systems running Linux, which is concerning given that 67.7% of websites use UNIX, on which the former (Linux) is based.

In June 2014, Code Spaces’ Amazon AWS account was compromised when it failed to protect the administrative console with multifactor authentication. All the company’s assets were destroyed, putting it out of business.

The threat is real, folks.  Be careful out there!

Comments Off on The Treacherous Twelve: Cloud Computing Top Threats in 2016 . Permalink . Trackback URL
WordPress Tags:
 

Is it Real?

Social Media, Space Travel
Author: Mark Dixon
Wednesday, May 18, 2016
1:34 pm

Shuttle

This morning, I saw a cool photo of the Space Shuttle bursting through the clouds on Facebook and shared it with my friends.  

But alas, I subsequently found out in an article on Universe Today, that photographer Richard Silvera faked it;

The picture of the sky and clouds was taken by me from an airplane, and the shuttle is a picture from NASA. Then the assembly was done in Photoshop & Lightroom.

So, as the wise Abraham Lincoln once said, “Don’t believe everything you read on the Internet.”

Or was that George Washington?

Comments Off on Is it Real? . Permalink . Trackback URL
WordPress Tags: ,
 
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.