Programmable Security – Architecting for the Future
Following my Friday fun post titled ‘Houston We have a Problem…(aka A Cool State of Security Report 2013‘, an interesting discussion started on twitterverse regarding liabilities to damages related to...
View ArticleThe Value of FedRAMP Compliant Cloud Service Providers
FedRAMP (Federal Risk and Authorization Management Program) is a US Government initiative to enable government organisations to procure security accredited Cloud Service Providers (CSPs). The program...
View ArticleWith Great Cloud Apps Comes Great Security – Authentication At Least!
Twitter released its two-factor authentication ‘feature’ yesterday. Given the time it took to roll it out, I anticipated it to be a non-shared dedicated mobile application (like Microsoft or Google)...
View ArticleProgrammable Security – The Security API Calls Are Coming. Who’s Taking Them?
Today, Rich Mogull of Securosis wrote a very interesting post on Software Defined Security (SDS) with AWS, Ruby and Chef. I’ve written my thoughts on programmable security earlier. It is great to see...
View ArticleWhat was/is wrong with RSA’s BSAFE?
Happy New Year! It has been a while. An article in The Register summarises the developments well on the RSA Conference boycott, so I will resist covering this for background. I spent sometime yesterday...
View ArticleBad security architecture – No substitute for CodeSpaces.com
Code Spaces will not be able to operate beyond this point. The cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for...
View ArticlePoll: Public Cloud Security – The Essential Controls Baseline
When consulting with the community on topics related to cloud, we often debate what is the minimum security baseline for an enterprise to look for in cloud service providers. We have created a public...
View ArticleThe State of Public Cloud Infrastructure Security
Last month, Gartner’s Research VP, Lydia Leong, published the popular Magic Quadrant on Cloud Infrastructure as a Service for 2014. The report is available for a free reprint here. The report...
View ArticleSwisscom follows Ericsson, buys into strategic OpenStack investments
Swisscom, the leading Swiss telecoms provider, has followed the footsteps of Ericsson. PLUMgrid and Swisscom announced today that they have teamed up to build secure, agile network infrastructure using...
View ArticleCloudLock’s Growth Continues, Confirms the Increasing Need for Cloud Security
The need to identify, assess and control the data going out to cloud is ever increasing. CloudLock, a cloud information security startup with more than 80 employees, posted a 114 percent revenue growth...
View ArticleSecurity Baseline For Public Cloud Infrastructure Services
Public cloud infrastructure providers primarily offer compute resources, storage resources, in the form of Block and Object Storage, and to a certain extent networking on a self-service pay as you go...
View ArticleBarbican: Data Security For OpenStack Clouds And More
I recently wrote about OpenStack Barbican for thenewstack.io here. This post aims to provide a deeper understanding of Barbican, the project benefits and some additional insights. We interviewed Jarret...
View ArticleWhy The Two-Factor Authentication User Atrocity Must Stop
We’ve all been advised to enable two-factor authentication (2FA) on our accounts. Being a security professional, I try and enable 2FA in applications and services whenever available and possible. If...
View ArticleHP Attempts To Corner Open Cloud With Eucalyptus
Eucalyptus is joining HP. With Citrix’s cloud leadership departing recently from the CloudStack project, it leaves OpenStack as the only open source project with solid support from the industry giants....
View ArticleInformation Transparency Reports: A Baseline for Cloud by Apple, Google and...
Apple released its privacy and transparency position in an update today. The emphasis clearly is to instil and maintain trust on issues around security and privacy for Apple device and service users....
View ArticleDuo Security – A New Approach to ‘What You Have’ in 2FA
We have written about the problems in using two-factor authentication earlier. The user experience from setup to the execution and management is not an easy one. To check the ‘usability-index’ of a...
View ArticleWhy Security Automation Is The Way Forward: Lessons from Bash Vulnerability
According to seclists.org, Stephane Chazelas discovered a vulnerability in bash, related to how environment variables are processed: trailing code in function definitions was executed, independent of...
View Article
