With the ongoing focus on RSA and in particular the well publicised hack and subsequent exploitation of the two factor authentication solution, SecurID, I thought it about time an objective response was made about RSA SecurID as opposed to the up in arms approach of “SecurID is broken”. More importantly, how can existing users of SecurID protect themselves until they get new tokens, whether through the normal lifecycle replacement or an RSA initiated full scale swap out. First off, what exactly has happened? It appears from the various security forums and technology websites that a targeted attack was made against
CIAvailability and economics of Internet Connectivity
Many discussions on cloud computing have thus have focused on Confidentiality and Integrity of Cloud provided services. But what about Availability as well? I think one of the biggest challenges is that if a company moves its core application processing infrastructure to cloud based services then access to these services is 100% reliant on an Internet connections. Gone will be the days when you turn up at work to find the Internet is down but at least you have access to your internal LAN and data centre which will give you your core tools for working and your files. Move it
Tagged Availablity, Cloud, Economics, Internet, Security
Cloud Provider Security
One of the questions I have been regularly asked by colleagues and customers alike is how do I know which of the growing band of “enterprise” cloud service providers is providing a secure cloud infrastructure, how are they doing it and are they doing it well. At this stage cloud providers treat some of the answers as proprietary or confidential and getting at the detail is almost impossible. But is this the correct way for cloud providers to engage with potential customers and security professionals alike? Recently Microsoft announced to the world its new Government Cloud Offering which offered security
Who’s job is it to move Cloud Compliance forward?
One of the issues Cloud Service Providers are facing at the moment is the significant confusion that they have between them generated about what cloud computing really is. One area is location of your cloud providers data centre – on the one hand you have global cloud providers such as Google and Amazon abstracting the location of the cloud data centers from the end customer, whilst on the other hand there are cloud providers taking the definition you posted and providing this from a contracted location. This becomes significant when you start dealing with compliance – lets take one simple
Tagged cloud compliance pci
Cloud Computing and Compliance
Over the past 6 months I’ve been busy considering how the cloud computing paradigm and traditional compliance requirements can work together, if at all. Given the change in subscriber/provider relationships compared to traditional co-lo/hosting operations I am sure that this is going to generate many headaches. Questions around where is your data actually being hosted…..today….tomorrow are immediate harbingers of concern when it comes to demonstrating compliance and that’s before you get into the issues around right to on-site audits, penetration testing and the such like. Cloud providers, subscribers and compliance auditors are all going to have to get their heads
Tagged cloud security compliance
