True story from the consulting trenches: the operations staff had left hours
ago, shaking their heads and reluctantly leaving the consultants to resolve a
problem with their code. It was well past midnight, in the middle of winter,
in a town many time zones from home. The project was late. Altogether, this
was an awkward situation that you probably know well.
The consultants - falling into that murky classification of not quite
outsider, nor regular employee - worked from hobbled accounts; the security
staff were pros and took their charge seriously. By 2:00 a.m., the group was
stuck. They needed to change a properties file residing on a remote server,
but the distributed file system wouldn't allow it, rightfully sneering at the
group like the grubbiest serfs in the kingdom. But there was a Web server...
...And this server was running as root. Before you could say "ex... (more)
I’m not sure who is more excited about the cloud these days: hackers or
venture capitalists. But certainly both groups smell opportunity. An
interesting article published by CNET a little while back nicely illustrates
the growing interest the former have with cloud computing. Fortify Software
sponsored a survey of 100 hackers at last month’s Defcon. They discovered
that 96% of the respondents think that the cloud creates new opportunities
for hacking, and 86% believe that “cloud vendors aren’t doing enough to
address cyber-security issues.”
I don’t consider myself a hacker (exce... (more)
I’ll be attending MobileWeek 2014 in New York City next Monday, April 13.
I’m at the conference all day, so drop by and say hello. Part way through
the day I’ll deliver a 2-minute lightning talk on mobile authentication
followed by a panel on enterprise mobile security and scalability.
The lightning talk is at 12:25 pm:
How To Make Mobile Authentication Dead Easy
Are your developers struggling to integrate mobile apps and enterprise data?
They shouldn’t be! In just 2 minutes, learn the easiest way to get easy
end-to-end security between your mobile apps and the enterprise—all wit... (more)
Cloud Security Journal on Ulitzer
Two weeks ago, I delivered a webinar about new security models in the cloud
with Anne Thomas Manes from Burton Group. Anne had one slide in particular,
borrowed from her colleague Dan Blum, which I liked so much I actually
re-structured my own material around it. Let me share it with you:
This graphic does the finest job I have seen of clearly articulating where
the boundaries of control lie under the different models of cloud computing.
Cloud, after all, is really about surrendering control: we delegate
management of infrastructure, application... (more)
Security, Management & Compliance Track at Cloud Expo
Register Today and Save $550 !
Explore Sponsorship Opportunities !
Today marks the beginning of RSA conference in San Francisco, and the Cloud
Security Alliance (CSA) has been quick out of the gate with the release of
its Top Threats to Cloud Computing Report. This peer-reviewed paper
characterizes the top seven threats to cloud computing, offering examples and
The seven threats identified by the CSA are:
Abuse and Nefarious Use of Cloud Computing Insecure Application Programming
Interfaces Malicious Insider... (more)