Tag Archives: cloud

My latest Gartner research: Market Insight: Security Market Transformation Disrupted by the Emergence of Smart, Pervasive and Efficient Security

1 February 2017  |  …fits into/addresses these situations. Analysis by Perry Carpenter and Lawrence Pingree Technologies such as cloud, software-defined networking (SDN), network…or managed services. Analysis by Ruggero Contu, Perry Carpenter and Lawrence Pingree By 2020, integrated security models, such as…

Gartner clients can access this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest Gartner research: Vendor Rating: Huawei

Huawei has established itself as a solid provider of ICT infrastructure technologies across consumer, carrier and enterprise markets worldwide. CIOs and IT leaders should utilize this research to familiarize themselves with Huawei’s “all-cloud” strategy and ecosystem development….

Gartner subscribers can access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hackers give up when they go up against this cybersecurity company

http://fortune.com/2015/07/29/crowdstrike-cybersecurity-george-kurtz/ By Robert Hackett @rhhackett Fortune.com July 29, 2015 It’s not every day that a company can compel hackers to give up. Yet that’s exactly what CrowdStrike managed to do earlier this year. CEO and co-founder George Kurtz tells it like this: A besieged customer needed backup. So Kurtz’s team sent in reinforcements, placed its cloud-based software sensors across the breached business’s computing environment, and started gathering intel. Aha! Investigators spotted Hurricane Panda, an old Chinese nemesis that Kurtz’s crew had been battling since 2013. What happened next surprised them: When the attackers scanned an infected machine only to find traces of CrowdStrike, they fled. CrowdStrike’s reputation precedes it. The company, founded in 2011 and based in Irvine, Calif., has gone toe-to-toe with some of the world’s most sophisticated state-sponsored hacking groups. The firm analyzed the data behind the breaches of millions of sensitive records at the Office of Personnel Management, the federal agency responsible for human resources, in what may have been the biggest act of cyberespionage the U.S. has ever seen. It has published threat reports on many of the more than 50 adversaries it tracks, which include the likes of Ghost Jackal (the Syrian Electronic Army), Viceroy Tiger (an Indian intruder), and Andromeda Spider (a criminal coterie). Between 2013 and 2014 its revenue grew 142% and its customer base more than tripled, two reasons Google Capital GOOG 0.63% , the tech giant’s growth equity arm, led a $100 million investment in CrowdStrike in July, its first ever for a computer security company. Kurtz used to travel hundreds of thousands of miles a year as CTO of McAfee, now called Intel Security INTC 0.17% , to meet with beleaguered customers. It struck him that they did not need more anti-malware and antivirus products, the traditional realm of information security, so much as software oriented toward tradecraft and technique, the domain of cyberspies. Co-founder and CTO Dmitri Alperovitch, then McAfee’s head of threat intelligence, agreed. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] How To Break Into the CIA’s Cloud on Amazon

http://www.defenseone.com/technology/2015/07/how-break-cias-cloud-amazon/117175/ By Patrick Tucker defenseone.com July 7, 2015 Last year, Amazon Web Services surprised a lot of people in Washington by beating out IBM for a $600 million contract to provide cloud services and data storage to the CIA and the broader intelligence community. But more money can bring more problems. Amazon, in essence, has turned itself into the most valuable data target on the planet. The cloud is completely separate from the rest of the Internet and heavy duty encryption is keeping the spies’ secrets relatively safe from outsiders — but what about an attack from within? In 2010, Army PFC Bradley — now Chelsea — Manning explained how she stole millions of classified and unclassified government documents: “Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis.” She “listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history.” So if you wanted to pull off a similar feat at Amazon, how would you do it? First, get a job at Amazon’s Commercial Cloud Service or C2S, sometimes called the “spook cloud.” According to this help-wanted ad, applicants must pass a single-scope background investigation—in essence, the kind of detailed 10-year background check required for a Top Secret security clearance. Of course, to a savvy spy or informant, obtaining top-secret clearance is not the barrier it once was. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Evident.io encourages startups to boost AWS security

http://www.cloudpro.co.uk/cloud-essentials/cloud-security/5177/evidentio-encourages-startups-to-boost-aws-security By Clare Hopping Cloud Pro June 25, 2015 Evident.io has announced a startup and small business AWS Cloud Security platform to help those without a dedicated security resource ensure their Amazon cloud infrastructure is protected. Adrian Sanabria, an analyst with 451 Research, commented: “The rise of cloud computing has enabled small businesses to grow and thrive with affordable cloud infrastructure and powerful cloud-based tools, but it’s also created unprecedented security threats.” He explained that startups often set up multiple severs in the cloud before even thinking about the security implications this has, employing a security expert or buying even basic equipment for the office. It’s this ‘cloud-first’ attitude that can get organisations into trouble when it comes to securing their systems. “The biggest risk with cloud infrastructure, especially for ‘cloud-first’ businesses, is the management plane,” he commented. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Do cruises and clouds help security pros relax on vacation?

http://www.csoonline.com/article/2936175/security-leadership/do-cruises-and-clouds-help-security-pros-relax-on-vacation.html By Kacy Zurkus CSO June 22, 2015 Packing the suitcases and setting off on vacation doesn’t necessarily mean that IT executives are able to completely disconnect while away from work, but they are enjoying more downtime. Though they still feel the need to check in at least once a day, more executives say that their staff are well equipped to deal with critical situations. According to a recent survey conducted by TekSystems, a leading provider of IT staffing solutions, “Just 13 percent of senior-level IT professionals say they feel obligated to be accessible 24/7 during a normal work week in 2015, a significant drop from the 61 percent that said the same the previous year.” Those that are checking in admit that the motivation is either to reduce the overwhelming number of emails that they will return to or a bit of a character flaw in that they can’t let go. Shaun Miller, Information Security Officer at Bank of Labor, admits that he checks in two to three times a day, “partly because things nag at me. I want to check to see no emails. I’m usually checking in for peace of mind.” Miller said that while his work phone is normally forwarded to his cell phone, he turns that forwarding off while on vacation. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest Gartner research: Invest Insight: Focus on Imperva

This research looks at various segments relevant to Imperva — Web application firewalls (WAFs), data-centric audit and protection (DCAP), cloud security, and cloud access security brokers (CASBs) — to provide the reader with the ability to assess the company’s prospects. Based in Redwood Shores, California, Imperva provides hardware and software cybersecurity solutions designed to protect data and applications in the cloud and on-premises. Customers use these solutions to discover assets and risks, protect information, and comply with regulations. …

Gartner clients can access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CfP – Workshop on Security and Privacy in Cloud-based Applications (in conjunction with ARES EU Projects Symposium 2015)

Forwarded from: “Egner, A.I.” *** Apologies for multiple copies *** CALL FOR PAPERS ************************************************************************ Workshop on Security and Privacy in Cloud-based Applications (in conjunction with ARES EU Projects Symposium 2015) Université Paul Sabatier, Toulouse, France, August 24th – 28th, 2015 http://www.ares-conference.eu/conference/ares-eu-symposium/au2eu/ ************************************************************************ Cloud services and cloud-based applications have become increasingly popular in the recent years. Security and privacy of the cloud-based applications have always been major roadblock for wide use of cloud services that involve sensitive data. Therefore this research field attracts a lot of attention from the academia and industry. The aim of the workshop is to provide the environment to exchange ideas and to foster discussions on a broad list of aspects related to privacy and security of cloud-based applications, and to find answers to questions like: How do we design authentication and authorization frameworks for cross-cloud environments, supporting different identity/attribute providers and organizational policies while guaranteeing privacy, security and trust? How can we extend current solutions with higher assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption techniques to address specific security and confidentiality requirements of large distributed infrastructures? What is the best way to validate practical aspects of the cloud-based applications, such as scalability, efficiency, maturity and usability? Next to regular sessions with research papers, the workshop will include an invited talk as well as a round table on “Evolution of privacy-preserving authentication and authorization tools: from concepts to deployment“, presenting the results of the FP7 AU2EU project (http://www.au2eu.eu/). CONFERENCE TOPICS The conference topics include, but are not limited to: – Privacy-preserving Authentication – Attribute-based Authorization – Integrated Authentication and Authorization – Assurance of Claims – Crypto-based Policy Enforcement – Attribute-based Encryption – Secure Data Management – Key Management – Trust Management – Operations under Encryption – Homomorphic Encryption – Searchable Encryption – Privacy-Preserving Data Mining – Security as a Service – Big Data Security PAPER SUBMISSIONS The proceedings of ARES 2014, published by Conference Publishing Services (CPS), are available here in the IEEE XPlore Digital Library. Authors are invited to submit research and application papers according the following guidelines: 8 pages (a maximum of 10 pages is tolerated), two columns, single-spaced, including figures and references, using 10 pt fonts and number each page. Submitted papers will be carefully evaluated based on originality, significance, technical soundness, presentation and clarity of exposition. Simultaneous submission of the same work to multiple venues, submission of previously published work, or plagiarism constitutes dishonesty or fraud. ARES, like other scientific and technical conferences and journals, prohibits these practices and may take action against authors who have committed them. Contact author must provide the following information at the ARES conference system: paper title, authors’ names, affiliations, postal address, phone, fax, and e-mail address of the author(s), about 200-250 word abstract, and about five keywords. Accepted papers will be given guidelines in preparing and submitting the final manuscript(s) together with the notification of acceptance. Double blind review: ARES requires anonymized submissions – please make sure that submitted papers contain no author names or obvious self-references. Details about submission can be found here: http://www.ares-conference.eu/conference/conference/submission/ IMPORTANT DATES Submission Deadline May 8, 2015 Author Notification June 1, 2015 Proceedings Version June 8, 2015 Conference August 24-28, 2015 PROGRAM CHAIRS – Milan Petkovic (General Chair), Philips Research / Eindhoven University of Technology – Netherlands – Jan Camenisch (Program Co-Chair), IBM Research – Zurich, Switzerland – John Zic (Program Co-Chair), CSIRO – Sydney, Australia – Alexandru Egner (Organization Co-Chair), Eindhoven University of Technology – Netherlands PROGRAM COMMITTEE – Giuseppe Ateniese, Sapienza University of Rome, Italy – George Danezis, University College London, UK – Refik Molva, EURECOM, France – Gerrit Bleumer, Scheidt & Bachmann, Germany – Ljiljana Brankovic, University of Newcastle, Australia – Jeroen Doumen, Irdeto, Netherlands – Csilla Farkas, University of South Carolina, USA – Pietro Colombo, University of Insubria, Italy – Simone Fischer-Hubner, Karlstad University, Sweden – Dieter Gollmann, Hamburg University of Technology, Germany – Tanya Ignatenko, Eindhoven University of Technology, Netherlands – Mizuho Iwaihara, Waseda University, Japan – Sushil Jajodia, George Mason University, USA – Nguyen Manh Tho, Vienna University of Technology, Austria – Guenther Pernul, University of Regensburg, Germany – Bart Preneel, KU Leuven, Belgium – Kai Rannenberg, Goethe University Frankfurt, Germany – Ahmad-Reza Sadeghi, Darmstadt University, Germany – Andreas Schaad, Huawei Research – Yuan Zhang, State University of New York at Buffalo, USA – Sabrina De Capitani di Vimercati, University of Milan, Italy For any questions, please contact the organization co-chair: a.i.egner (at) tue.nl


Facebooktwittergoogle_plusredditpinterestlinkedinmail