Access your Pro+ Content below.
Big data creates cloudy security forecast
This article is part of the March 2013/ Volume 15 / No. 2 issue of Information Security magazine
Back in 2009, some researchers at Sensepost Security in South Africa decided to poke around in the security mechanisms of a couple of the major cloud providers. The results were presented at Black Hat and Defcon. The researchers set limits for themselves so that they didn’t run afoul of the law, but still managed to find some fairly amusing gotchas. They were nice about it and passed along their findings to the relevant cloud providers. And none of the security holes they uncovered resulted in major breaches or takedowns. Still, it made a skeptic out of me where cloud security was concerned. For a couple of years, my answer to “how do you secure the cloud?” was “it can’t be done.” I’m still pretty skeptical about cloud security. I’ve grudgingly come to recognize, however, that some pretty good work is going on, to make it possible to control the quality of security you get in Web deployments, and to monitor what’s going on in your slice of the cloud. Even if application security in the cloud isn’t yet ironclad, it’s increasingly...
Features in this issue
Outsourcing security services doesn’t have to mean moving to the cloud. Enterprises have many options for outsourcing security services, including managed and hosted services.
In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed.
The growing use of big data analytics has created big data privacy concerns, yet viable tactics exist for proactive enterprises to help enterprises get smarter while keeping consumers happy.
Columns in this issue
Security in the cloud has come a long way and it’s now possible to control the quality of security you get in Web deployments, and to monitor what’s going on in your slice of the cloud.
A security-savvy IT staff can help reduce risk. Learn about information security training and education options for IT professionals.
Marcus Ranum, security expert and Information Security magazine columnist, goes one-on-one with Randy Sabett, counsel at ZwillGen PLLC and formerly with the National Security Agency to discuss cloud SLAs.