Portability and interoperability in cloud computing may seem tangential to security, but avoiding vendor lock-in is about more than having access to competitive pricing or better service. When relying on a single provider there is inherent risk, especially in the availability of the service and data. Throughout history the need for portability and interoperability has…
Read MoreTrend Micro has been talking to many data center security folks and Infrastructure-as-a-Service (IaaS) providers to understand the dynamics of cloud security. Something that strikes me is their frequent (mis)perception that the Infrastructure-as-a-Service provider will take care of security in the public cloud. IaaS providers are doing a decent job of baseline security (physical security,…
Read MoreAdding to what my colleague Todd has written on the Microsoft/Danger data loss issue… What has been billed as a large scale failure of cloud computing, more specifically, cloud storage, is making headlines and generating lots of heat but little light. Major outage hits T-Mobile Sidekick users: “Users of T-Mobile’s Sidekick have been suffering through…
Read MoreT-Mobile USA’s Sidekick mobile phone service operated by Microsoft’s Danger subsidiary encountered a service disruption that resulted in some Sidekick phone customers losing their personal information including contact names, phone numbers and digital photos (the New York Times had a summary, and The Register has some juicy speculation on the origin of the outage). Many…
Read MoreAndreas Marx and Maik Morgenstern presented their paper “Why in-the-cloud scanning is not a solution” at the recent Virus Bulletin 2009 conference. The paper provided a list of the shortcomings of cloud-based security. Over the past year or so there have been several discussions on this topic, but Marx and Morgenstern have done a good…
Read MoreAmazon EC2 customers recently suffered from a concerted Distributed Denial of Service (DDoS) attack that caused some consternation for the web-based code hosting service Bitbucket (news courtesy of my favorite IT tabloid, The Register). An unfortunate fact of life about the massive DDoS such as Bitbucket appears to have suffered is that there is no…
Read MoreEvery day brings more headlines about social networking, cloud computing and Software as a Service (SaaS). Each of these fast growth areas shares an important element in common – they rely on a movement of data from private computers into the public cloud. The theory goes that this data is protected by the service provider…
Read MoreThe US Federal Government recently announced its apps.gov portal for applications. This CNet News article provides a summary of what was announced by Federal CIO Vivek Kundra. apps.gov is a nice storefront featuring productivity applications to be used on non-sensitive data, and as such this announcement did not make big waves in the security community. …
Read MoreIt’s been almost four years ago since I started to look at the SaaS security model for Trend Micro. To be honest, being a software company, it was very hard getting anybody’s attention. However, the team persisted and sometimes learnt the hard way around what it takes to deliver high availability SaaS applications. Software as…
Read MoreBrightTalk is hosting a Cloud Security Summit on September 30. At this summit, industry leaders will dive into the different security options available across multiple cloud architectures, and case studies and association presentations will further illustrate the security issues facing the cloud today. Trend Micro’s CTO, Raimund Genes, will present “The Threat Cloud Landscape” discussing…
Read More