Can You Get Cyber Insurance for Cloud Computing?
A recent Business Insurance article addressed the applicability of cyber risk insurance to cloud computing. The article concludes that existing cybersecurity insurance policies are generally written in language broad enough to include cloud services under the category of outsourcing. Cybersecurity insurance is an important thing to consider, because cloud providers accept little to no liability. […]
Will My Cloud Provider Read My Data?
In my last blog post, I explained how you can verify that Amazon cloud storage is zeroized before being redeployed for the next user. But what about the cloud provider browsing through your data? After all, it’s stored on their hardware in their facility, so they have physical access plus the ability to interact with […]
Who Can Read My Data in the Cloud?
For the sake of your compliance, you hope that the answer is ”nobody”! For most organizations, confidentiality is the greatest concern. The most worrying thing about using cloud technology is storing your data on someone else’s hardware. But how big of a risk is this, really? Stored data should be encrypted. However, how much of […]
Patching the Cloud
Vulnerability CVE-2012-0056 is a nasty one if you’re running a Linux kernel release 2.6.39 through 3.2.1. The exploit is a privilege escalation attack, meaning that the attacker has to get a foothold on your system. But once the attack has an unprivileged process on your system, its privileges can be elevated to root. Game over. […]
Migrating to the Cloud: Do You Need Assistance?
Cloud technology intimidates many organizations. The mechanics of setting it up are very different from the traditional model. Several companies offer services establishing and maintaining cloud architectures for their customers. Many people call these providers ”cloud brokers.” To me, the term ”cloud concierge” or ”cloud butler” is far more descriptive. I guess I’m thinking of […]