Who Will Maintain Your “Shadow IT”?
Last week and the week before I told about how a vulnerable cloud server was deployed and exploited, only noticed when the cloud provider’s IDS spotted the problem. In Learning Tree’s Cloud Security Essentials course we discuss the prevalence of “Shadow IT”, or the unauthorized and unrecorded purchase of cloud services. Now a recent survey […]
For Compliance, Keep Control of Your Encryption and Don’t Lose Your Head (Or Your Header)!
Cloud providers tend to be quite good at data integrity and availability. For confidentiality, not so much. IaaS services may provide you with good tools, but you will need to take advantage of them to achieve confidentiality in ways that will satisfy compliance audits. As I mentioned recently, Google’s new “by default” storage encryption isn’t […]
The Glacier Arrives, Slow and Quiet
A few weeks ago, Amazon announced its new Glacier service. It sure sounds like a great service, why aren’t we hearing more about it? If you haven’t heard about it yet, Glacier is a cloud based archiving service. It shares the underlying design of S3, which is intended to provide 99.999999999% durability. However, it costs […]