The Benefits of Software-Defined Security
At Gartner’s Security & Risk Management Summit, analysts identified
2014’s Top 10 Technologies for Information Security. They singled out
software-defined security as a trend to watch, stating that because its
“impact on security will be transformational.”
Read the full article at Information Security Buzz.
AWS Security Tips from Amazon Web Services CISO, Stephen Schmidt
In a recent interview at AWS re:Invent, the vice president of AWS security
engineering and the chief information security officer of Amazon Web
Services, Stephen Schmidt, had these cloud security tips for AWS customers:
1. Understand your part of the shared responsibility model
“It’s a shared responsibility. We are responsible for the bottom layer.
We are responsible from the floor of the data center up to the hypervisor,”
According to FierceCIO, this means that “deploying a cloud infrastructure
Recently, in our post on Database security in the cloud, we reviewed the
threats against database installations in the cloud and best practices for
protecting your data. A number of customers have asked us follow-on
Which database brands are open and tested with these techniques? What are the
most significant gotchas? What performance, scalability and fail-safe
characteristics can they expect when securing their database in the cloud?
We have found that all the major relational database brands (MySQL, Oracle,
Microsoft SQL Server, and IBM DB2, among others) can work wel... (more)
More and more enterprises now rent space or servers on the cloud to store
data. However, the fact that such data remains outside the ambit of the
enterprise’s security system and invisible to the enterprise poses a
serious security headache.
Porticor Virtual Private Data, an Israeli based start-up now offers
technology that allows organizations to encrypt data held in the cloud.
The service, which includes a Virtual Appliance and an agent software, offers
standard AES 256 or Blowfish encryption that has a maximum key length of 2048
bits. A unique “split-key” method adds to the sec... (more)
The new and enhanced HIPAA omnibus standard brings an interesting question
with regards to cloud security and the shared responsibility model in IaaS
clouds. Since the release of the HIPAA omnibus, we’ve received many
questions around “BAA” agreements, and how the responsibility split
actually happens between (for example) the cloud provider and an ISV
providing a healthcare application in an IaaS environment.
Cloud HIPAA compliance still requires a shared responsibility model
Without getting to the details of what a “Business Associate Agreement”
means, I’ll simply say that the u... (more)