Google launches customer-supplied encryption keys for greater cloud security

(c)iStock.com/serg3d

Google has launched customer-supplied encryption keys (CESK) for its Compute Engine infrastructure as a service (IaaS), which enables organisations to better protect their cloudy data.

The search giant automatically encrypts customer content stored at rest, including all Compute Engine disks, but in a blog post written by Maya Kaczorowski and Eric Bahna, product managers at Google Cloud Platform, the new release is aimed to be “secure, fast and easy” for users.

“With CESK, disks at...

By James Bourne, 05 August 2016, 0 comments. Categories: Data Management, IaaS, Infrastructure, Security.

Microsoft secures ISO 27017 security certification around cloud-specific threats

(c)iStock.com/Gajus

Microsoft has announced it has obtained ISO 27017 compliance, a new cloud-based security certification published at the end of last year.

The certification from the ISO, the global organisation which has published more than 21,000 international standards across a variety of industries, is newer and subsequently less known than the ISO 27018 standard, which sets out guidelines to protect personally identifiable information (PII).

Microsoft claimed to be the first adopter of ISO 27018, in

By James Bourne, 04 August 2016, 0 comments. Categories: Compliance, Microsoft, Security.

Reducing threats and management headaches across private clouds: A guide

(c)iStock.com/tzahiV

While public cloud implementations are steadily increasing, private clouds in customers’ own data centres continue to be deployed because of the perceived higher levels of security and control they offer.

But the management of a private cloud can be complex and many organisations underestimate the scale of the challenge. Security and management in particular continues to be pain points. Many go in with the assumption that in a private cloud, IT departments have more control so the environment...

By Monica Brink, 03 August 2016, 0 comments. Categories: Data & Analytics, Data Management, Security.

Why CIOs need to be strong in picking a cloud strategy – and sticking to it

(c)iStock.com/Choreograph

This time last year, Fruition Partners, an IT solutions provider, released a report which assessed the state of cloud adoption through the eyes of the CIO. The study bemoaned the rise of shadow IT and gave three best practice tips to control cloud sprawl, by focusing on the user to provide a better service, focusing on business needs, and focusing on IT strategy and how to make better use of IT service management (ITSM).

12 months on and, to quote Led Zeppelin, the song remains the same. 62% of...

By James Bourne, 01 August 2016, 1 comment. Categories: Adoption, Applications, CIO, Enterprise, Security, Software.

Lack of encryption for sensitive cloud data worrying for businesses, argues Gemalto

(c)iStock.com/Jirsak

Though cloud-based resources are becoming increasingly important to companies’ IT operations and business strategies, only a third of sensitive cloudy data is encrypted, according to the latest research from digital security provider Gemalto.

The findings, conducted in association with the Ponemon Institute, found more than nine in 10 UK firms (92%) don’t encrypt more than three quarters of their sensitive data sent via the cloud, while almost four in 10 (39%) do not encrypt...

By James Bourne, 28 July 2016, 0 comments. Categories: Adoption, Privacy, Security.

An enterprise security blind spot: Are cybercriminals hiding in your SSL traffic?

SSL traffic is pervasive in today’s enterprises and is expected to grow rapidly over the next several years; according to Gartner, SSL/TLS traffic now comprises 15% to 25% of total web traffic. The problem is the bad guys have noticed.

This report from Venafi examines how enterprises can eliminate the blind spots in SSL traffic, maximise the powers of decryption, and uncover threats.

By James Bourne, 19 July 2016, 0 comments. Categories: Enterprise, Privacy, Security.

ISO compliance in the cloud: Why should you care, and what do you need to know?

(c)iStock.com/hh5800

More and more organisations are looking to move to cloud to benefit from scalability, cost reduction and the ability to launch new service offerings fast.

The dynamic nature of cloud however necessitates security and compliance controls that frankly can be daunting. Issues around mobility and multi-tenancy, identity and access management, data protection and incident response and assessment all need to be addressed. And with multiple modes – SaaS, PaaS, IaaS, public, private, hybrid...

By Frank Krieger, 18 July 2016, 1 comment. Categories: Compliance, Data Management, Security.

Why cloud security best practices mean engagement from vendors and employees

(c)iStock.com/StockFinland

Ransomware may be the hot topic in the news at the moment, but human error is a greater threat. Human error, in fact, is often the reason ransomware is able to infiltrate a network (by staff members clicking phishing links, for example). It’s also one of the greatest causes of data loss in the cloud. The first part of this series discussed how cloud vendors, shadow...

By Matt Kingswood, 08 July 2016, 0 comments. Categories: Data & Analytics, Data Management, Security, Vendors, Vulnerabilities.

IT skills shortage leading to cybersecurity issues, research argues

(c)iStock.com/maxkabakov

If a security system flags up an issue in your organisation and nobody acts on it, is it even an issue? Many organisations are acting that way, according to a report from Skyhigh Networks and the Cloud Security Alliance (CSA).

The research found that security budgets continue to rise – more than half (53%) of the 220 IT and security professionals polled expect their allocations to go up in the coming year – and the myriad of tools at teams’ disposals is a growing...

By James Bourne, 28 June 2016, 0 comments. Categories: Data Management, Data Sovereignty, Privacy, Security.

Rethinking cyber security: Where does accountability lie?

The many high profile data breaches we have seen splashed across the front pages highlight just how damaging a cyber attack can be on market position, reputation and profits, infiltrating customer data and critical IP. The frequency and success of these attacks also highlights that the existing security strategies of many organisations are dangerously flawed, leaving them wide open to threat, as VMware investigates in this whitepaper downlod.

By James Bourne, 24 June 2016, 0 comments. Categories: Enterprise, Security.