User credentials remain the Achilles heel of cloud apps: How you can prevent an attack

(c)iStock.com/bestdesigns

High-profile security breaches have dominated the headlines in 2014. Two notable examples over the last few months, the Apple iCloud and Dropbox breaches, have revealed a juicy target for attackers: user credentials.

Rather than try to hack into the application itself like iCloud, Dropbox, Salesforce, or Amazon Web Services (AWS), an easier and much more feasible approach to gaining access to sensitive data, celebrity photos, or whatever else an attacker is after, is through stolen...

By Ofer Hendler, 02 January 2015, 3 comments. Categories: Exploits, Security, Vulnerabilities.

KPMG survey shows how cloud “continues to drive disruption in the business world”

(c)iStock.com/mihtiander

Almost half of respondents in KPMG’s 2014 cloud computing survey are using cloud to drive cost efficiencies, with a similar number utilising it to better enable their mobile workforce.

The study, of 500 global C-suite executives, saw a variety of ways in which businesses are using cloud to drive business transformation. Aside from cost savings (49%) and enabling a mobile workforce (42%), CXOs also see the benefit of cloud as improving alignment with customers and partners (37%),...

By James Bourne, 02 January 2015, 1 comment. Categories: Adoption, Compliance, Privacy, Security, Vulnerabilities.

The cryptic cloud: Can cloud encryption operate effectively right now?

©iStock.com/Henrik5000

Encryption in the digital world is akin to a safe in the physical world. Data is locked away and can only be seen by those who have the correct key. Among other things, encryption is what provides an assurance of confidentiality in data security and it is fast gaining ground in the cloud. But is encrypted data therefore more secure? Not if your keys are transferred in the clear, duplicated or mismanaged.

Data that goes to the public cloud is usually transferred securely and files are...

By Pedro Venda, 23 December 2014, 0 comments. Categories: Exploits, Security, Vulnerabilities.

Meet Zenedge, the firm which protects the entire enterprise ecosystem in the cloud

Picture credit: iStockPhoto

Zenedge has announced the general availability of its latest Zenshield DOME platform with a simple goal: to protect your enterprise from what it perceives to be its weakest link.

That weakest link is a firm’s partner and supplier ecosystem, which Zenedge insists is a more likely target for hackers trying to infiltrate an enterprise in the cloud.

The product is a security platform as a service (SPaaS), and can be extended to a retailer’s partner and supplier network so...

By James Bourne, 28 November 2014, 0 comments. Categories: Exploits, Platform, Security, Vulnerabilities.

Look closer to home for the biggest cloud security issue, SME execs told

Picture credit: iStockPhoto

The biggest threat to cloud security among IT is the company’s employees unintentionally exposing data, according to the latest research figures from CloudEntr.

The study, which took 438 survey responses from industries including financial and manufacturing, found three quarters (75%) of smaller businesses are most worried about their workforce when it comes to securing data in the cloud. Larger IT firms were more concerned about hackers using employee credentials to get...

By James Bourne, 27 November 2014, 0 comments. Categories: Data & Analytics, Data Loss, Data Management, Security.

Docker vulnerability exposed, users urged to upgrade for cloud security

Picture credit: iStockPhoto

Docker, the Linux container for run-anywhere apps, has a major vulnerability in all but the latest version of its software which can enable malicious code to extract hosted files.

The vuln, described as ‘critical’ in severity, was first spotted by Red Hat’s security researcher Florian Weimer and independent researcher Taunis Tiigi, with Docker crediting them in a security advisory.

“The Docker engine, up to and...

By James Bourne, 27 November 2014, 0 comments. Categories: Security, Vulnerabilities.

Four key ways to overcome security concerns in the cloud

Picture credit: iStockPhoto

Ten days ago I hosted a seminar on cloud security at the Public Sector Enterprise ICT conference in London. In a show of hands at the start of the discussion, the forty or so attendees were unanimous in their agreement that the issue of security is one of the most important considerations in the journey to the cloud.

Joining me on the panel was Tony Richards, the head of security at G-Cloud and Ian Gale from Bristol...

By Ivan Harris, 25 November 2014, 0 comments. Categories: Government, Security, Vulnerabilities.

The top cloud computing threats and vulnerabilities in an enterprise environment

Picture credit: iStockPhoto

Analysis I’ve seen different companies with operational models 90% based on cloud services, where the rest of the 10% is constituted of in-house servers. The basic response after asking about security issues related to cloud services was that the cloud service provider will take care of them and they don’t have to worry about it.

This isn’t necessarily the case with every cloud service provider, since some CSPs have a good security model in place, while others clearly do...

By Dejan Lukan, 21 November 2014, 0 comments. Categories: Security, Vulnerabilities.

Salesforce customers: Learn from Code Spaces’ swift demise

Picture credit: iStockPhoto

A benchmark report by Adallom into the uptake of software as a service (SaaS) applications has found that Salesforce customers have the highest percentage of privileged access users – and warned about the problems that may cause businesses.

On average 7% of users on Salesforce accounts are privileged or have admin access, compared with 4% for Google Apps, 2% for Box and 1% for Office 365, the other three services analysed.

The report gave a grave warning over the prevalence...

By James Bourne, 05 November 2014, 0 comments. Categories: Case Studies, Disaster Recovery, Research, SaaS , Security, Software.

China launches “Great Firewall” attack against iCloud

According to a report by web censorship watchdog Great Fire, China's infamous state firewall is performing a MITM (Man-in-the-Middle) attack against users of Apple's Cloud-based services. It is suspected the attack has been launched in response to Apple's new default encryption methods.

It is possible to circumvent the fake site using a VPN, or one of iCloud's many other IP addresses.

Since iOS 8, authorities can no longer bypass on-device encryption to gain access. The convenient timing of...

By Ryan Daws, 20 October 2014, 0 comments. Categories: Government, Security.

Edward Snowden advises users to move away from Dropbox, Facebook, Google

Picture credit: The New Yorker/YouTube

Edward Snowden has told an audience at the New Yorker Festival to “get rid” of Dropbox as it doesn’t support encryption or protect private files, instead opting for a service such as SpiderOak.

The whistleblower, who was taking part in a ‘virtual interview’ through Google Hangouts, also criticised Facebook and, ironically, Google, although conceded their efforts in keeping user data safe were improving.

Yet when asked what someone who...

By James Bourne, 14 October 2014, 0 comments. Categories: Data & Analytics, Data Sovereignty, Privacy, Security, Storage.

Why mistrust from the iCloud leak isn’t necessarily a bad thing

In a society that celebrates the public broadcast of an individual’s life through multiple mediums, the return to a more modest ideal may be the only way forward.

Increasingly over the last ten years or so, Millennials, and what some refer to as Generation Z, have been pressured to share intimate aspects of their lives over the internet. If you look back, there has been an interesting trend with this.

Facebook...

By CloudWedge, 09 September 2014, 0 comments. Categories: Security.

Nude celebrity photo leaks: Cloud expert calls for common sense approach

After news broke of a series of leaked photos of female celebrities on Monday morning, there have been a series of developments – with one expert calling for a common sense approach to cloud data.

Ivan Harris, cloud services development director at Eduserv, explained that “things will happen” despite the best laid plans.

“Nothing is 100% secure,” he told CloudTech. “What...

By James Bourne, 03 September 2014, 1 comment. Categories: Best Practice, Security.

4chan user reportedly hacks iCloud with nude celeb pics – as Google strengthens security

An anonymous hacker on the 4chan site has published a series of naked photos of more than 100 celebrities, including Jennifer Lawrence, Kate Upton and Mary Elizabeth Winstead, after reportedly hacking into the users’ iCloud accounts.

Even though the photos appeared to originate from iCloud devices – and even though 4chan users mentioned it – it’s not been confirmed that Apple’s cloud storage system provided the leak. Other theories are being banded about as to how the photos were...

By James Bourne, 01 September 2014, 3 comments. Categories: Compliance, Security.

Community health systems, HIPAA, and cloud hosting: The facts

On the heels of the recent Community Health Systems (CHS)  data breach, in which 4.5 million Personal Health Records (PHI) were compromised, the industry is abuzz about data security in the HIPAA Compliant cloud businesses.  Data breaches like the one at CHS are not the exception – they’re the norm.  The FBI warned that the healthcare industry is extremely vulnerable to hackers in a recent

By Logicworks, 21 August 2014, 0 comments. Categories: Compliance, Security.

HIPAA, cloud, and your business: What you need to know

By David Linthicum

When it comes to HIPAA compliant solutions, security, and cloud adoption, what most find frustrating is how to sort the myths from reality.  The “addressable” requirements of the security rules tend to be the most difficult to meet.  Thus, these addressable requirements have a tendency to fall off the radar, and could therefore create issues with compliance.

Under the HIPAA Omnibus...

By Logicworks, 31 July 2014, 0 comments. Categories: Compliance, Security.

The lowdown on the UK government’s new Cyber Essentials Scheme

Recognising that not all organisations have adequately dealt with cyber security, the UK Government has recently developed a Cyber Essentials Scheme which aims to provide clarity on good cyber security practice.

In its Cyber Essentials Scheme, the UK Government sets out five controls which it is hoped will provide all types of organisations with basic protection against the most widespread type of Internet threats. As such, the Cyber Essentials Scheme should be viewed as a form...

By William Long, 08 July 2014, 0 comments. Categories: Europe, Legal, Security.

Code Spaces RIP: Code hosting provider ceases trading after “well-orchestrated” DDoS attack

Code Spaces, the web-based SVN and Git hosting provider, has ceased trading after revealing a devastating DDoS attack which wiped its cloudy data would cost too much to both resolve and keep the company going.

The unauthorised user gained access to the company’s EC2 control panel, created a series of backup logins and randomly deleted items to the extent where most of Code Spaces’ data had disappeared, with no backups in place. The attacker had also demanded a large sum of money to stop the DDoS,...

By James Bourne, 19 June 2014, 0 comments. Categories: Disaster Recovery, Security.

One in three cloud services was susceptible to Heartbleed, research shows

One third of cloud services was vulnerable to the debilitating Heartbleed virus, it has been revealed.

The findings were posted in a research paper from cloud security provider Skyhigh Networks’ Cloud Adoption & Risk report, and found that 1,173 cloud services from the 3,571 in use had left data exposed by Heartbleed when the bug first broke.

Skyhigh reports that the number of vulnerable services was less than 1% a week later following cloud providers stepping in to address the breach. However there...

By James Bourne, 12 May 2014, 0 comments. Categories: Security.