Security Experts:

long dotted


A survey from the Cloud Security Alliance found that IT managers and executives still have some trepidation about the security of data in the cloud.
Researchers say they have identified several vulnerabilities in Google App Engine for Java, including ones that can be leveraged for a complete sandbox escape.
VMware has released software updates to address a series of vulnerabilities affecting the company's popular vSphere virtualization platform.
The Google Cloud Platform is now compliant with the Payment Card Industry Data Security Standard (PCI-DSS).
According to a study conducted by EMC, enterprises employing more than 250 people lost a total of $1.7 trillion in the past year due to downtime and data loss.
Google released two new security tools designed to help Google Apps users protect their accounts.
An integration feature that allows Parallels Desktop users to access Windows folders from Mac OS X operating systems can exploited for a guest-to-host virtual machine (VM) escape.
Cloud security firm CipherCloud announced that it has closed a massive $50 million round of funding led by Transamerica Ventures.
Amazon Web Services announced three new services designed to provide enterprise customers with additional security, governance, and compliance solutions for their resources deployed in the AWS Cloud.
Microsoft has acquired Israeli cyber security startup Aorato, a company focused on protecting Active Directory deployments.

FEATURES, INSIGHTS // Cloud Security

rss icon

Torsten George's picture
Shortcomings in a cloud providers’ security architecture can trickle down to customers that leverage their services. So what steps should organizations take to retool their security practices for the cloud age?
Gil Zimmermann's picture
What needs to change is the perception that the primary role of IT is in safeguarding and blocking data from being viewed by an outsider.
Gil Zimmermann's picture
IT managers focused on protecting technology infrastructure would do well to assess whether cloud service providers have better security systems in place than their own corporate IT resources allow.
Aviv Raff's picture
A combination of new threat actors, new attack approaches, and new masking tactics demand that enterprises redefine malware, and make all necessary investments in people, technology and systems to stay one step ahead.
Gil Zimmermann's picture
The idea of encrypting data is mistaken for a one-stop solution, and the result is that a tremendous amount of money and time are being spent solving the wrong problem.
Shaun Donaldson's picture
In a business-as-usual situation, making the case for better security is difficult. We all know that pushing security upon organizations is like selling life insurance.
Gil Zimmermann's picture
As 2013 wanes, it makes sense take a few steps back and look at the state of the cloud and how it fits into the plans our customers and friends have been sharing with us. As we move through 2014, will your teams be driving new value, or responding to yesterday’s threats?
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.
Gil Zimmermann's picture
Understanding why passwords are so valuable to hackers can both explain and prepare enterprises to deal with potential security vulnerabilities. There are potentially hundreds of uses for stolen passwords once they are obtained.
Shaun Donaldson's picture
The smallest Amazon customer benefits from the demands being met for the largest Amazon customers. However, after you get a shiny new instance on Amazon, it’s still up to you to secure the software stack on that instance.