Archive for the ‘Cloud computing security’ Category

Want to outfox the NSA? Generate memorizable passphrases even they can’t guess


Rolling dice



27 March 2015 – Micah Lee writes at The Intercept that coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you’ll probably do a bad job of it. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion. But there is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. First, grab a copy of the Diceware word list, which contains 7,776 English words — 37 pages for those of you printing at home. You’ll notice that next to each word is a five-digit number, with each digit being between 1 and 6. Now grab some six-sided dice (yes, actual real physical dice), and roll them several times, writing down the numbers that you get. You’ll need a total of five dice rolls to come up with each word in your … Read more

Managing risk in a public cloud environment: cloud computing insurance

23 January 2012 –  In an interesting post today, Brian Gracely (Director of Global Solutions at EMC) relates how  a couple weeks ago there was an interesting discussion on Twitter amongst the “clouderati” about ways to manage risk in a public cloud environment.  It was fragment off the discussion that James Urquhart started about how “Cloud is complex” and one from Alistair Croll and 2012 cloud predictions.

Beyond the normal discussion about how companies need to “design for failure” (re: applications) when using public clouds, someone brought up that SLAs will need to evolve before companies can better mitigate risk. Most people tended to dismis this, since SLAs usually only compensate customers for the service value of the outage window (eg. $/hour of compute time), not for any value related to lost business due to downtime, lost data or a security breach.

So Brian got to thinking about what it might mean to obtain an insurance policy to protect against “loss” as a result of a public cloud service.  His initial thoughts fell into a couple buckets:

  • What would/could be
Read more

Quantum physics to encrypt clouds of the future

20 January 2012 – Boffins looking for the perfect alliance between science and technology have married quantum computing to the future of IT – the cloud.

The researchers have used quantum mechanics to encrypt heavy-duty number-crunching computing, thereby removing a major obstacle in the adoption of the cloud for many enterprises – how safe is my data when it’s hosted on someone else’s computers?

Their experiment envisions the data processing servers as a quantum computer, and the eggheads have succeeded in hiding the input, data processing and output of a computation from any possible snooping.

“Quantum physics solves one of the key challenges in distributed computing. It can preserve data privacy when users interact with remote computing centers,” said Stefanie Barz, lead author of the study.

Quantum computers use the ability of quantum particles to be in more than one state at the same time to rapidly check lots and lots of possible solutions to a problem, thus ramping up their processing power. There aren’t actually any quantum computers in significant production yet, and if and when they do get … Read more

What’s at stake in the cloud?

4 October 2011 – The new federal strategy for implementing cloud-computing solutions is called “Cloud First”— and with good reason. We now systematically prefer cloud-computing solutions to those based on local servers and laptops. The allure of efficiencies, economies of scale, high-end services and — most importantly — reduced costs are almost irresistible.

But, as American governments at the federal, state and local levels rush headlong toward cloud computing, wouldn’t it be wise to pause and ask, “What’s at stake?”

For more click here.… Read more

Desktop Encryption Moves to the Cloud

26 September 2011 – Laplink’s new PC Lock aims to secure files on your desktop through online management.  The PC Lock Management Console can be accessed from any web-enabled device, including smartphones, letting users change settings, reset passwords and, if a computer is lost or stolen, lock the system or even delete information.  For lawyers and other professionals handling sensitive data, encryption is an increasingly popular and necessary utility.  The cloud is making it possible to remotely secure that data even after the hardware containing it has been lost or misplaced.

For more click here.… Read more

Cloud computing, data centers, telecom, cloudonomics and more: The 451 Group explains it all

21 September 2011 —  Our world is awash with data and it’s growing at a phenomenal rate, in large part due to the number of connected, intelligent devices in our world. As noted recently, intelligent systems number over 1.8 billion units and over $1 trillion in revenue today – predicted to grow to nearly 4 billion units and over $2 trillion in revenue by 2015.

And now we contend with “the cloud” which represents an offloading of data from external hard drives and their ilk to online storage systems powered by some sort of cloud architecture.  And as LTE and other wireless data methodologies become more prevalent, more powerful, so too will we be happy with even more data living off our devices than on it.

And business.   Tablets and mobile apps have proven similarly popular with sales people, medical professionals and almost anyone whose work involves toting around paper documents.   Executives covet them so much they are increasingly adding clauses to employment contracts that ensure they get to keep their tablets if they lose their jobs.

And let’s look

Read more

Cloud computing still weighed down by concrete set-backs

31 August 2011 – Business seems to be switching on to the benefits of virtual computing: 37% of companies say they will migrate 61% or more of their applications to a private cloud environment in the future. But while cloud technology is constantly touted as the next big thing in IT, only 6% of companies are planning on moving to the full public cloud. Which suggests that concerns over security become even more real once applications move beyond a business’s own firewall.

Moves towards the private cloud at least are happening apace: according to a survey of IT managers by IT support company Precise, large enterprises are migrating both front-office and back-office applications to the private cloud. For anyone in need of a quick jargon refresher, the full public cloud involves handing your data and applications over to an external host, which stores it on a remote server along with that of a number of clients. Private cloud still involves handing everything over to an external provider, but each company’s data is kept on its own individual bit of kit.… Read more

Security improvements help cloud computing move from fad to trend

25 July 2011 – Is cloud computing a trend or a fad?  That depends on whom you ask. For early adopters and those who are enamored with the cost and efficiency benefits of the technology, cloud computing is clearly a trend. For IT managers concerned about risk—especially given Amazon and Sony’s recent breaches—it may look more like a fad.

During a TMCnet video interview at Cloud Expo 2011, Andy Land of UnboundID said that although security remains a barrier to entry, cloud computing has moved from fad to trend.

“There are too many benefits to the cloud not to use it,” Land stressed. “And, there are many things that can be put in the cloud effectively. But it’s important to stay out of the hype and stay in reality. What kills trends like this is overhype and not living up to expectations.”

He added, “Moving to the cloud is a risk for IT professionals. They take risk very seriously, as they should.”

For more from Mae Kowalke of TMCnet click here.… Read more

Can you comply with court orders for data from the cloud?

18 July 2011 – The very nature of cloud storage, and one of its selling points, is that the cloud is dynamic. You only use what you need and shut down what you don’t.  So if the court orders a forensic recovery of the lost data from the cloud hard drives:

• Do we even know which specific drives were in use by XYZ before the crash at EC2?
• Would Amazon have the ability to remove those drives and replace with others if ordered to do so?
• How many other companies’ data have been written on those drives in the interim?
• If the original XYZ data have been overwritten by other companies and the drives are removed for recovery attempts, does the removal mean that the later users have now lost control of their data?
• Do the current users of the removed drives have to be served with a notice that the drives are being forensically reviewed?
• Is there a legal requirement that the current users need to be notified?
• Are the current users … Read more

NIST recommends security measures for cloud subscribers

20 May 2011 – The National Institute of Standards and Technology (NIST) has issued a draft guide to cloud computing that includes a number of recommendations to enhance security in the cloud environment. The draft guide, NIST Cloud Computing Synopsis and Recommendations (Special Publication 800-146), provides information for IT decision makers interested in moving into the cloud.  Quoting Lee Badger, an IT specialist with the NIST’s Computer Security Division and one of the authors of the publication:

“Information security in the cloud is a real challenge. There are several factors to consider. One is that cloud systems, at least in some of their configurations, are outsourced system. Therefore, for one to have confidence that the system is treating your data with due care, one has to have confidence that the people who are running that system are exercising the care you think is appropriate. The importance of the boundaries that separate cloud users is high in terms of security.  You may not know geographically where your data is located. That might reduce confidence.

In the publication, NIST recommends that organizations … Read more