Categories
Cloud Computing

Cloud security alliance

Cloud security alliance, what is it, a many people ask me day by day this question, so this is it:

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.

CSA operates the most popular cloud security provider certification program, the CSA Security, Trust & Assurance Registry (STAR), a three-tiered provider assurance program of self assessment, 3rd party audit and continuous monitoring.

CSA launched the industry’s first cloud security user certification in 2010, the Certificate of Cloud Security Knowledge (CCSK), the benchmark for professional competency in cloud computing security.

CSA’s comprehensive research program works in collaboration with industry, higher education and government on a global basis. CSA research prides itself on vendor neutrality, agility and integrity of results.

CSA has a presence in every continent except Antarctica. With our own offices, partnerships, member organizations and chapters, there are always CSA experts near you. CSA holds dozens of high quality educational events around the world and online. Please check out our events page for more information.

Contact Info

General inquiries: info@cloudsecurityalliance.org
Membership information: membership@cloudsecurityalliance.org
Media inquiries: pr@cloudsecurityalliance.org
Website: webmaster@cloudsecurityalliance.org

Source:
cloudsecurityalliance.org

 

Categories
Uncategorized

Cloud security companies

Cloud security companies, a list with 17 the most powerful one:
1. AppRiver
Does messaging security in the cloud. It offers SaaS-based e-mail and Web security tools that are subscription-based and include spam and virus protection, e-mail encryption and Web security. It also offers a full managed service for Microsoft Exchange.
2. Awareness Technologies
Security and DLP in the cloud is no easy feat, but Awareness Technologies has brought its SaaS-based DLP model to the channel and in just a short time has amassed a small army of channel partners ready to do DLP in the cloud.
3. Barracuda
wears many hats, and most recently it’s donned the cloud cap. The Barracuda Web Security Flex is a cloud-based offering that delivers malware protection, URL filtering and application control to networked, remote and mobile users via SaaS, gateways and agents.
4. Cloud Passage
Came out of the gate with products to manage cloud security and defend cloud servers. The Halo SVM and Halo Firewall perform server exposure assessments, monitor configuration compliance and provide network access control to secure public and hybrid cloud servers.
5. M86 Security
M86 doubles down, offering security tools that are part appliance and part cloud. With its Secure Web Service Hybrid, it takes its on-premise malware prowess and extends it into the cloud to squash malware and other Web-based threats in realtime.
6. McAfee
Now owned by Intel, McAfee has been a proponent of the cloud with its suite of security offerings. McAfee’s cloud security approach is to offer security for, in and from the cloud, and the security giant has products and services to hit each one.
7. Panda Security
Cloud Protection, a cloud-based security play delivered in a SaaS model, provides protection at the three major threat vectors: endpoint, e-mail and Web. The three-pronged approach has earned Panda praise as a cloud security leader and innovator.
8. Ping Identity
In its bid to end the madness created by too many passwords, single sign-on player Ping Identity turns to the cloud to provide federated identity for cloud and SaaS applications without getting in the way.
9. Qualys
Arms cloud providers with its next-generation Security-as-a-Service platform that takes the compliance and threat defense built into its QualysGuard portfolio of security solutions and puts a cloud spin on it. And Qualys said more cloud security plays are coming.
10. SafeNet
Been around for a while, and its Trusted Cloud Fabric is a comprehensive set of security solutions designed to give enterprises secure cloud and virtual environments through a data-centric approach that is breathing new life into the security game.
11. Sentrigo
Database security player Sentrigo turned its attention to the cloud since, well, databases power many Web applications. With its Hedgehog software, Sentrigo can monitor who is accessing the database and what is being done with that data.
12. Still Secure
With its subscription-based, ProtectPoint appliance StillSecure delivers an impressive all in one firewall, intrusion detection, antivirus and more along with round-the-clock service and expertise needed to protect your network and bring you into compliance with data security policies.
13. Syferlock
Does identity and access management with patented authentication, security and single sign-on plays to lock down access across cloud, mobile and network apps using single-factor, two-factor and multi-factor authentication without extra hardware, tokens or client software.
14. Symantec
Eliminating the need for on-site hardware and software is at the core of Symantec’s Symantec. cloud services, which secure and manage information on endpoints and are delivered via e-mail, Web and instant messaging. Symantec promises high-availability, lower TCO and increased protection in the cloud.
15. Symplified
Calling itself “the cloud security company,” Symplified offers a unified access management system built for cloud architectures of SaaS and integrates into existing infrastructure with the cloud to streamline management, reduce costs and boost security.
16. Trend Micro
SecureCloud is Trend Micro’s key management and data encryption offering that protects and controls confidential information deployed into public and private cloud environments. It uses policy-based key management to ensure compliance regulations are met through remote authentication.
17. Veracode
Veracode’s cloud-based application risk management leverages its binary code analysis, dynamic Web assessments and developer e-learning for accurate and affordable verification of application security without pricey tools or source code.
16. Watchguard
With its cloud-based Reputation Enabled Defense suite of security services, WatchGuard vaulted into the cloud to provide Web security. The services, coupled with the XTM and XCS security appliances, provide protection from viruses, malware, spyware and other Web threats.
17. Webroot
Webroot pulls out all the stops when it comes to cloud security, wheeling and dealing with a Web Security Service, E-mail Security Service and E-mail Archiving Service, all in the cloud and all with no software or hardware required for protection.

Source:
http://www.clouds360.com/security.php

Categories
Cloud Computing

Cloud security risks

Cloud security risks, Cloud computing is fraught with security risks, according to analyst firm Gartner. Smart customers will ask tough questions and consider getting a security assessment from a neutral third party before committing to a cloud vendor, Gartner says in a June report titled “Assessing the Security Risks of Cloud Computing.” Cloud computing has “unique attributes that require risk assessment in areas such as data integrity, recovery, and privacy, and an evaluation of legal issues in areas such as e-discovery, regulatory compliance, and auditing,” Gartner says. Amazon’s EC2 service and Google’s Google App Engine are examples of cloud computing, which Gartner defines as a type of computing in which “massively scalable IT-enabled capabilities are delivered ‘as a service’ to external customers using Internet technologies.” Customers must demand transparency, avoiding vendors that refuse to provide detailed information on security programs.

Ask questions related to the qualifications of policy makers, architects, coders and operators; risk-control processes and technical mechanisms; and the level of testing that’s been done to verify that service and control processes are functioning as intended, and that vendors can identify unanticipated vulnerabilities. Here are seven of the specific security issues Gartner says customers should raise with vendors before selecting a cloud vendor.

1. Privileged user access. Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the “physical, logical and personnel controls” IT shops exert over in-house programs. Get as much information as you can about the people who manage your data. “Ask providers to supply specific information on the hiring and oversight of privileged administrators, and the controls over their access,” Gartner says.

2. Regulatory compliance. Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider. Traditional service providers are subjected to external audits and security certifications. Cloud computing providers who refuse to undergo this scrutiny are “signaling that customers can only use them for the most trivial functions,” according to Gartner.

3. Data location. When you use the cloud, you probably won’t know exactly where your data is hosted. In fact, you might not even know what country it will be stored in. Ask providers if they will commit to storing and processing data in specific jurisdictions, and whether they will make a contractual commitment to obey local privacy requirements on behalf of their customers, Gartner advises.

4. Data segregation. Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn’t a cure-all. “Find out what is done to segregate data at rest,” Gartner advises. The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists. “Encryption accidents can make data totally unusable, and even normal encryption can complicate availability,” Gartner says.

5. Recovery. Even if you don’t know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. “Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure,” Gartner says. Ask your provider if it has “the ability to do a complete restoration, and how long it will take.”

6. Investigative support. Investigating inappropriate or illegal activity may be impossible in cloud computing, Gartner warns. “Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centers. If you cannot get a contractual commitment to support specific forms of investigation, along with evidence that the vendor has already successfully supported such activities, then your only safe assumption is that investigation and discovery requests will be impossible.”

7. Long-term viability. Ideally, your cloud computing provider will never go broke or get acquired and swallowed up by a larger company. But you must be sure your data will remain available even after such an event. “Ask potential providers how you would get your data back and if it would be in a format that you could import into a replacement application,” Gartner says.

Sources:

Seven cloud-computing security risks
By Jon Brodkin | Network World

Categories
Cloud Computing

Cloud security framework

Cloud security framework, Cloud Computing is the fundamental change happening in the field of Information Technology.It is a representation of a movement towards the intensive,large scale specialization.On the other hand,it brings about not only convenience and efficiency problems,but also great challenges in the field of data security and privacy protection.

Currently,security has been regarded as one of the greatest problems in the development of Cloud Computing.This paper describes the great requirements in Cloud Computing,security key technology,standard and regulation etc.,and provides a Cloud Computing security framework.This paper argues that the changes in the above aspects will result in a technical revolution in the field of information security.

Cloud computing allows for both large and small organizations to have the opportunity to use Internet-based services so that they can reduce start-up costs, lower capital expenditures, use services on a pay-as-you-use basis, access applications only as needed, and quickly reduce or increase capacities. However, these benefits are accompanied by a myriad of security issues, and this valuable book tackles the most common security challenges that cloud computing faces.

The authors offer you years of unparalleled expertise and knowledge as they discuss the extremely challenging topics of data ownership, privacy protections, data mobility, quality of service and service levels, bandwidth costs, data protection, and support. As the most current and complete guide to helping you find your way through a maze of security minefields, this book is mandatory reading if you are involved in any aspect of cloud computing.