The Cloud Best Practices Network has just published the second installment of the e-magazine TRANSFORM. This issue, which focuses on various aspects of cloud security, includes my article on “Key Management Strategies for the Hybrid Cloud”, leveraging the use cases that we developed in OASIS KMIP for our work on the next version of KMIP. [...]
I have recently been asked if the research paper about key leakage across VMs running on a hypervisor invalidates the position I advanced in this series of blogs? No, it doesn’t, although key management is something which deserves far more attention than it gets from the general INFOSEC community, outside of the government COMSEC agencies. Oh, and by the way, this is a very cool piece of research.
Are we trusting a third party with our data? Yes, we are, and have been for years. In the past many companies used bureau computing, where they sent out workloads on magnetic or paper tape, and got the results (usually a print-out) back a few days later. Sometimes this was Software-as-a-Service, sometimes this was Platform-as-a-Service, although we didn’t use those acronyms then. It was just service bureau computing.
I was in Stockholm a couple of weeks ago to speak at an EMC Forum and was able to sit in on the keynote, given by Chad Sakac. As anyone who has attended EMCworld knows, Chad is a great speaker: energetic, interesting and insightful. His keynote explored the theme of transformation, including the transformation of [...]
According to a recent report by Icomm Technologies, 70% of cloud data centers keep customers in the dark about storage locations. To me that is a pretty scary statistic particularly as organizations are rapidly deploying cloud storage services and there doesn’t seem to be any evidence that organizations that have sensitive or confidential data are refraining from doing so. This statistic should set alarm bells going especially in the EU where organizations that store citizen’s data must have evidence of where their data is stored.
Security experts have long speculated about whether virtualized environments, such as public clouds, exhibit dangerous side channels. A side channel is a form of information leakage that arises as a byproduct of resource exposure, such as the sharing of memory caches. A side-channel attack exploits such leakage to steal secrets, such as cryptographic keys. A [...]
Resources in public clouds are sold on the same premise of uniform quality as apples. A virtual machine (VM) of a given type, for instance, is a fixed-sized bundle of resources—CPU, local storage, and so forth—that is rented to a tenant at a set hourly rate. Yet VMs, like apples, vary in quality. A VM’s performance depends on the CPU model in the machine on which it sits, the workloads of its neighbors (the VMs of other tenants), and a variety of other characteristics.
I was in Abu Dhabi last week, speaking at Khalifa University in a conference on cloud computing. Never having been in Abu Dhabi before, I found many things new and unfamiliar, but also wonderful – particularly so, that evening, when we had dinner at a restaurant that looked across the water to the Shaikh Zayed [...]
A Revolutionary Way to Secure Bulk Credentials – RSA Distributed Credential Protection – Podcast #241
With the theft of an estimated 50 million passwords from various breaches at major web site operators in 2012, the industry is ripe for a transformative approach to one of its most pressing security problems. RSA Labs Chief Scientist Dr. Ari Juels and RSA Senior Product Marketing Manager Liz Robinson join the podcast to describe the new RSA Distributed Credential Protection software, a first-of-its-kind innovation from RSA that distributes and randomizes secrets to help protect from bulk password credential loss.
As I mentioned in an earlier blog, among the sessions on big data at RSA Conference China was Samir Saklikar’s presentation on Embedding Security and Trust Primitives in Map Reduce. Samir is in the RSA Office of the CTO and has been focused on big data security for more than a year, exploring the security and privacy issues for big data, the application of current security technology to those security requirements and the definition of new capabilities that would provide significant benefits in addressing those issues.