Weekly Industry Round-up, Week of 2/15
Posted by hyperguard on February 19, 2010
Tech News World…
Before Making the Leap, Check Cloud Security – and Check Your Own
In this post, Ed Moyle says that although using a cloud service means important enterprise data will reside on an off-premise site, it does not make the system less secure than keeping it in-house. Before making the jump to the cloud, he suggests organizations do some research in terms of security—both the service provider’s and their own. Ed says companies should do a formal risk assessment of their environment to see what they have. They then have to figure out what the vendor does or doesn’t do to protect the data entrusted to them. With this information, companies can make an informed decision about what’s best for them.
ZDnet’s Zero Day Blog…
Reports: SQL Injection Attacks and Malware Led to Most Data Breaches
A number of recent reports show that the main sources of breaches next to malware infection are SQL injections. While companies are investing more resources into ensuring their networks and employees are protected against the very latest threats, they may be overlooking the most basic threats. These threats usually require simple or average attack sophistication on behalf of the cybercriminal. It’s worth checking out what each of the reports had to say.
Cloud Computing Compliance: Exploring Data Security in the Cloud
David Mortman of Securosis says that while migrating services to the cloud may provide many benefits, an enterprise still has responsibilities such as remaining compliant. As companies start moving services to the cloud, they need to ask if the data falls under any compliance-related regulations or requirements. If so, they will need to make sure the cloud provider has the necessary policies, processes and procedures to properly maintain those controls.
Tactical Web Application Security…
Top 10 Targeted Passwords
Ryan Barnett of Breach Security discusses the recent RockYou hack that exposed user’s passwords when attackers extracted them by using SQL Injection. This huge data set offers a unique look into what types of passwords user will chose when no password complexity rules are enforced. Ryan says these weak passwords are a critical component of the overall RISK equation, however they do not include an important factor – are any of these passwords being used by attackers in actual brute force attacks? Since the passwords are all dictionary words or numbers, they are easily guessed/brute forced by hacking tools.