Weekly Industry Round-up, Week of 5/10

SearchSecurity.com…
Study on Security in Cloud Computing Shows Angst, Rogue Users
According to a new study, many IT professionals in Europe and the U.S. acknowledge that cloud computing risks are being ignored by some employees who may already be using cloud services. Those surveyed said that some parts of the organization may be using cloud computing services without their knowledge. More than 50% of respondents in the U.S. said their organization is unaware of all the cloud services deployed in their enterprise. The survey also found that many organizations had a lack of understanding of who is ultimately responsible for ensuring security of data in cloud computing environments.

The Register…
White House Devs Overlooked Drupal Vulnerability
This week, a researcher uncovered a potentially serious vulnerability in the open-source content management system used by the White House website and thousands of other sites. The cross-site scripting (XSS) bug resides in the Drupal Context module, a plug-in that Whitehouse.gov and about 10,000 other sites use to manage how content is viewed on their sites. According to an advisory, the flaw allows attackers to inject malicious scripts into login pages that will reset the site’s administrative password.

ChannelWeb…
Cloud Computing: Security’s Friend and Enemy
At last week’s All About the Cloud conference, Marc Olesen, Senior Vice President and General Manager of McAfee, said the cloud is our friend and our enemy. According to Marc, by attacking cloud security in three ways: security from the cloud, security in the cloud and security for the cloud, there’s a better chance at preventing threats before they cause issues. A recent post by Chris Hoff also looks at these three models. In the cloud refers to security products, solutions and technology deployed within cloud computing environments such as firewalls. For the cloud includes security services that are specifically targeted toward securing other cloud computing services, and are delivered by providers. By the cloud refers to security services delivered by cloud computing services which are used by providers in option #2 which often rely on those features described in option #1. Think of basically any service that brands itself as ‘cloud.’