Weekly Industry Round-up, Week of 6/7
Posted by hyperguard on June 11, 2010
Cloud Computing: Would PCI Compliance Help or Hurt Security?
This article discusses whether cloud computing environments can meet PCI compliance standards. Many security experts say they can’t answer that question yet, but the bigger question is whether meeting PCI standards would actually improve cloud security. There has been talk that cloud security would be included in the most recent update of the Payment Card Industry’s Data Security Standards (PCI DSS), which sparked debates on whether requirements designed to protect credit-card data would actually make cloud services less secure. While IT practitioners question PCI’s role in the cloud, few doubt the need for cloud security standards—a March study by IEEE and the Cloud Security Alliance found 82% of IT professionals believe the need for cloud-specific security standards is urgent.
Who Still Keeps Money Under their Mattress? The Case for Cloud Security
This post by Ryan Nichols says massive amounts of data are lost every day through the failure of on-premise technology—companies know how often e-mails or files on your local or shared drives are lost or corrupted or how easy it is in many companies to plug into their network without credentials. These incidents usually go unnoticed, but when public cloud technology fails, it makes headlines. Cloud providers spend millions of dollars on security and reliability testing every year, and their businesses depend on delivering a service that exceeds the expectations of the most demanding enterprises—this is why Ryan argues that data is probably safer in a leading cloud platform than it is in most on-premise data centers. Right now, many companies would probably disagree and say they feel safer having data in their own data center. It will be interesting to see how this debate plays out as more organizations start to adopt cloud technology.
Microsoft Finally Fixes Pwn2Own Browser Flaw
This week, Microsoft’s Patch Tuesday delivered 10 security bulletins with fixes for at least 34 documented vulnerabilities. This “patch batch” also provides cover for a known cross-site scripting flaw in the Microsoft SharePoint Server and a publicly discussed data leakage hole in Internet Explorer. Microsoft has urged its users to pay special attention to MS10-033 (Windows), MS10-034 (ActiveX killbits) and MS10-035 (Internet Explorer) because these contain fixes for issues that may be exploited by malicious hackers very soon.