Weekly Industry Round-up, Week of 6/21
Posted by hyperguard on June 25, 2010
Security and Compliance in the Cloud Age
This article by Alert Logic’s Misha Govshteyn says that while the debate over private vs. public clouds carries on, there is very little attention paid to the fact that the accepted broader definition of the cloud—IT services delivered under the IaaS/PaaS/SaaS models—in effect brings about a gradual shift of the control over security from the enterprise to the service provider. He says this shift in responsibility and control will fundamentally change the way we secure our data. Enterprises and security professionals need to prepare themselves for the future demands of cloud computing by making the right decisions and deploying cloud-ready technologies today.
Cloud Computing With Less Security Risk
Paul Rubens says companies often feel their data is too sensitive to move to the cloud and that they will lose control over it and it will therefore be less secure. He offers some benefits to cloud computing, such as lower capital outlays, fixed, known monthly costs, scalability, low management overhead and immediate access to technology. Paul isn’t saying that all organizations should move all their computing tasks to the cloud, but many organizations could profit from the benefits described above if the security risk, real or perceived, could be reduced. Paul lists a number of questions to ask providers regarding security and compliance before deciding to move any applications to the cloud.
Researcher Demonstrates Twitter XSS vulnerability
This week a Twitter user demonstrated a cross-site scripting (XSS) that could allow an attacker to take over users’ accounts or spread malware. A researcher found that the vulnerability affects the “application name” field on Twitter’s application registration page, used by developers when setting up a new Twitter application. The flaw appears to be the result of a lack of input validation of the “application name field” when accepting new requests for Twitter applications. The company is aware of the issue and has fixed it for new applications, but is still working to patch it in all programs.