Weekly Industry Round-up, Week of 7/12
Posted by hyperguard on July 16, 2010
Top Cloud Computing Security Risk: One Company Gets Burned
Kevin Fogarty says that virtualization and cloud computing have not worn down the online security of most companies. However, they may be contributing to situations in which IT-service customers leave themselves vulnerable to attack because they assume their cloud provider is taking care of security. Since placement of responsibility for security in cloud computing arrangements is not clear, Gartner listed access to information about how a cloud service works and a service level agreement spelling out customer expectations and requirements in a report released this week. Research from the Cloud Security Alliance listed customer ignorance of security practices and service providers’ refusal to give information to relieve it—among the seven top security risks in cloud computing. According to the CSA’s research, cloud projects and the risks they involve may be “complicated by the fact that cloud deployments are driven by anticipated benefits, [and] by groups who may lose track of the security ramifications.”
10 Web Application Security Myths
This slideshow looks at 10 common myths about Web application security. The list includes:
- A Web page is safe if it’s at the top of Google search
- Users can’t get around company Web policies
- Users can only become infected if they download files
- A Web app is secure if it has that lock icon in the corner.
Check out the article for a complete list of some of the biggest lingering misconceptions about Web application security.
The Challenges of Cloud Security
In this article, Beth Schultz says some IT execs dismiss public cloud services as being too insecure to trust with critical or sensitive application workloads and data. However, she spoke with Doug Menefee, CIO of Schumacher Group, an emergency management firm. Doug says that although there are risks with anything you do, 85% of Schumacher Group’s business processes currently live inside the public cloud. Enterprises have much to think about when they consider using public cloud services, but Doug says they’ve got to take a risk-based approach, such as Schumacher Group, with a strong focus on the data and what controls are needed.