Category Archives: Cloud security

Ok. There is more (or may be less) to the VPN story, Google says

Google called me again after I posted the latest follow up to the Google hack story. Wow, two calls from Google AR in the span of an hour! They were uncomfortable about the way I characterized the involvement of the … Continue reading

Posted in Application Security, Cloud security | 7 Comments

Follow up: Google calls and confirms the VPN story.

Google called me, five minutes ago, confirmed that the attacker indeed came in via the corporate VPN access. On top of that, they told me that the victim machine was a corporate managed machine, not a home computer. As to … Continue reading

Posted in Application Security, Cloud security | 2 Comments

Why Google and Microsoft were at fault for the attack, not cloud computing

By now, much has been written about last week’s attack on Google, Yahoo, and more than 30 other companies. Google’s stark reaction to the attack has put the company at the forefront of this news story. At stake is one … Continue reading

Posted in Application Security, Cloud security | 1 Comment

An interesting cloud computing panel to start the new year

On Thursday January 7th 1pm pacific, I will be moderating what promises to be an exciting panel–“Cloud computing: A positive disruption to IT security”– with panelist Qualys CEO Philippe Courtot and Cisco’s Chief Security Officer  John Stewart.  See what Forrester, Cisco, and Qualys … Continue reading

Posted in Cloud security | Leave a comment

(Updated) Cloudy with a chance of “non-compliance”

Compliance, along with security and privacy, is a big topic when firms consider cloud services. I recently did a Forrester Webinar on the topic of compliance for cloud computing. You can access the recording here: http://www.forrester.com/cloudsecuritywebinar. This blog entry is … Continue reading

Posted in Cloud security | Leave a comment

To Facebook or not to Facebook (40% of companies said yes to Facebook)

Recently Forrester received a flurry of inquiries concerning social network access inside enterprises. Many firms are reluctant to deny their employees’ access to social networking sites but in the same time worried about consequences such as malware threat, data loss, … Continue reading

Posted in Cloud security, General | 3 Comments

Follow up: Cloud security

Since the publication of the last entry on cloud security, I received many emails from clients and colleagues who have an interest in this topic. Because of the sensitive nature of the topic, they chose to email me rather than leaving … Continue reading

Posted in Cloud security | 4 Comments