Category Archives: Cloud security

Ok. There is more (or may be less) to the VPN story, Google says

Google called me again after I posted the latest follow up to the Google hack story. Wow, two calls from Google AR in the span of an hour! They were uncomfortable about the way I characterized the involvement of the … Continue reading

Posted in Application Security, Cloud security | 7 Comments

Follow up: Google calls and confirms the VPN story.

Google called me, five minutes ago, confirmed that the attacker indeed came in via the corporate VPN access. On top of that, they told me that the victim machine was a corporate managed machine, not a home computer. As to … Continue reading

Posted in Application Security, Cloud security | 2 Comments

Why Google and Microsoft were at fault for the attack, not cloud computing

By now, much has been written about last week’s attack on Google, Yahoo, and more than 30 other companies. Google’s stark reaction to the attack has put the company at the forefront of this news story. At stake is one … Continue reading

Posted in Application Security, Cloud security | 1 Comment

An interesting cloud computing panel to start the new year

On Thursday January 7th 1pm pacific, I will be moderating what promises to be an exciting panel–”Cloud computing: A positive disruption to IT security”– with panelist Qualys CEO Philippe Courtot and Cisco’s Chief Security Officer  John Stewart.  See what Forrester, Cisco, and Qualys … Continue reading

Posted in Cloud security | Leave a comment

(Updated) Cloudy with a chance of “non-compliance”

Compliance, along with security and privacy, is a big topic when firms consider cloud services. I recently did a Forrester Webinar on the topic of compliance for cloud computing. You can access the recording here: http://www.forrester.com/cloudsecuritywebinar. This blog entry is … Continue reading

Posted in Cloud security | Leave a comment

To Facebook or not to Facebook (40% of companies said yes to Facebook)

Recently Forrester received a flurry of inquiries concerning social network access inside enterprises. Many firms are reluctant to deny their employees’ access to social networking sites but in the same time worried about consequences such as malware threat, data loss, … Continue reading

Posted in Cloud security, General | 3 Comments

Follow up: Cloud security

Since the publication of the last entry on cloud security, I received many emails from clients and colleagues who have an interest in this topic. Because of the sensitive nature of the topic, they chose to email me rather than leaving … Continue reading

Posted in Cloud security | 4 Comments

Cloud security front and center

Cloud computing is the latest trend that has the industry abuzz. Everywhere you go, there are cloud services for every functionality imaginable. Many believe that cloud computing can deliver tremendous business and operational efficiencies. There is even a movement at the national … Continue reading

Posted in Cloud security | 1 Comment

Dreamforce in force

Today is the first day of dreamforce. Due to a scheduling conflict, I am actually not attending, much to my dismay. I’m writing this post in flight to NYC, using WIFI on a united flight (nice!). My colleagues who are … Continue reading

Posted in Cloud security | Leave a comment

MIT’s attack on Amazon EC2 an academic exercise

Researchers from MIT and UC San Diego recently demonstrated an attack against Amazon’s EC2 where an attack virtual machine can launch attacks against a victim virtual machine that is located on the same physical server. The paper describing this attack … Continue reading

Posted in Cloud security | 7 Comments