Cloud Central
55.8K views | +2 today
Follow
Cloud Central
Cloud Systems, Applications and Implications (use Tags in the Filter menu to navigate)
Your new post is loading...
Your new post is loading...
Scooped by Peter Azzopardi
Scoop.it!

The days of long, complicated passwords are over

The days of long, complicated passwords are over | Cloud Central | Scoop.it
As threats evolve, so does the advice on creating passwords to foil the bad guys. Here are the latest recommendations
Peter Azzopardi's insight:
"Along with this unconventional advice comes a bunch of useful suggestions"
more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Mitchell Hashimoto follows up Vagrant with Vault key encryption

Mitchell Hashimoto follows up Vagrant with Vault key encryption | Cloud Central | Scoop.it
Vault not only stores encryption keys and credentials, but generates them automatically for use in services and APIs
Peter Azzopardi's insight:

Vault, as HashiCorp's new open source product is called, generates and keeps such data in an encrypted key/value store. Secrets stored in the vault have a lifetime, or a lease, after which the secret automatically expires and is revoked, making it easy for admins to grant provisional access to a user or app.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Dropbox? When is it OK to say 'yes'?

Dropbox? When is it OK to say 'yes'? | Cloud Central | Scoop.it
A healthcare CIO reverses course and lets doctors use the cloud service, but only with a layer of data encryption for security.
Peter Azzopardi's insight:

St. James Hospital Group, which has hospitals in Malta, Hungary and Libya, is greatly concerned about ensuring data privacy and security, but it also needed a way to speed up collaboration and workflows.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Box is launching encryption keys that only you will hold

Box is launching encryption keys that only you will hold | Cloud Central | Scoop.it

If you put data on a cloud server, you're usually sharing it with more people than you realize. Cloud data is encrypted, but as long as the company manages the encryption keys, there are plenty of ways for third parties to gain access, whether it's a gag-ordered subpoena or something more sinister like PRISM. ...........

Peter Azzopardi's insight:

The idea is not new and I have rallied in favour of such a policy for a while now. There is no reason why encryption keys should be held by the storage provider. Of course all would be futile if Box's EKM is not sophisticated enough to withstand an attack. Box feels it is, good!.

 

Past rumours that Mega's (another storage company that passes over the encryption keys) encryption methods had been compromised did not help this camp. Nonetheless, the idea is sound and post PRISM development should be focused in this area.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Data Encryption and Law Firms, a Match Required by Law

Data Encryption and Law Firms, a Match Required by Law | Cloud Central | Scoop.it

Much of the discussion on law firm security has focused on data encryption. The idea of “encryption” can generally be broken down into two types, encryption in motion and encryption at rest. Encryption in motion refers to the process of securing data while the data is sent and received so that the data cannot be intercepted. Encryption at rest refers to the practice of securing the data itself so that, even if intercepted, the data is unreadable.

Peter Azzopardi's insight:

Many law firms address security of their client and firm information by hosting it with cloud providers. Cloud business models often comprise data security protocols audited by third-parties.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

How to secure the cloud

How to secure the cloud | Cloud Central | Scoop.it
For many of us, the primary reason we use 'the cloud' is for storage—whether it's storing email through services like Gmail and Yahoo!, photos on Flickr, or personal documents on Dropbox. Many organizations like hospitals and banks utilize the cloud to store data on patient and customer information.
Peter Azzopardi's insight:

Regardless of the scenario, it's clear that precious personal information is stored in the cloud, and we'd like to think it's secure up there. ...............

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

NSA paid $10 million to put their backdoor in RSA encryption, according to Reuters report

NSA paid $10 million to put their backdoor in RSA encryption, according to Reuters report | Cloud Central | Scoop.it
When leaked documents claimed to have caught the NSA inserting bad protocols into the national standards board NIST, it raised more questions than answers. Why would the NSA go to the trouble of inserting a inferior standard into NIST's set of four, when most cryptographers would simply ignore the bad algorithm in favor of the others?
Peter Azzopardi's insight:

Ten million is no joke and it would coerce most people, which suggests that encryption on its own will not work. Pass the encryption key to the user and all is solved. Mega.co.nz already does this which is why I will always suggest them for storage needs.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Boffins propose NSA-proof crypto for cloud computing

Boffins propose NSA-proof crypto for cloud computing | Cloud Central | Scoop.it

It's more likely that the NSA has devoted its efforts to key capture and side-channel attacks rather than brute-forcing its way through ciphertext en masse - but it's also true that our crypto maths won't last forever.

Peter Azzopardi's insight:

Link to the paper is on site.

 

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Calif. attorney general: Time to crack down on companies that don't encrypt

Calif. attorney general: Time to crack down on companies that don't encrypt | Cloud Central | Scoop.it
State's first data breach report finds that more than 1.4 million residents' data would have been safe had companies used encryption
Peter Azzopardi's insight:

This is the sort of move that will instill peace of mind for those who still feel that cloud storage is insecure. I nice touch would be to hand the encryption keys to the the users.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Business Cloud Computing: Privacy Is Just As Important As Security

Business Cloud Computing: Privacy Is Just As Important As Security | Cloud Central | Scoop.it
Similar to their IT security due diligence, companies need to ask questions about the privacy of their data before they enter into a cloud vendor relationship.
Peter Azzopardi's insight:

Personally I believe that the element of mistrust also exists within the confines of an organisation. IT is normally able to do whatever it wished. Privacy is not all that much better.

 

But of course when using the cloud the ones that can eavesdrop are faceless, thus making them scarier.

 

Encryption at a SaaS level should not be all that difficult and might be the solution.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Know the key legal and security risks in a cloud-computing contract

Know the key legal and security risks in a cloud-computing contract | Cloud Central | Scoop.it

Youre no longer in control of your data once you hand it over to a cloud storage provider, but you're legally still responsible for it. Knowing whats in your cloud-provider contract is critical, says tech attorney Milton Petersen.

Peter Azzopardi's insight:

A solid article with great advice.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Security In The Cloud: Logs, Audits, Encryption… | CloudTweaks.com - Cloud Computing Community

Security In The Cloud: Logs, Audits, Encryption… | CloudTweaks.com - Cloud Computing Community | Cloud Central | Scoop.it
Security In The Cloud: Logs, Audits, Encryption... Considering a move to the cloud for one or several of your key services? If so, you are not alone.
more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

ComputerWorld UK: Cloud Security is all about visibility and control

ComputerWorld UK: Cloud Security is all about visibility and control | Cloud Central | Scoop.it
"There is a slight paradox among users of the cloud right now," says Tim Herbert, research vice president with CompTIA. "They convey very strong confidence in cloud service provider security. At the same time, many companies are very reluctant to put certain types of data or applications into a cloud environment. Companies have moved some of the non-critical systems into the cloud, but they are not there yet in terms of moving their most critical systems to the cloud."

 

 

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

FBI, DOJ want companies to back off end-to-end encryption

FBI, DOJ want companies to back off end-to-end encryption | Cloud Central | Scoop.it
U.S. tech companies should retain access to the encrypted information of their customers, instead of providing end-to-end encryption, in order to give police the tools they need to investigate crimes and terrorist activity, two senior law enforcement officials said.
Peter Azzopardi's insight:

The U.S. Department of Justice and the FBI aren't seeking new legislation to require tech companies to comply with warrant requests, at least for now, ....

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

New Office 365 features appease the cloud-wary

New Office 365 features appease the cloud-wary | Cloud Central | Scoop.it
With a slate of new management, encryption, and data-security features for Office 365, Microsoft hopes to eliminate excuses for not using the cloud
Peter Azzopardi's insight:

To overcome emotional barriers to cloud computing, cloud providers often give customers complete control over their data, including encryption keys. Microsoft has been unveiling features in that vein for Azure, and yesterday, the company took a few more steps in that direction with Office 365.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Healthcare data security: Is cloud encryption alone enough?

Healthcare data security: Is cloud encryption alone enough? | Cloud Central | Scoop.it
What if the data of 80 million Anthem subscribers were encrypted at rest? And access required two-factor authentication? Would the security breach still have occurred? These lines in the new cyber-security “anthem” are being sung with gusto by those following the bouncing cursor of a breach that may be larger than all healthcare security breaches of the last ten years combined.
Peter Azzopardi's insight:

This means that someone with access to a computer can access the database decryption key, or potentially even unencrypted database contents, from the RAM, or ‘working memory,’ of the computer.

more...
Dome9 Security's curator insight, February 18, 2015 1:15 AM

You it's not, right?

Amit's curator insight, February 24, 2015 4:05 AM

Encrypting the data is just part of the process, the next step is to ensure that only those who should be accessing the data are able to reach it.


Thanks @Peter Azzopardi

David Sussman's curator insight, March 9, 2:04 PM

This means that someone with access to a computer can access the database decryption key, or potentially even unencrypted database contents, from the RAM, or ‘working memory,’ of the computer.

Scooped by Peter Azzopardi
Scoop.it!

The consortium that's against your privacy

The consortium that's against your privacy | Cloud Central | Scoop.it
A cabal of communications companies wants to kill a new Internet standard that will make your Web experience faster and safer
Peter Azzopardi's insight:

The so-called Open Web Alliance was formed back in April, led by Verizon and Cisco at industry consortium ATIS. They describe their mission as "to meet the service needs of all stakeholders in the Web ecosystem while supporting the goals of encryption and privacy," but at the heart of their crusade is angst concerning Google’s new SPDY protocol, suggesting those goals are at best selective.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

A Two-Step Plan to Stop Hackers

A Two-Step Plan to Stop Hackers | Cloud Central | Scoop.it
You may not be able to keep your digital credentials from being stolen, but there are options for keeping a cyberthief from using them successfully.
Peter Azzopardi's insight:

But the developments pushed me in a third direction: To seek out all of the crucial accounts in my life, including every financial one, and try to add another level of security to the login process for each one. Sadly, not many of the companies involved were able to do it.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Why cloud data encryption is crucial for small businesses

Why cloud data encryption is crucial for small businesses | Cloud Central | Scoop.it
To work in the cloud all you need is an internet connection and some form of online storage, but there are security risks, writes Hazel Davis
Peter Azzopardi's insight:

Encryption is, in layman's terms, the turning of data/information in the cloud into gobbledygook, with codes to turn the data back into something understandable.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Open source app dev platform aims to ensure privacy in the cloud

Open source app dev platform aims to ensure privacy in the cloud | Cloud Central | Scoop.it
SpiderOak's Crypton Web application development platform crunches data in a browser-based client instead of the cloud
Peter Azzopardi's insight:

Using this type of architecture, user data is always encrypted when it's in the cloud. Even if an intelligence agency or hacker gets access to it in the cloud, or during its journey to or from the cloud, it's unusable.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Revealed: how US and UK spy agencies defeat internet privacy and security

Revealed: how US and UK spy agencies defeat internet privacy and security | Cloud Central | Scoop.it
• NSA and GCHQ unlock encryption used to protect emails, banking and medical records • $250m-a-year US program works covertly with tech companies to insert weaknesses into products • Security experts say programs 'undermine the fabric of the internet'...
Peter Azzopardi's insight:

All the models on cloud adoption, all those projected revenues, count for nothing with such damning news. Companies with sensitive data will be reluctant to store their data outside their premises if they cannot feel secure.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Cloud computing: how can companies reduce the security risk?

Cloud computing: how can companies reduce the security risk? | Cloud Central | Scoop.it
Pravin Kothari outlines a three-step approach to help businesses ensure their information remains secure in the cloud
Peter Azzopardi's insight:

Cloud security lies in encryption (like military grade 256-bit AES) but it will only be foolproof once the key to decrypt belongs solely to the entity that owns the data.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Cloud Computing and Data Residency Laws

Cloud Computing and Data Residency Laws | Cloud Central | Scoop.it

Cloud service providers store data all over the globe, and are constantly moving that data from one datacenter to the next for reasons as wide-ranging as cost considerations and redundancy requirements. Does this mean that the requirements outlined in varying data residency laws and privacy regulations are directly at odds with how cloud computing works?

Peter Azzopardi's insight:

Excellent article! Cloud Encryption, similar to what Mega are using, where the decryption key is held by the client rather than the cloud storage providor would solve most of the issues.

more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Cloud Storage Encryption and Healthcare Information Security | SYS-CON MEDIA

Cloud Storage Encryption and Healthcare Information Security | SYS-CON MEDIA | Cloud Central | Scoop.it
Healthcare data security has been around for a long time, but as cloud computing gains more and more traction, healthcare providers as well as healthcare software vendors, would like to use the cloud advantages and migrate healthcare data, or run healthcare software from a cloud infrastructure. In this blog I’ll focus on specific cloud computing healthcare security concerns and how cloud encryption can help meeting regulatory requirements.
more...
No comment yet.
Scooped by Peter Azzopardi
Scoop.it!

Encrypt Your Dropbox Files With BoxCryptor

Encrypt Your Dropbox Files With BoxCryptor | Cloud Central | Scoop.it
Dropbox is a great service, but its security track record is nothing to be proud of.  We’ve previously written about encrypted alternatives to Dropbox, but let’s be honest – Dropbox stands out among cloud storage services for its zen simplicity. Much as we’d like encryption, it’s hard to give up Dropbox. BoxCryptor is an encryption solution for anyone who wants encryption but just can’t let Dropbox go.



more...
No comment yet.