ReadWriteCloud

If security engineers could simply pool their intelligence, wouldn't that help thwart Internet clients' access to known, malicious agents?

Check Point - the producer of security appliances and software that came to prominence after its acquisition of ZoneAlarm - takes a key step toward building a collective detour system for malicious agents, with something it calls ThreatCloud.

How many 9s have cloud service providers offered you lately with respect to their service availability? Yesterday, as part of its effort to help put Europe back on track with cloud services adoption, ENISA - the public agency responsible for the security of Europe's information services - published a new set of surprisingly legible recommendations for not just public-sector firms, but private sector firms as well, on how to evaluate a cloud service provider's (CSP) performance during a security event and determine whether it's living up to the terms spelled out by their SLAs.

ENISA interviewed both American and European sources for its research. And in a refreshing act of globalization, the agency credits the U.S. government - the very creator of the Patriot Act blamed for keeping Europe on the dark side of the cloud - with initiating the trend away from periodic security reviews and toward continuous monitoring.

Cloud synchronization vendor Druva announced today a new version 5.0 of its InSync software that provides a wide array of features, including the ability to remotely wipe a smartphone or tablet, geolocate and track the device, and encrypt data, too. From a single on-premises or cloud portal, IT personnel can view and manage backup, data access and data loss prevention, as well as allocate bandwidth and monitor device security, for all of the user's laptops, tablets and smartphones.

While the Obama Administration has proposed a Consumer Privacy Bill of Rights, it has yet to propose the actual text. Yet to be determined, among various other matters, are who would be in charge of regulation and how much regulation would take place. In a teleconference yesterday between members of the European Commission in Brussels and the U.S. Commerce Dept. in Washington, E.C. Vice President Viviane Reding suggested the U.S. copy the E.U.'s approach - one which would employ a heavier hand.

Comm. Reding spelled out that the goal of meetings between the heads of commercial regulators for the two governments is nothing short of "regulatory convergence" - signifying that they should come to an agreement on the language of their respective laws governing how ISPs and content providers handle personal data protection. To that end, she stated that it's up to Washington to catch up with the "gold standard" that Europe is already setting.

"When you give the power to the users, sometimes this can cause a lot of problems." This from Check Point Software Technologies security evangelist Tomer Teller, in a recent interview with ReadWriteWeb. Check Point is the current distributor of the ZoneAlarm firewall for Windows, which set new standards a decade ago for the way it delivered security information in a straightforward way to its users.

This is somewhat of a change of heart for Check Point. It's also an observation in the wake of the rapid transformation of the information landscape. Flanked now by mobile devices poking their way in from inside, and cloud technologies seeping in from outside, enterprises are faced with the situation of employees adding new, unanticipated, and sometimes haphazard components to the network.

Here's the problem: Data has already gotten too big for its britches. There are increasing corporate mergers and takeovers, greater pressure among businesses in both private and public sectors to consolidate resources, and to boot, federal regulations mandating privacy restrictions and security policies. Especially in the healthcare industry, the first "big data" technologies to emerge from the former Yahoo project that became Hadoop, have been a godsend.

Hadoop breaks simple data stores free from the bounds of single volumes, enabling them to be distributed in shards across multiple storage devices. Normally a database system hasn't had to deal with encryption. If you encrypt the volume it's stored on, that should be good enough - at least, that's what the U.S. Dept. of Commerce's NIST agency said in 2007 (PDF available here). But that was before the big data problem was even identified, and years before the first Yahoo teams went to work on it.

"Whose problem is this? Whose problem is a vulnerability in an app? Is it the app developers? Is it the service provider of the operating system? Or is it the distribution center of the application?"

These aren't questions presented to an expert panel by attendees at the Cloud Security Alliance Summit at RSA in San Francisco this morning. These are questions coming from that panel - specifically, from a professional security analyst whose firm openly experiments with app store security, including from Google's app stores for Android and Chrome OS.

He is as great a contributor to the concept of cloud computing as any individual alive today. Today, Chris Kemp, the co-architect of the pioneering NASA Nebula project - the first to encapsulate a cloud server into a shipping crate - told a meeting of the Cloud Security Alliance Monday morning at the RSA Conference in San Francisco that OpenStack is, and will continue to be, designed to support other security architectures, but not to serve as one itself.

"OpenStack was really designed around common, open source technologies," Kemp told an overflow session, "so that if you have familiarity with securing these underlying technologies, you're going to have a fairly easy time writing security plans and implementing security and controls and monitoring around these technologies."

Today CloudPassage boosts security for your cloud-based servers by announcing an enhanced version of its Halo SaaS security tools called NetSec. The new version brings two-factor authentication methods for remote terminal access, as well as improvements to cloud firewall policy creation and management. As with earlier versions, the tools only work on Linux-based instances, since you need to install their agents on each cloud-based server. The tools are being used by Foursquare, for example, to help manage their increase in weekend check-in traffic.

The rapid migration by U.S. government agencies to cloud-based architectures is producing radical, and potentially beneficial, changes to these agencies' management structures. Costs are coming down, and as some agencies are just now realizing, security and resiliency could be going up. But the very concept of cloud infrastructure is something that legislators have yet to become familiar with.

So another long-debated piece of cybersecurity legislation will enter the next round of what has become an annual event: As The Hill reports this morning, Sen. Joe Lieberman's (I - Conn.) cybersecurity bill is likely to make another appearance this week in the Homeland Security Committee which he chairs.