Close

security

Are you a risk to your customers?

In the past weeks I have been talking to a number of small software providers. Most software these days is no longer shipped (CD-ROMs are really oldskool, aren’t they?), but is delivered as a service over the internet. These software providers are starting to realize that this means they are a SaaS provider. This also […]

Read More
How the NSA hacks you, and what cloud can do about it

At the recent Usenix Enigma 2016 conference, NSA TAO chief Rob Joyce explains how his team works. By the way, TAO means Tailored Access Operations, which is a euphemism for hacking. See the full presentation here.  Rob explains their methods, but between the lines he implies that other nation states are doing the same, so […]

Read More
Just did the CCSP exam

(update: I passed!) Yesterday I took the CCSP exam. Certified Cloud Security Professional is the new certification launched by ISC2, and is supposed to be complementary to CCSK. I must have been one of the first, as it only opened last Tuesday. I think I did pretty well, but my results won’t be available for the […]

Read More
Encrypting your cloud data for extra protection

Encrypting data is one of the best ways of protecting your data as it moves to the cloud. The only thing better than encrypting your data, is not storing your data at all. Let’s first look at the case of using file sharing applications such as Dropbox. If you are the only user of the […]

Read More
Simple SaaS security tips

Most people and companies are now using a significant amount of SaaS solutions. Companies are running sales support software, file sharing, collaboration, e-mail and a lot more in the cloud. But that usage also leads to concerns about the security of those solutions. How safe are they? What risks do we run? Here are a […]

Read More
New cloud security certification CCSP to complement CCSK

Cloud security certification is getting a new dimension. (Update: I wrote a brief comparison of CCSP versus CCSK). In 2015 the Cloud Security Alliance and (ISC)2 announced a new cloud security certification: Certified Cloud Security Professional or CCSP for short. Read the official announcement here and here. CCSP is supposed to be a more extensive certification […]

Read More
Cloud computing can make you more secure

The number one concern cited for avoiding cloud computing is security. And there is a reason for that. Cloud providers have demonstrated some spectacular failures in the past, including Amazon’s near total shutdown of an entire region, Dropbox’s authentication snafu, and innumerous cloud providers that go belly-up. However, in the long run, cloud computing is […]

Read More
How does secure software development in the cloud work?

The typical software development model of develop, deploy and run (with security often as an afterthought) does not work very well in a cloud environment. The two biggest reasons are feature velocity and operational assurance. In a cloud provider environment, functional features come (and sometimes go) on a daily basis. At the same time, both […]

Read More
CCSK training in Kuala Lumpur – trip report

Last week I delivered a two-day CCSK (certificate of cloud security knowledge) in Kuala Lumpur. The typical structure of this training, as suggested by the Cloud Security Alliance, calls for a day of lecture followed by a day of practical exercises.  However, I mixed lecture with case study and exercise, because I have experienced that […]

Read More