Showing posts with label CSA. Show all posts
Showing posts with label CSA. Show all posts

Monday, June 27, 2016

Quantum Random Number Generators for Better Encryption

Quantum random number generators could become the building blocks for effective encryption, according to the Cloud Security Alliance's Quantum-Safe Security (QSS) Working Group.

A newly published whitepaper titled Quantum Random Number Generators looks at leveraging quantum mechanics in the real of cyber security as an improvement over today's software or hardware-based random number generators.

https://downloads.cloudsecurityalliance.org/assets/research/quantum-safe-security/quantum-random-number-generators.pdf

Sunday, March 6, 2016

Video: The State of Cloud Security

Jim Reavis, CEO of the Cloud Security Alliance, provides a 2-minute update on the state of the industry and highlights of the day-long Cloud Security Summit held at RSA 2016.

The current state of security in cloud computing is strong, but uneven. Many issues remain to be addressed, including as services transgress international boundaries or even go from one operator to another.

YouTube: https://youtu.be/-wAS1t7dl-8




Video: CSA Global Enterprise Board's Call to Action

Vinay Patel, Global Head of Information Security for Citi Enterprise Infrastructure, issues a call-to-action on behalf of the Cloud Security Alliance's Enterprise Advisory Board.

For enterprises, the stakes could not be higher in ensuring that cloud services are safe, secure, transparent and trusted platforms.

YouTube: https://youtu.be/TFQ7XovaCqs





Monday, February 29, 2016

Top Twelve Cloud Computing Threats

The Cloud Security Alliance (CSA) Top Threats Working Group published a report listing The Treacherous 12: Cloud Computing Top Threats in 2016:

  • Data Breaches
  • Weak Identity, Credential and Access Management
  • Insecure APIs
  • System and Application Vulnerabilities
  • Account Hijacking
  • Malicious Insiders
  • Advanced Persistent Threats (APTs)
  • Data Loss
  • Insufficient Due Diligence
  • Abuse and Nefarious Use of Cloud Services
  • Denial of Service
  • Shared Technology Issues

"Our last Top Threats report highlighted developers and IT departments rolling out their own self-service Shadow IT projects, and the bypassing of organizational security requirements. A lot has changed since that time and what we are seeing in 2016 is that the cloud may be effectively aligned with the Executive strategies to maximize shareholder value," said Jon-Michael Brook, co-Chair of the Top Threats Working Group. "The 'always on' nature of cloud computing impacts factors that may skew external perceptions and, in turn, company valuations."

https://cloudsecurityalliance.org/

Sunday, January 11, 2015

CSA: Security Remains Top Issue for Cloud Services

Decisions concerning the security of data in the cloud has shifted from the IT room to the boardroom, according to a newly published survey, titled Cloud Adoption, Practices and Priorities Survey Report, from the Cloud Security Alliance. The report includes responses from more than 200 IT and security professionals varying in company size and industries from the Americas, EMEA and APAC regions.

Some highlights:

  • Security of data remains a top barrier to cloud adoption
  • Nearly 72 percent or IT managers surveyed admitted that they did not know the number of shadow IT apps within their organization, but certainly want to.
  • Organizations are still moving forward in adopting cloud services, with 74 percent of respondents indicating they are either moving full steam ahead, or with caution, in the adoption of cloud services. 
  • Respondents from APAC indicated the highest level of adoption plans.  However, 34 percent of respondents indicated that a lack of knowledge and experience on the part of IT and business managers was a main reason for slow or lack of adoption.
  • Companies with more than 5,000 employees are more likely to have a cloud governance committee (35 percent versus 12 percent), have a policy on acceptable cloud usage (61 percent versus 45 percent), and have a security awareness training program (26 percent versus 20 percent) compared to companies with fewer than 5,000 employees.

“As companies move data to the cloud, they are looking to put in place policies and processes so that employees can take advantage of cloud services that drive business growth without compromising the security, compliance, and governance of corporate data,” said Jim Reavis, CEO of the CSA.  “We hope that this report provides companies with some good peer insight so that they can make better decisions to help confidently and responsibly accelerate the use of cloud services in their environment.”

The report is posted online.

https://cloudsecurityalliance.org/research/surveys/

See also