• CybersecurityDistributed Protocol Underpinning Cloud Computing Automatically Determined Safe and Secure

    Two researchers have debunked the common assumption that the famous Paxos consensus protocol is too complex to be proven safe without hours of manual labor.

  • CybersecurityLike a Spellchecker for Developers: Automated Detection of Security Vulnerabilities in Cloud Applications

    Cloud computing is a growing market. But cyberattacks on cloud software systems are on the rise, too, as these applications often contain security vulnerabilities that hackers are able to exploit. CodeShield software – which is produced by the company of the same name – uncovers these vulnerabilities and fixes them using automated methods.

  • CybersecurityFirst Hacker-Resistant Cloud Software System

    As the first system to guarantee the security of virtual machines in the cloud, SeKVM could transform how cloud services are designed, developed, deployed, and trusted.

  • CybersecurityMore efficient security for cloud-based machine learning

    By Rob Matheson

    A novel encryption method devised by MIT researchers secures data used in online neural networks, without dramatically slowing their runtimes. This approach, a combination based on two encryption techniques,  holds promise for using cloud-based neural networks for medical-image analysis and other applications that use sensitive data.

  • CybersecurityHow secure is your data when it’s stored in the cloud?

    By Haibin Zhang

    Data stored in the cloud is nearly always stored in an encrypted form that would need to be cracked before an intruder could read the information. But as a scholar of cloud computing and cloud security, I’ve seen that where the keys to that encryption are held varies among cloud storage services. In addition, there are relatively simple ways users can boost their own data’s security beyond what’s built into systems they use. Ultimately, for people who don’t want to learn how to program their own tools, there are two basic choices: Find a cloud storage service with trustworthy upload and download software that is open-source and has been validated by independent security researchers. Or use trusted open-source encryption software to encrypt your data before uploading it to the cloud; these are available for all operating systems and are generally free or very low-cost.

  • EncryptionStealing encryption keys on Amazon’s Cloud servers

    Cloud computing is a service that enables companies and organizations to store information and run computer applications without making their own investments in actual computer hardware or employing IT staff. Researchers have demonstrated that RSA encryption keys, which are used by thousands of companies and organizations to protect the data and processes they entrust to cloud-based services, can be obtained using a sophisticated side-channel attack — despite recent efforts by cloud service providers and cryptography software developers to eliminate such vulnerabilities.

  • Digital forensicsCloud computing poses technical challenges for digital crime-fighters

    The ultimate in distributed computing, cloud computing is revolutionizing how digital data is stored, processed, and transmitted. It enables convenient, on-demand network access to a shared pool of configurable computing resources, including servers, storage, and applications. The characteristics that make this new technology so attractive also create challenges for forensic investigators who must track down evidence in the ever-changing, elastic, on-demand, self-provisioning cloud computing environments.

  • Disaster communicationSafeguarding networks when disasters strike

    Disasters both natural and human-caused can damage or destroy data and communications networks. Several presentations at the 2014 OFC Conference and Exposition, being held 9-13 March in San Francisco, will present new information on strategies that can mitigate the impacts of these disasters. Researchers created an algorithm that keeps data safe by moving or copying the data from data centers in peril to more secure locations away from the disaster. The algorithm assesses the risks for damage and users’ demands on the network to determine, in real-time, which locations would provide the safest refuge from a disaster. Other researchers suggest that if fiber-optic cables are down, wireless communication can fill the void and be part of a temporary, emergency network. For such a system to work, however, wireless technology would have to be integrated with the fiber-optic network that transports data around the world.

  • Venture capitalCloudLock, a cloud security specialist, raises $16.5 million Series C round

    CloudLock, a cloud security specialist, has raised $16.5 million in a Series C funding round from new investor Bessemer Venture Partners, and participation of existing investors Cedar Fund and Ascent Venture Partners. The company says that 2013 saw continuing growth in adoption by cloud-bound organizations of the company’s people-centric security automation approach, with a pure SaaS content-aware and policy-based solution, by companies in different verticals, across multiple cloud platforms like Google Apps and Salesforce.

  • Venture capitalCloud security specialist Apprity announces $8 million Series A round

    Santa Clara, California-based Apprity, a stealth Cloud Security company, the other day announced an $8 million Series A round of venture capital funding. The company notes that more and more business processes and applications are being transitioned to the cloud, but that the promise of Cloud and SaaS applications, combined with trends of Mobility, Bring-your-own-Device (BYOD), and the Internet-of-Things (IoT) is constrained by multiplying cyber threats. While security vendors typically focus on providing solutions for securing the perimeter, Apprity says it focuses on the need for a modern approach to Cloud security, and is developing patent-pending technology to address today’s complex business requirements.

  • Cybersecurity businessCybersecurity giants adapt to changing cyberthreat landscape

    McAfee and Symantec, the two technology giants of traditional firewall and antivirus protection software, are shifting their attention to focus more on cybersecurity challenges. A rapidly changing landscape for computer networks, in which data is transmitted and stored via mobile devices and cloud computing, has created demand for products and services that can secure information against state-sponsored or organized cyber terrorism.

  • BusinessAkamai to acquire cloud-based security solutions provider Prolexic

    Organizations, faced with an ever-changing threat landscape, require comprehensive security solutions that address many different protection scenarios. These include securing mission critical Web properties and applications from attack, as well as protecting the full suite of enterprise IP applications — including e-mail, file transfers, and VPN — across a data center. Akamai acquires Prolexic in order to extend its Web optimization and security offerings by adding cloud-based security solutions for protecting data centers and enterprise applications.

  • Infrastructure protectionCoordinating responses to cloud, infrastructure vulnerabilities

    Cybercrime presents a significant threat to individual privacy, commerce, and national security. In order to tackle this cross-border threat properly, agents involved in managing and monitoring cyber-risk-critical assets need to be able to cooperate and co-ordinate their prevention strategies. Platforms enabling coordinated cross-border responses already work well for handling malicious activity on the traditional Internet. The advent of cloud computing, however, has created a new set of challenges for security professionals in securing the platforms that deliver the cloud.

  • Cloud PrivacyCloud computing user privacy needs serious reform: scholars

    When Web surfers sign up for a new online service or download a Web application for their smartphone or tablet, the service typically requires them to click a seemingly innocuous box and accept the company’s terms of service and privacy policy. Agreeing to terms without reading them beforehand, however, can adversely affect a user’s legal rights, says a new paper by an expert in technology and legal issues.

  • Cloud PrivacyNIST publishes draft cloud computing security document for comment

    The National Institute of Standards and Technology (NIST) has published a draft document on security for cloud computing as used in the federal government. The public comment period runs through 12 July 2013.