Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

AWS re:Invent 2016 - Become an AWS IAM Policy Ninja in 60 Minutes or Less →

December 12, 2016 by Marc Handelman in All is Information, Cloud Security, Conferences, Education, Information Security
December 12, 2016 /Marc Handelman
All is Information, Cloud Security, Conferences, Education, Information Security

AWS re:Invent 2016 - Lessons from a CSO, Achieving Continuous Compliance in Elastic Environments →

December 11, 2016 by Marc Handelman in All is Information, Cloud Security, Conferences, Education, Information Security
December 11, 2016 /Marc Handelman
All is Information, Cloud Security, Conferences, Education, Information Security

Amazon Snowmobile →

December 01, 2016 by Marc Handelman in All is Information, Computation, Cloud Security, Cloud Data Storage

When you've got 100 Petabytes of data burning a big hole in your datacenter's front pocket, and you just have to import said data into Amazon S3 or Amazon Glacier storage... Whom - shall we say - are you going to call?

H/T

December 01, 2016 /Marc Handelman
All is Information, Computation, Cloud Security, Cloud Data Storage

IoT Security in the Cloud, Best Practices →

November 09, 2016 by Marc Handelman in All is Information, Cloud Security, Data Security, Information Security, Network Security, IoT, IoT Security
November 09, 2016 /Marc Handelman
All is Information, Cloud Security, Data Security, Information Security, Network Security, IoT, IoT Security

Oracle Announces Cloud Identity Management →

September 01, 2016 by Marc Handelman in All is Information, Believe It Or Not, Better Late Than Never, Cloud Security, Identity Management, Information Security, Infrastructure, Middleware Security, Middleware, Identity Cloud Services

Meanwhile, in Better-Late-Tha-Never-News, there is a white paper to accompany the latest Oracle Corporation (NYSE: ORCL) announcement.

 

September 01, 2016 /Marc Handelman
All is Information, Believe It Or Not, Better Late Than Never, Cloud Security, Identity Management, Information Security, Infrastructure, Middleware Security, Middleware, Identity Cloud Services

PhoneBoy, The Great Cloud Migration →

May 11, 2016 by Marc Handelman in All is Information, Cloud Security

Repost of PhoneBoy's latest piece 'The Great Cloud Migration: Existential Threat or Opportunity?... Today's MustRead.

May 11, 2016 /Marc Handelman
All is Information, Cloud Security

It's Cloudy Out There...

March 01, 2016 by Marc Handelman in All is Information, Cloud Security, CIS, Information Security

Chad Woolf, writing at the AWS Security Blog, announces the availability of the CIS AWS Foundation Benchmark. Outstanding.

March 01, 2016 /Marc Handelman
All is Information, Cloud Security, CIS, Information Security

Martinez, The Top Ten

February 22, 2016 by Marc Handelman in All is Information, Good Advice, Cloud Security

Just saw John Martinez present the Top Ten at Bsides Seattle on Saturday. Enjoy.

February 22, 2016 /Marc Handelman /Source
All is Information, Good Advice, Cloud Security

CSA - Call for Volunteers

June 15, 2015 by Marc Handelman in Cloud Security, Information Security

Good news from the Cloud Security Alliance - the organization has decided to begin work on Version 3 of it's eponymous Security Guidance for Critical Areas of Focus in Cloud Computing document, targeting 'critical areas of focus'. Hence the CSA Call for Volunteers, and the contracting of the Securosis team (comprised of Adrian Lane, Rich Mogull and Mike Rothman) for wordsmithing duty. Outstanding.

June 15, 2015 /Marc Handelman /Source
Cloud Security, Information Security

NIST CSD, ITL, CPP Slated to Host 8th Cloud Computing Forum →

May 04, 2015 by Marc Handelman in All is Information, Conferences, Information Security, Cloud Security, Compute Infrastructure, Security, Government

NIST's Computer Security Division and the Information Technology Laboratory (ITL) along with the NIST Cloud Computing Program has announced hosting of the 8th Cloud Computing Forum and Workshop. Registration Information, etc. can be viewed here. Included with the announcement is the Call for Abstracts, noted below:

  • Abstract Submission Deadline: May 15, 2015
  • Abstracts Review Deadline: June 1, 2015
  • Presentation Submission Deadline: July 1, 2015

Interested? Download the 8th Cloud Computing Forum and Workshop Abstract Submission form, additional information resides here.

May 04, 2015 /Marc Handelman
All is Information, Conferences, Information Security, Cloud Security, Compute Infrastructure, Security, Government

Box Crypto, Key Conveyance →

February 13, 2015 by Marc Handelman in All is Information, Compute Infrastructure, Cryptography, Data Security, Encryption, Enterprise Management, Information Security, Infosec Policy, Cloud Security


Well now, this is good news [of coursepurely dependent upon where your place is within the transaction, and future issues of both key management and governance related challenges] as Box has commenced with provisioning customers with their encryption keys. Gotta admire the transfer of risk in this action, all under the guide of enterprise key management...

'Today, Box says it has a new product that gets the job done. Called “Enterprise Key Management (EKM),” the service puts encryption keys inside a customer’s own data center and in a special security module stored in an Amazon data center. The Box service still must access customer’s data in order to enable sharing and collaboration, but EKM makes sure that only happens when the customer wants it to, Box says.' ArsTechnica's Jon Brodkin
February 13, 2015 /Marc Handelman
All is Information, Compute Infrastructure, Cryptography, Data Security, Encryption, Enterprise Management, Information Security, Infosec Policy, Cloud Security
  • Newer
  • Older