Recently in Cloud Security Category

The adoption of virtual firewalls and IDSs has begun to rapidly accelerate among Managed Security Service Providers. Virtual devices, including Juniper Vsys, Cisco ASA Virtual Context Features, Checkpoint VSX, Fortinet VDOM, Cisco VSG, and Vmware Vshield, work similarly to their physical counterparts and use industry standard VLAN technology. Virtual firewalls are particularly advantageous for service providers as they can manage hundreds of domains utilizing only one or two physical devices. Therefore, costs and complexity are reduced while consistent service levels become easier to maintain. nFX One solutions enable MSSPs to cost-effectively integrate, monitor and correlate data from these virtual environments. Utilizing nFX rules based event routing, service providers can map virtual firewalls to specific MSSP customers and easily manage and route events. - Bill Leroy

In the recent Article published by CRN
Comodo Attack Sparks SSL Certificate Security Discussions.
Brian Price writes about the Security and Trust of Internet Certificate Authorities
"A spotlight on one of the basic issues of the Internet -- proper authentication". Certificate Authorities have been one of the largest Cloud Security Services that implied a certain amount of trust for the site was established the content holder was verified by Dunn and Bradstreet the person requesting the certificate holder needed to have a Corporate Officer verify the request of the Certificate was authorized etc... The CA Authority was thought to be under the tightest security requirements to protect top level Trusted Servers. As time passed on more and more Certificate authorities came on line with competitive pricing and free Certificates the process to obtain a certificate became cheaper and cheaper and these services grew through out the world and slowly but surely the meaning of a trusted server cert became to have less and less value.

The Browser being built much like the Internet Operating Systems being distributed did not provide the end-user with much security protection or end-user knowledge about what all this technology meant who was managing it and what were the Risks in using it. End Users were provided these amazing services without knowing of it's fragile infrastructure. Brought to you by the same people that provided telephone and television services, end users thought that this medium would provide the same type of trusted dial-tone service they had experienced before with the telephone, television, movies theaters, public libraries, art museums, and radio.

We were all pioneers of the digital age, moving at speeds of light to connect the world to a global communications society. Today we are seeing how amazing this new technology is changing the world, as fragile as it is. Over the last few years we have also seen a new concern over this mass media speed of light world wide communications infrastructure
that is, how do we make it secure enough for the end user to trust it after so much has been published about it's security flaws?

The new language of today is Continuous Monitoring, Situational Awareness, Secure Coding, Information assurance as we try to hold on to this vast communications infrastructure of open societies. Cloud Service Providers and Software/Hardware manufactures realize to keep this technology moving forward the service needs to provide the end user that same feeling of security they feel when turning on a light in their homes.

This internet/and wireless mobile cloud services are still at the very beginning of their development as new technologies are unraveled, Service Providers are now more aware then ever that security and privacy are on the minds of all their potential customers and because if its success and impact on daily lives of it's citizens
from Banking to managing the shipment of goods, governments world wide want to make sure it's stability is not compromised by hostile forces.

On boarding trust relationships for Cloud service providers and including DNS services
will need to change. Using the Internet for Services is still a Risk Based decision.

Dr. Michio Kaku's keynote address at the RSA conference was full of thoughts on what the near future holds for us in the way of technology breakthroughs. Dr. Kaku quoted Woody Allen on eternity, "Eternity is an awful long time, especially near the end." And shared his thoughts on the future of Medicine, in which he states that all medicine will be resolved with computers.

Dr. Kaku's discussed "augmented reality", where people can use contact lenses to get 360 degree vision by getting information from remote cameras with information being fed to us on-demand and streaming across our field of vision, and advent of real-time translation of foreign languages.

Most of these breakthroughs he explained, are already being developed and tested, including the creation of entirely new organs (livers,pancreases, and hearts) out of a mere few cells from your body or growing new ear, for example, will be commonplace.

By employing nano technology to design new versions of molecules, that when injected, will seek out cancer cells and kill them before they multiply. Diseases often take 20 years to fully develop and just imagine being able to detect them when they are only a few cancer cells in your body.

In this nano technology and quantum computing world of the future, will we reduce the threat level of technology misuse? Dr. Kaku's outlook about the future is very positive and it is interesting how he points to the role of science fiction in modern technology developments.

In Author C Clarke's 3001 the Final Odyssey, Astronaut Poole is brought back from his deep frozen space voyage. "I hope Poole told himself, that confidence is justified." Someone once said that any sufficiently advanced technology is indistinguishable from magic. Will I meet magic in this new world -- and be able to handle it?

Information Security Governance - Hybrid Security Cloud Provider Services and Security Team Management Collaboration and Trust.

One of the most important elements of Information Security Management is the ability for Information Security, Physical Security, and IT teams to collaborate.

A key issue any organization is effective team leadership, socialization, and collaboration. If the security team does not have the ability to collaborate or share information readily amongst themselves, there can be wasted efforts and the duplication of real-time analytics work. Information Security Management should be an enabler of team collaboration and trust.

Security Information and Event Management can provide a wealth of information but if you can not truly resolve incidents and or mitigate them, what you have is really nice log and event management with no ability to resolve them. This is why using organizations have turned to Hybrid Cloud Security Solutions for 24x7 monitoring and incident resolution.

Although this may not help in solving team collaboration issues it will be a way for your Security and IT teams to utilize expert knowledge in event identification and resolution or more importantly, the pre 0 day resolution of what is NOT currently happening, but what is about to hit... and how to mitigate that issue. If your security and IT teams have working trust relationships with their teams or other teams including Hybrid Service providers then your organization will work.

This is what NIST/MITRE SCAP is really all about; the ability for everyone to collaborate, whether it is configuration management, vulnerability assessment, situational awareness, incident response, or mitigation