Cloud Security Research at MIT

For several years, computer science researchers at MIT have been reviewing and attempting to address the problem of attacks on data in the cloud. A recent method designed by faculty in MIT’s Department of Electrical Engineering and Computer Science would thwart attacks by disguising memory-access patterns. The scheme would be implemented in custom-built chips that write multiple data queries at the point where data is accessed, serving as a sort of decoy for attackers who are spying on other people’s data.

Read the full MIT News story.

FREAK Still Affects Some Cloud Services

Despite fixes from Apple and Microsoft this past week, the FREAK vulnerability still affects more than 600 cloud services, according to an estimate from Skyhigh Networks. The company scanned its registry of more than 10,000 services. Read the full story in the news.

Learn more about FREAK.

Ten Ideas for Improving Cyber Security

Forbes asked ten cyber experts’ best ideas for thwarting digital security threats include changing the way we think about security and being proactive about protecting sensitive data; encouraging transparency from cloud services about data handling; making better use of encryption; developing systems that present smaller attack surfaces; developing a new secure network for critical infrastructure; and establishing privacy and data security regulation and enforcement for companies. Most acknowledged that there are no easy and quick fixes.

Read the story in the news.

Security Awareness Videos

SANS has regularly been posting a new security awareness video as part of an effort to make every month security awareness month. These Securing the Human videos will also be featured as part of the security courses soon to be offered through the MIT Learning Center. Look for these courses in the online catalog as they become available in the summer of 2013.

The newest Securing the Human video of the month from SANS is “Cloud Security.” This video explains what the Cloud is and how you can use it more securely.

Cloud Computing: The Security Debate

A lively debate took place last Fall at Indiana University featuring passionate arguments on the nature, status and future of cloud security in and beyond the higher education environs. The article posted by Educause captures the salient points, key quotes and a bit of the color that permeated the two sides of the discussion: Cloud now or cloud how?

After reading the article, what do you think?

Putting Data in the Cloud

The central question for anyone doing cloud computing is, “do you have control?” Reliance on a cloud vendor (like Dropbox, Google, Apple’s iCloud and Amazon’s EC2) could lead to breaches and in some recent high-profile cases, already has. Epsilon last year and Dropbox this year reported breaches of their systems.

The problem is that individuals can put personal- or business-sensitive data into a cloud storage service, where anyone with access to the server could potentially read the file. While the design of the cloud service allows third parties to access their user’s accounts, it also leaves the data less secure than a system that encrypted the data before sending it into the cloud.

These five best tips come from an article posted by CNN:

  1. Back up everything – in the cloud or on the ground
  2. Use a bunch (maybe hundreds) of different passwords
  3. Don’t link all of your accounts together
  4. Use two-factor authentication on Google and Facebook
  5. Don’t use “find my Mac” on Apple computers

For interest, read Mat Honan’s story, who lost all his photos and other data by using cloud-based services when he was hacked.

Is Your Data Safe in the Cloud?

A recent news item illustrates that data loss is one of the risks you may take when storing data in the “cloud.” Cloud storage, such as the service provided by Amazon.com, is one way to store business data in a more cost-effective and efficient manner, rather than having each business use large data centers that require cooling, physical space, and other resources to maintain.

Cloud computing is the term used for the provision of computer resources via a computer network, such as applications, databases, file services, email, etc. The online email service by Google, Gmail, is an example of cloud computing.

Amazon’s huge EC2 cloud service apparently crashed and permanently destroyed some of their clients’ data last week. Amazon has yet to fully explain what happened when its mission-critical and supposedly bomb-proof systems crashed. But what is clear is that a fail-safe measure, such as shifting the data access from one center to another if a crash occurs, was not in place, as expected.

Read the story in the news at InformationWeek.com and MSNBC.com.

Update:

Amazon did post a summary of the occurrence from last week, which can be read here.

In addition, Jeff Schiller of IS&T feels the more appropriate message is: “Not all services are the same and you should design your systems and applications taking into account the nature of the facilities and the guidance of the cloud provider.” Amazon will be offering webinars on how to properly use their services to avoid data storage failure even when the infrastructure fails.