Tips and tricks for securing data when migrating to the cloud

Find out how you can have a safe and secure transition to the cloud. This guide describes tips and steps to take to ensure your data is secure during a migration.
The post Tips and tricks for securing data when migrating to the cloud appeared first on… Continue reading Tips and tricks for securing data when migrating to the cloud

Trend Micro Employs Serverless Computing to Scan Cloud Files for Malware

Trend Micro has developed an antimalware tool, based on a lightweight, serverless computing framework, that can scan files for malware before they are stored in cloud services. Cloud storage services have become a significant attack vector, as cybercr… Continue reading Trend Micro Employs Serverless Computing to Scan Cloud Files for Malware

Microsoft Adds 2FA-Protected “Personal Vault” Within OneDrive Cloud Storage

Microsoft has introduced a new password-protected folder within its OneDrive online file storage service that will allow you to keep your sensitive and important files protected and secured with an extra layer of authentication.

Dubbed Personal Vault,… Continue reading Microsoft Adds 2FA-Protected “Personal Vault” Within OneDrive Cloud Storage

Meanwhile, In News of the Coming Software Apocalypse…

via Paul Kunert, writing at El Reg, comes this story of persistent login issues with Microsoft Corporation’s (Nasdaq: MSFT) ‘Cloud’ based Office Not-So-Productive productivity product, monikered O365 – Oh, but you knew that, since you’ve been unable … Continue reading Meanwhile, In News of the Coming Software Apocalypse…

Google launches ‘Data Transfer Project’ to make it easier to switch services

A lot of new online services are cropping up every day, making our life a lot easier.

But it is always harder for users to switch to another product or service, which they think is better because the process usually involves downloading everything fro… Continue reading Google launches ‘Data Transfer Project’ to make it easier to switch services

New S3 Encryption Feature, Is Amazon’s Encryption Move Enough?

data-sleeping.png

You be the judge… Essentially, all are targeted at data-and-objects-at-rest, rather than in-motion (except, perhaps the new cross-region replication feature with KMS).

Regardless, all of the annouced new features are welcome (in my currently rather jaded opinion). Now, if we can just overcome human error (not to mention blatant developer and data-owner lack-of-attention-to-detail, read about that here)…

  • Default Encryption – You can now mandate that all objects in a bucket must be stored in encrypted form without having to construct a bucket policy that rejects objects that are not encrypted.
  • Permission Checks – The S3 Console now displays a prominent indicator next to each S3 bucket that is publicly accessible.
  • Cross-Region Replication ACL Overwrite – When you replicate objects across AWS accounts, you can now specify that the object gets a new ACL that gives full access to the destination account.
  • Cross-Region Replication with KMS – You can now replicate objects that are encrypted with keys that are managed by AWS Key Management Service (KMS).
  • Detailed Inventory Report – The S3 Inventory report now includes the encryption status of each object. The report itself can also be encrypted. – via Jeff Barr, writing at the AWS Blog

And, thanks for the H/T go out to Trey Blalock over at rapidly growing Firewall Consultants!

Permalink

The post New S3 Encryption Feature, Is Amazon’s Encryption Move Enough? appeared first on Security Boulevard.

Continue reading New S3 Encryption Feature, Is Amazon’s Encryption Move Enough?

New S3 Encryption Feature, Is Amazon’s Encryption Move Enough?

data-sleeping.png

You be the judge… Essentially, all are targeted at data-and-objects-at-rest, rather than in-motion (except, perhaps the new cross-region replication feature with KMS).

Regardless, all of the annouced new features are welcome (in my currently rather jaded opinion). Now, if we can just overcome human error (not to mention blatant developer and data-owner lack-of-attention-to-detail, read about that here)…

  • Default Encryption – You can now mandate that all objects in a bucket must be stored in encrypted form without having to construct a bucket policy that rejects objects that are not encrypted.
  • Permission Checks – The S3 Console now displays a prominent indicator next to each S3 bucket that is publicly accessible.
  • Cross-Region Replication ACL Overwrite – When you replicate objects across AWS accounts, you can now specify that the object gets a new ACL that gives full access to the destination account.
  • Cross-Region Replication with KMS – You can now replicate objects that are encrypted with keys that are managed by AWS Key Management Service (KMS).
  • Detailed Inventory Report – The S3 Inventory report now includes the encryption status of each object. The report itself can also be encrypted. – via Jeff Barr, writing at the AWS Blog

And, thanks for the H/T go out to Trey Blalock over at rapidly growing Firewall Consultants!

Permalink

The post New S3 Encryption Feature, Is Amazon’s Encryption Move Enough? appeared first on Security Boulevard.

Continue reading New S3 Encryption Feature, Is Amazon’s Encryption Move Enough?

Uber reaches deal with FTC on consumer privacy, agrees to new program

Ridesharing behemoth Uber agreed Tuesday to institute “a culture of privacy” in how it handles personal information from its passengers and drivers, following a Federal Trade Commission investigation that revealed the company misrepresented its internal data access policies and failed to take reasonable security measures to safeguard data in the cloud. The FTC announced the proposed settlement — which does not include any financial penalty on Uber — in a press call held by the agency’s acting Chairwoman Maureen Ohlhausen. The settlement, she said, will last for 20 years and “requires a culture of privacy at Uber” — which has to appoint a privacy officer, institute a privacy program and get it audited by an independent third party. FTC officials say that they don’t have the power to impose penalties — except for violations of existing orders. The commission also generally doesn’t seek financial redress for consumers unless there is a tangible […]

The post Uber reaches deal with FTC on consumer privacy, agrees to new program appeared first on Cyberscoop.

Continue reading Uber reaches deal with FTC on consumer privacy, agrees to new program

NSA cyber-defense chief: ‘I have never been more busy’

The man responsible for leading the National Security Agency’s defensive mission says his team is fielding more calls than ever from agencies across the government. Dangerous, highly capable hackers and a desire by agencies to adopt cloud technology have increased the workload for Information Assurance chief Paul Pitelli and his office, which he says is “sort of like the Geek Squad for defense” in government. Pitelli is a career professional who has served in the NSA for more than 20 years as the secretive spy agency transformed into what it is today — a highly sophisticated technology behemoth with an array of federal responsibilities, including both signals intelligence and protecting sensitive government systems. With the recent retirement of former Information Assurance Directorate head Curtis Dukes, a renown computer scientist and intelligence community icon, Pitelli took on an increased role in an ever important effort to ensure that the Defense Department and broader government […]

The post NSA cyber-defense chief: ‘I have never been more busy’ appeared first on Cyberscoop.

Continue reading NSA cyber-defense chief: ‘I have never been more busy’