Cloud Technology and Security Alert News Digest – Issue #13

Update 2019: We’ve been busy working on some great training content around security, check out the Cloud Academy library to prepare on all-things cloud security.

Explore the power and weaknesses of encryption

Welcome to the Cloud Technology and Security Alert News Digest.
This week we’ll explore both the power and weaknesses of encryption, the fully controlled future of cloud computing that OpenStack might deliver, and the Internet’s darkest, deepest reaches.

When encryption fails

Columbia University CompSci professor Steven M. Bellovin, in an Ars Technia article, observes that encryption alone is not nearly enough to prevent successful breaches like the recent massive theft of sensitive health information from the health insurer, Anthem. While encryption should certainly be part of a security plan, once an intruder has access to your system, the strongest algorithms known to science won’t do a thing. Instead, writes Prof. Bellovin, taking steps to secure your OS and account access should be given far more attention.

OpenStack: the cloud’s most disruptive platform?

Intel’s Billy Cox, writing on the IBM blog, Thoughts on Cloud, nicely describes the potential of enormously scalable projects like OpenStack to radically change our expectations in computing. The closer OpenStack comes to the reliability of integrated upgrades, rolling upgrades, and roll-back, the easier it will become for the enterprise to comfortably adopt new kinds of cloud deployments. And, observes Cox, the sheer scale of OpenStack makes significant and regular developments possible.

A new lock for the box

Jon Brodkin at Ars Technica reports that Box – known for its collaboration-centered online storage service – will now allow security conscious customers to have full control over their encryption keys. Noting that this move is, in a way, a contradiction to the value that easy document sharing gave Box, Brodkin explains that by connecting Box accounts to AWS’s CloudHSM, their new Enterprise Key Management tool might successfully find a middle ground between “open” and “secure.”

The Dark Web

You think Google searches cover a lot of web sites? Mark Stockley at Naked security writes that there might be at least as much of the Internet that Google DOESN’T reach…and, for our general needs, doesn’t have to. However, law enforcement agencies have an interest in peering into what’s known as the Dark Web – those sites that, intentionally or not – are not indexed by commercial search engines. The US military’s DARPA is developing a tool called Memex to intelligently (and boldly) search those places where “no man has gone before.”

Cloud Academy