Cloud Technology and Security Alert News Digest – Issue #14

Update 2019: We’ve been busy working on some great training content around security, check out the Cloud Academy library to prepare on all-things cloud security.

Privacy and Security in the Cloud

Welcome to the Cloud Technology and Security Alert News Digest. This week we’ve got Microsoft on privacy and security, IBM on storage, Google on testing Compute Engine apps for security flaws and the United States government on accessing the world’s storage drives.

How the “Equation Group” hacked everything

Ars Technica has published an in-depth narrative of the US government’s National Security Agency (NSA)’s fourteen-year program – dubbed the “Equation Group” – to exploit incredibly elusive vulnerabilities in consumer storage media to gather data from millions of targets. Whatever you feel about governments holding these kinds of powers, the descriptions of their effort, and of Kaspersky Labs’ work to figure it all out, are fascinating.

Microsoft and customer data privacy

Microsoft, perhaps sensitive to customer concerns about recent US government demands for access to private data stored in on Microsoft servers, has announced that it is joining the international standard for cloud privacy, ISO/IEC 27018. The initiative seeks to standardize controls and guidelines for the protection of personally identifiable information in the public cloud environment. As cloudtech reports, Azure, Office 365 and Dynamics CRM Online products are all, according to Microsoft, currently in compliance.

Software-defined storage is the best thing since…the next best thing?

James Bourne at cloudtech (briefly) reports on some reactions to IBM’s recent announcement of $1bn of funding for their new IBM Spectrum Storage service.

Spectrum Storage will offer software-defined storage that permits greater platform integration, elasticity, and options for hybrid storage solutions. However, some critics write Bourne, feel that storage as always been software-defined, but that growing levels of software abstraction can actually obstruct access and performance.

Password-free at last?

Microsoft, according to ZDNet, has plans to support password-free access to online data, using multi-factor authentication based on face, voice, iris, and fingerprint recognition or dongles instead of perennially weak and misused passwords. Microsoft’s support for the Fast Identity Online (Fido) standard will come with Windows 10 and will work with Azure Active Directory authentication.

Security Botnets as a Service

Zack Whittaker at ZDNet reports that Google is testing a botnet-based service that will scan developer applications hosted on the Google Compute Engine for common vulnerabilities. The service will look for cross-site scripting (XSS) issues and mixed content.

Cloud Academy