InfoQ Homepage Cloud Security Content on InfoQ
-
ZeroDB Internals and End-To-End Database Encryption
In an article published in their blog, ZeroDB team explains how it works. ZeroDB is an end-to-end encrypted database, which means that the database server does not need to be secure for the data to be safe. The way this works is that query logic is being pushed down to the client. The client also holds the decryption keys for data. The client encrypts data with a symmetric key at time of creation
-
Amazon CloudWatch Supports JSON Logs and Integrates AWS CloudTrail
Shortly after releasing the AWS CloudTrail Processing Library (CPL), Amazon Web Services has also integrated AWS CloudTrail with Amazon CloudWatch Logs to enable alarms and respective "notifications from CloudWatch, triggered by specific API activity captured by CloudTrail". The implied support for monitoring JSON-formatted logs has recently been officially released as well.
-
Amazon releases AWS Key Management Service
At their re:invent 2014 show Amazon launched AWS Key Management Service (KMS), “a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys”. At launch the service supported EBS, S3 and Redshift. Additional support for Elastic Transcoder was added in late November.
-
AWS Releases CloudTrail Processing Library
Amazon Web Services (AWS) recently released the AWS CloudTrail Processing Library (CPL), a "Java client library that makes it easy to build an application that reads and processes CloudTrail log files in a fault tolerant and highly scalable manner".
-
Google to remove support for SSL 3.0
Google have announced that they will remove support for the obsolete SSL 3.0 after discovering vulnerabilities that may be exploitable by forcing clients or servers to downgrade. Removing SSL 3.0 may also unlock stalled negotiations with HTTP2. Read on for more details.
-
CloudFlare Universal SSL - Free Web Security for All
CloudFlare have made SSL available to all free subscribers to its content delivery network (CDN) with Universal SSL. The move addresses both cost and complexity issues that have previously confronted web site and application owners wanting to deploy SSL. CloudFlare takes care of issuing a certificate at no cost to the end user, and enabling SSL becomes a selection from a dropdown menu.
-
Refreshed AWS Trusted Advisor Offers Several Free Checks
Amazon Web Services (AWS) has recently integrated the AWS Trusted Advisor into the AWS Management Console and made four security and service limit checks available at no charge. Additional checks from the security, performance, fault tolerance and cost optimization categories remain part of their Business and Enterprise support tiers.
-
AWS Expands Credential Lifecycle Management and Monitoring
AWS Identity and Access Management (IAM) recently expanded available password policy rules to enable self-service password rotation. A new credential report provides visibility into the AWS credentials security status. AWS also added logging of AWS Management Console sign-in events to AWS CloudTrail.
-
AWS CloudTrail Expands Auditing of API Calls
Amazon Web Services (AWS) has considerably increased the number of services supported by AWS CloudTrail to cover the majority of the extensive AWS service portfolio. This now includes most compute and networking and all deployment and management services, thereby providing comprehensive end to end auditing of almost any changes to customer’s infrastructure.
-
Node Security Project Aims at Making Node.js More Secure
Node Security Project has been quietly working at improving Node.js security for a few months now. The project has the goal of auditing Node.js existing module base to help "improve Node landscape and provide confidence to developers and enterprises about the state of security in Node.js land."
-
Heartbleed allows dumping client and server memory remotely
The recently disclosed Heartbleed bug allows a remote client to query the contents of a remote SSL server's memory when using vulnerable versions of OpenSSL, disclosing passwords and other secure credentials to eavesdroppers. Application sites like Yahoo! Mail and Amazon Web Services have been affected. Read on to find out more about what the bug entails,and what you should do.
-
A Few Highlights from QConSF2013- Part 2 of 2
It's one thing having an in-house training program. But there is a certain deeper insight that can be gained from attending a Q-Con conference in person. Which may be one reason why attendance at the globe-hopping event continues to grow.
-
Tune Up Your Online Privacy with Clef
Clef is like a retina scan for your smart phone, which gives a whole new meaning to Retina Display. You can use Clef as an Open ID to log in from your smart phone only once to access many different web sites when online. Rather than typing in your user ID and password for each web site.
-
AWS Summit 2013: Focus on Cost, Security, Big Data and DevOps
Amazon's free, one-day cloud community event took place in Berlin this month. Aimed at developers, technical and business leaders, the topics of the series increasingly focus on cost effectiveness, high availability, big data and security. The summit was complemented with presentations from successful local AWS adopters.
-
Businesses in US Embracing Cloud at Faster Rate than in UK, Survey Shows
While 94% of businesses consider business process automation an important component of their overall productivity, opinions differ on the role of cloud technologies in automation solutions. According to a new survey conducted on behalf of Redwood Software, the use of cloud technologies differs greatly between the United States and United Kingdom, and among industries.