Video Screencast Help
Authentication (User) Blog
Showing posts tagged with cloud security
Showing posts in English
nicolas_popp | 05 Feb 2012 | 0 comments



In the same way, the cloud emerged from software virtualization, cloud security can only emerge from the process of virtualizing security itself. As virtualization separated software from hardware, allowing enterprise software to freely move first across servers and eventually to external cloud infrastructures, security must now be separated from enterprise applications so themselves can be replaced with new cloud applications and eventually move to specialized clouds. Enterprises worldwide are already embracing the cloud for email, CRM, file sharing, collaboration, HR and other functional business applications. To properly manage cloud risk and compliance, IT needs a consistent way to inject its own security policy across cloud applications. Since these applications are operated by different cloud providers with different security capabilities, distinct security frameworks and diverse APIs, the security needs to be implemented outside...

nicolas_popp | 20 Apr 2011 | 0 comments

Last week, the White House announced its official National Strategy for Trusted Identities in Cyberspace (NSTIC). NSTIC is the largest-ever effort by the federal government and private sector partners (including Symantec) to develop a secure, standards-based and interoperable online identity system. The goal: Improve the security and privacy of online interactions and more effectively fight cybercrime. Today's announcement marks the culmination of two years of effort by VeriSign (first as an independent company and later as part of Symantec) to help bring this important initiative to life.

At the heart of NSTIC is the concept of an Identity Ecosystem based on trusted identity frameworks. Trusted identity frameworks are the lynchpin to...

nicolas_popp | 02 Jun 2010 | 0 comments

I have been involved with a couple similar initiatives around certification for identity and thought it would be interesting to explain the logic behind these efforts. The first initiative is led by the Open Identity Exchange and is based on the Open Identity stack. The second is more enterprise cloud focused; it is driven by the Cloud Security Alliance (CSA). The CSA is developing a more SAML-oriented technology blueprint within OASIS. The technology protocols are different but the risk controls are similar. Therefore, I am hopeful that both trust frameworks will converge (I will certainly try to help them converge).

But let us re-hash the motivation of the industry that sponsors these efforts. A trust framework is necessary to enable policy...

nicolas_popp | 20 Apr 2010 | 0 comments

For most enterprise and security vendors, the cloud is fascinating both as a technology and a business disruptor. In fact, SAAS CEOs such as Successfactor, SalesForce and NetSuite are hot shots in Silicon Valley these days. Yet, most of us are still wondering how much IT budget is actually going to be thrown at the so-called private, hybrid and public clouds in 2010. So what is in the way of the big shift?

We had a good discussion on this topic at AlwaysOn today. At least, it seems that everyone agrees on the main challenges: integration is harsh, security is dicey and compliance seems out of reach. So, where do we start? I am starting to believe that there too, we need to provide a baseline for cloud security and trust. Like PCI for e-commerce, a certification for the cloud will not make the cloud completely secure, but it will at least provide a set of common definitions and best-practices...

nicolas_popp | 15 Jan 2010 | 0 comments

As one of the world's leading security vendors, VeriSign has been asked to discuss the top 10 most important security areas for 2010. So, ahead of my new year's resolution, I decided to indulge (after a year working heads down on a single product, it is a fun exercise to think of all the things that you have been missing out on). Although the list is far from complete, it is clear to me that there is no recession for the bad guys. In fact, it has probably never been a more interesting time to be in the security business.

Security Prediction #1:
Cloud Security (Securing the Next IT Infrastructure)

Call it cloudmania or software as a service (SaaS) hype, data, applications, or networks: The whole IT infrastructure is shifting to the cloud. With it, a large chunk of today's IT budgets will be redistributed to the next Google of the cloud. In 2010, SaaS security will be in the forefront as chief information officers ponder their increasing...

Tim Callan | 17 Aug 2009 | 0 comments

Posted by Fran Rosch, SVP of User Authentication, VeriSign

This article was also published in SC Magazine.

All too frequently, reports surface of high-profile hacks victimizing individuals using weak password protection. But, unlike the inconsequential account break-ins hitting Britney Spears, Ashton Kutcher or Sarah Palin, the consequences of some compromised accounts raises serious implications for cloud services security.

Your personal and professional security is only as strong as your weakest password. And for IT managers, the security of an organization's cloud-based resources is only as strong as your most careless employee's weakest password.

Personal information can be harvested many ways - and the viability of traditional usernames and passwords are undermined by the "forgot...