Category Archives: Cloud Security

Post-Quantum Cryptography (PQC) – Future proofing for quantum-safe encryption !

Everything is hackable! During the RSA Conference 2017 Crypto panel, Prof. Shamir (the letter “S” in the RSA) said, “I think there is a higher chance that RSA could be broken by a mathematical attack.” and he also wondered to note “Quantum Computers” will be a reality soon! That said, the evolution of practical quantum computers are not far away, according… Read more »

Application Container Security Guidance from NIST (Docker Containers)

NIST released an Application Container Security publication (SP 800-190), which delves into the major security risks and concerns related to Container images, registries, OS, orchestration, network isolation. It also presents a long-list of proactive countermeasures and mitigation recommendations for the known risks and example scenarios on how to address container security threats with the recommended countermeasures.  Although it is a quite… Read more »

Automating Security and Compliance Assessments using SCAP – On-demand Scanning and Compliance Reporting with Remediation

Manually assessing security controls, host and application configuration, access control policies, software patch levels and creating on-demand compliance readiness reports has always been a daunting task, especially when it is critical to adhere standards and regulatory mandates.  Not only those processes are very time consuming and they are also highly prone to human errors.  It becomes even more complicated when… Read more »

Data Protection Strategies for Oracle SuperCluster Private Cloud Deployments..

Few weeks ago, a few folks in the SuperCluster community have reached out to me to share information on the Data protection strategies on SuperCluster that we incorporated them for “Secure Multitenancy” deployments. It’s not an easy exercise as we published it as a Cookbook for customers. However, I’d like to share the critical aspects of Data protection that can be… Read more »

Firesheep: HTTP Session Hijacking made so easy !

      1 Comment on Firesheep: HTTP Session Hijacking made so easy !

Way cool ! HTTP Session Hijacking can’t be made simpler than using Firesheep. Couple of days ago, a friend of mine suggested me to login a most popular website and he demonstrated how he took control and accessed my user session in less than a minute. First, I thought he used a network protocol analyser tool such as Wireshark or… Read more »

Cloud Computing confuses Senior IT Professionals :-)

Jim Seward (@VersionOne) asked me to take a look at this research study (by Version One, UK) about the confusion surrounding cloud computing amongst senior IT professionals –  I’m not sure it includes your boss !  This high-level study was conducted with a group of 60 Senior IT professionals at UK….. has revealed some interesting findings.  41% of senior IT professionals admit that they “don’t… Read more »

The 6 Worst Cloud Security Mistakes…

I just had a chance to read this article at DarkReading….it enumerates the following six common security mistakes found with businesses while adopting to Cloud infrastructure based services : Mistake #1: Assuming the cloud is less secure than your data center. Mistake #2: Not verifying, testing, or auditing the security of your cloud-based service provider. Mistake #3: Failing to vet your… Read more »

Fortifying Sun Ray Desktops with Biometric Authentication

Lately I’ve been franctically busy with couple of my ISVs and an SI helping them out on a Citizen-scale National Healthcare Identity Infrastructure solution pilot for one of the populous countries in the Atlantic region – Sorry I cannot disclose the country’s name to abide their privacy laws and to protect my job :-). The solution aims to deliver an Unified Desktop/Voice Infrastructure via Sun Ray… Read more »