By Chris Hoff

In the Information Security community, many of us have long come to the conclusion that we are caught in what I call my “Security Hamster Sine Wave Of Pain.”  Those of us who have been doing this awhile recognize that InfoSec is a zero-sum game; it’s about staving off the inevitable and trying to ensure we can deal with the residual impact in the face of being “survivable” versus being “secure. [..]”

The storage and computing cloud services, S3 and EC2, respectively, were briefly affected Wednesday.

MIT Technogy review recently published a great article titled: Security in the Ether addressing security, privacy and reliability issues resulting from cloud computing.  Some of the interesting points in this article include the cloud security threat is across two related dimensions.read more

While adoption of server virtualization is proceeding at a gallop, the effort to refine virtualization security reached only a slow trot in 2009.

12 months ago I took on a new initiative here at Tripwire focused on virtualization management.  The vWire project was a separate line of business from Tripwire Enterprise, entirely focused on solutions to make the VI professional’s life easier.  What a ride it has been! Over the past year I had ...

Fantastic doc on how to harden VMware View leveraging RSA technologies, as well as leverage VDI itself to make implementing data loss prevention easier… is now public! it’s meaty, includes step by step, what you can report on, how to implement more stringent controls, and even how to troubleshoot… You can get it by clicking on the doc below…  Have fun!

Google CEO Eric Schmidt says your privacy doesn't exist and a mini uproar ensues. Even one of Mozilla's director of community is giving Bing an endorsement over Google after Schmidt's comments. Let's connect a few dots.

Virtualization and cloud computing has taken off, despite strong lingering concerns over how companies can secure and manage those apps and data. Novell Inc. says it can help.

Novell this week will lay out an ambitious plan to secure applications across heterogeneous virtualization platforms at customer sites and off-premises, an effort designed to play off Novell's strengths in network and identity management.

>i>By Chris Hoff

ENISA (the European Network and Information Security Agency) today launched their 124 page report on Cloud Computing Security Risk Assessment.

At first glance it’s an excellent read and will be a fantastic accompaniment to the the CSA’s guidance.  I plan to dig into it more over the weekend.  I really appreciate the risk assessment approach which allows folks to prioritize their efforts on understanding the relevant high-level issues associed with Cloud.

[..]