Cloud Security Policy

8 steps to write a cloud security policy

Everything is moving to the cloud – a cliche we have heard so often that we have started to believe it to be true. To some extent, it is. The infosec professional has been caught on her heels about cloud security. Just when she got round to analysing the risks of virtualisation, the monster of cloud based services crept up behind her. The simplicity and attractive pricing offered by cloud service providers makes the shadow IT sign up for the service before you could say ‘cloud security’.  There are myriad arguments flying around…

“Everyone’s using Evernote! What’s infosec got to do with it?”

“…but it is free for up to 5 users and we are not more than 5 users!”

“This is way cheaper than what my accounts package costs…and I can access it from home.”

These are words that strike terror in the heart of infosec professionals.

[…]

Beware of the false BBM apps

Ever since Blackberry announced that they will release the BBM (Blackberry Messenger) for Android and iOS, there has been a good deal of anticipation. People from the ‘other worlds’ were waiting to get hands on this messenger. Meanwhile, the slimy underbelly of trojan (designed to look like having one purpose, but actually having another purpose) Read more about Beware of the false BBM apps[…]

The Android permissions conundrum…

I had always heard from the Apple fanboys that the App Store has ‘oh-so-many-checks’ and Apple acts like the protective big brother not allowing malicious apps into the App Store, while Android is a bit of a wild-wild-west. But then, Android is the flavor of the season. A majority of smartphones in use today are Androids. Read more about The Android permissions conundrum…[…]

Practical Wireless Security – Part 1

“It’s wireless! How hard could it be to not install wires?” – Pointy Haired Boss, Dilbert The most coveted words for travelers these days are ‘Free Wi-Fi’. We book ourselves into hotels that offer free Wi-Fi. We pay obscene amounts for average tasting coffee, just to access the free Wi-Fi. Although we use it extensively, Read more about Practical Wireless Security – Part 1[…]

Password Managers… and why you need them

“Show me a person who has not reused his password on at least two websites and I will show you a liar.” – Practical InfoSec All of us, even the most security conscious, have used the same password across multiple logins at least once. Not only that, most of us have used passwords that are Read more about Password Managers… and why you need them[…]