Recommendations for IoT Firmware Update Processes: Addressing complexities in a vast ecosystem of connected devices

By Sabri Khemissa, IT-OT-Cloud Cybersecurity Strategist,Thales Traditionally, updating software for IT assets involves three stages: analysis, staging, and distribution of the update—a process that usually occurs during off-hours for the business. Typically, these updates apply cryptographic controls (digital signatures) to safeguard the integrity and authenticity of the software. However, the Internet of Things (IoT), with its […]

Read more...

STAR- A Window to the Cloud

By Raj Samani, Chief Technology Officer/EMEA, Intel Security We are all going to live in the cloud. Well that is what every study, and forecast tells us. From our clash of clans villages, to our connected cars we can expect all of our data to be hosted in an unmarked data center in a town that we […]

Read more...

Smart City Security

By Brian Russell, Co-Chair CSA IoT Working Group Gartner defines a smart city as an “urbanized area where multiple sectors cooperate to achieve sustainable outcomes through the analysis of contextual, real time information shared among sector-specific information and operational technology systems,” and estimates that 9.7 billion devices will be used within smart cities by the […]

Read more...

Consumer IoT Security Impacts

By Brian Russell, Co-Chair, CSA IoT Working Group Within the CSA Internet of Things (IoT) Working Group, we are researching various topics related to securing IoT implementations within an enterprise. One of the more interesting aspects to consider on this subject is the role that consumer IoT devices play in regards to enterprise security. News of exploits […]

Read more...

CSA Congress at PSR 2015 Recap Roundup

By Frank Guanco, Research Project Manager, CSA Global Last week, the CSA Congress and IAPP Privacy Academy teamed up in Las Vegas, Nevada for the Privacy.Security.Risk. (PSR) conference. This was the second privacy and security conference that the Cloud Security Alliance (CSA) and the International Association of Privacy Professionals (IAPP) co-hosted and the conference was a […]

Read more...

ALMOST 90% OF CLOUD PROVIDERS STILL HAVEN’T UPDATED CERTIFICATES 1 WEEK AFTER HEARTBLEED

By Harold Byun, Senior director, Product Management, Skyhigh Networks – See more at: http://blog.skyhighnetworks.com/almost-90-of-cloud-providers-still-havent-updated-certificates-1-week-after-heartbleed/#sthash.FD2ttd1o.dpuf As we’ve reported, hundreds of cloud providers were vulnerable to the Heartbleed bug in OpenSSL even days after the vulnerability was widely publicized. Looking at the latest data pulled this morning, much progress has been made and there are only 42 cloud services that are […]

Read more...