Cloud Storage: How to protect user credentials against malware

Hi there, recently, during the Black Hat USA 2015 event, some cyber security experts from Imperva unveiled a serious vulnerability that affected (it’s been fixed now) several major Cloud Storage services such as Google Drive and Dropbox. Also, they put in place a practical attack named “Man in the Cloud” (in French). The vulnerability and the corresponding attack…

Backup, Deduplication and Encryption: it’s now possible with ClouDedup

Hi there, in my previous post I presented ClouDedup, our solution for deduplication over encrypted data. I’m now gonna talk about how ClouDedup can be successfully deployed in order to address a very common use case: Backup. Doing regular backups is a strongly recommended practice, even though it happens very often that people don’t know how important a…

Symposia Journal

The latest edition of the Symposia Journal is out, a magazine with community driven high quality articles around Cloud Computing (partly in German). We contributed to the latest edition with an article about the top threats of cloud computing in the IaaS space and how to tackle them. Have fun reading!

Cloud Security and the End-to-End principle

The End-to-End Argument The end-to-end principle in systems design has become famous for its successful implementation in the Internet architecture. It suggests “that functions placed at low levels of a system may be redundant or of little value when compared with the cost of providing them at that low level.” The complexity and cost of…

Cloud Security – Who is Responsible?

A recent survey among cloud providers (via) raises the question about the responsibility for security between cloud-providers and cloud-users. A large majority of 69% out of the 127 cloud providers asked in this survey rather consider the cloud user responsible for ensuring the security of the cloud services (while 35% of the cloud users see…