In light of the upcoming “capture-the-flag type” type contest at DEF CON, this is as good a time as any to talk about social engineering. There is no technical solution to this issue. Humans cannot be patched (I am paraphrasing from a t-shirt that I saw at a conference). So, we need to help people recognize a scam when they see one.

In a CSO Online article they talk about the favorite ‘pick-up’ lines of social engineers. These and some stories shared by the publication’s readers are pretty instructive, so I will mention a few of them here for everybody’s benefit.

At the end of April, IntraLinks attended Infosecurity Europe, Europe’s largest information security event. Celebrating its 15th year, Infosecurity Europe attracted over 12,000 information security professionals to Earls Court Exhibition Centre in London, where delegates gathered to discuss the most pressing information security issues and attend a variety of education sessions hosted by international speakers and industry experts.

With over 300 exhibitors, Infosecurity Europe provided the perfect opportunity to showcase new and innovative services to top security professionals across Europe. IntraLinks was there to showcase IntraLinks Courier, a secure, efficient and cost effective solution to streamline ad-hoc large file transfers. IntraLinks Courier seamlessly integrates with company email systems or can be used as a desktop application or via a web-based browser, introducing unmatched security to help business users securely exchange large files while maintaining compliance with requirements that govern their businesses.

What can be inferred from this headline that an IT trade publication recently ran about a study conducted by Microsoft and Indiana University: “SaaS Apps May Leak Data Even When Encrypted, Study Says”?

1. There was a study conducted on SaaS apps leaking data.
2. The study stated that SaaS apps leak data.
3. The study says SaaS apps do not sufficiently protect data.                      
4. A combination of options one, two and three.
5. The study primarily pinpointed security threats to misconfigured Web applications depending on data they process.

This is the next in a series of guest blog posts by IntraLinks’ collaborators, partners, and vendors. Jim Reavis is co-founder and executive director of the Cloud Security Alliance. The CSA is dedicated to developing and promoting best practices to secure cloud computing, and counts among its constituency a broad group of stakeholders which include both providers and consumers of cloud computing. IntraLinks is one of the newest corporate members of the CSA.

In many respects cloud computing is not new as veteran companies such as SalesForce.com and IntraLinks have been delivering business applications as a hosted service for over a decade.

No enterprise today can afford to ignore the compelling benefits of cloud-based computing and the SaaS delivery model it enables. Yet CIOs continue to be reluctant (justifiably in some cases) to entrust critical data and business processes to cloud-based systems. In fact, these concerns over security and reliability are widely cited as the biggest inhibitors to widespread enterprise adoption of cloud computing, even as businesses are increasingly reliant on cloud collaboration services for e-mail and other office communication needs.

The question is: Are these security fears really warranted?

For business with some of the toughest security requirements in the world, there are a number of criteria to consider when evaluating potential vendors in the cloud.