Cloud

Prevent your organization falling victim to a cloud misconfiguration breach

Prevent your organization falling victim to a cloud misconfiguration breach

Find out why user training is key to prevent breaches due to cloud misconfiguration Add bookmark We respect your privacy, by clicking "Download Your Copy" you agree to having your details passed onto the sponsor who may promote similar products and services related to your area of interest subject to their privacy policy. You have the right to object. In addition, you will receive our e-newsletter, including information on related online learning opportunities. For further information on how we process and monitor your personal data, and information about your privacy and opt-out rights, click here. Download PDF Attachment Breaches via…
Read More
Why Google’s acquisition of Mandiant may change cloud and cyber security

Why Google’s acquisition of Mandiant may change cloud and cyber security

Google is spending $5.4 billion to acquire cyber security firm Mandiant in a bid to bolster the company’s in-house cyber security resources. The deal, announced on 8 March 2022, is subject to regulatory approval – but the company expects to close on the purchase before the end of the year. Google’s acquisition of this platform and the consulting services that Mandiant can offer may have a major impact on the cloud security landscape. Mandiant set to bolster Google’s existing cloud security Mandiant, founded in 2004, is best known for its security platform – the “Mandiant Advantage Platform” – and its…
Read More
Cloud Security: A CISO Guide

Cloud Security: A CISO Guide

Enterprise Security Strategy Evolving With Cloud Computing More and more enterprises are migrating to the cloud, taking their data and applications – or parts of them – to this computing platform. There are a number of cloud computing setups – from public and private to multi and hybrid. The amount of variations coupled with the abundance of cloud use throughout the enterprise, leaves a level of complexity for IT departments to monitor cloud services, while keeping them secure. This imperative was further emphasized in our mid-year Cyber Security Market Snapshot, which showed cloud topping the list of enterprise cyber threat…
Read More
Harmonization is key to European cloud certification scheme

Harmonization is key to European cloud certification scheme

The European Union Agency for Cybersecurity (ENISA) is in the final stages of its development of the European Cybersecurity Certification Scheme for Cloud Services, with the formal contribution set to be sent to the European Commission in Q2 2022. Speaking to CS Hub as part of the Government and Critical Infrastructure Digital Sumit, Eric Vétillard, lead certification expert at ENISA, discusses how harmonization was a key focus for the cloud certification scheme. Harmonization According to Vétillard, a lot of EU member states consider cloud services in particular “important and highly sensitive”. “This means that there are many certifications, or at…
Read More
The state of cloud configuration security practices

The state of cloud configuration security practices

Find out where organizations need to focus their efforts to secure their cloud applications as revealed by the results of Cyber Security Hub’s Cloud Configuration Security Practices survey Add bookmark We respect your privacy, by clicking "Download Your Copy" you agree to having your details passed onto the sponsor who may promote similar products and services related to your area of interest subject to their privacy policy. You have the right to object. In addition, you will receive our e-newsletter, including information on related online learning opportunities. For further information on how we process and monitor your personal data, and…
Read More
Security must be re-imagined to keep pace with public cloud adoption

Security must be re-imagined to keep pace with public cloud adoption

The adoption of public cloud services is on the rise and with that comes the opportunity for cyber security breaches, due in large part to cloud misconfiguration. Ahead of research to be published by Cyber Security Hub, in partnership with Concourse Labs, revealing the results of a recent survey on cloud configuration security practices we spoke to Don Duet, chairman and co-founder, Concourse Labs about the current state of play and the cloud security challenges organizations face. “There is inherent risk when you do not have complete control over something that is public infrastructure, like the public cloud,” Duet said.…
Read More
Three keys to getting Security-as-Code right

Three keys to getting Security-as-Code right

Over the past decade, we have witnessed tremendous growth in public cloud adoption. This trend will undoubtedly continue to accelerate as organizations rethink and retool their businesses and digital footprints. As cloud usage grows, so too does the number of available cloud services and their complexity. But public cloud is not just a collection of new technologies; it is a new operating model that many organizations now rely on to modernize their businesses. Public cloud breaks traditional security architectures With all the benefits that cloud bestows, it also brings fundamental, inherent security and operational risks that are very difficult to…
Read More
The Cyber Security Issues That Arise When Transitioning to the Cloud

The Cyber Security Issues That Arise When Transitioning to the Cloud

These are extraordinary times and in the haste to migrate to the cloud, organizations may be losing sight of security protocols, cautioned Ranulf Green, head of assurance USA for Context Information Security, a US-based cyber security consultant business. The principal risk organizations face is “rushing an implementation, and therefore, bypassing their usual due diligence in favor of connecting employees who are virtually stranded without in-office access,’’ said Green, who was the guest on this week’s episode of Task Force 7 Radio, with host George Rettas, the president and CEO of Task Force 7 Radio, and Task Force 7 Technologies. This…
Read More
Incident Of The Week: Misconfigured Servers Result In 250 Million Microsoft Cust…

Incident Of The Week: Misconfigured Servers Result In 250 Million Microsoft Cust…

A misconfiguration applied to five Elasticsearch database servers in December 2019 led to the exposure of 250 million customer support records for software maker Microsoft. Changes made to the analytics database’s network security group on December 5, 2019 contained misconfigured security rules that enabled exposure of the data. Upon notification of the issue, Microsoft engineers remediated the configuration on December 31, 2019 to restrict the database and prevent unauthorized access. This issue was specific to an internal database used for support case analytics and does not represent an exposure of the company’s commercial cloud services. The software maker shared news…
Read More
Public Cloud Platforms – A Honey Pot For Threat Actors

Public Cloud Platforms – A Honey Pot For Threat Actors

Today, the shape of the enterprise is changing; that it is to say in sync with cloud capabilities. Workloads are steadily migrating there – a platform using a remote-server network to manage and process data. The concept of the cloud opposes the previous practice of local-server and/or personal computer (PC) storage. Each of the various cloud types (public, private, multi, hybrid) offer enterprise cost benefits, as well as other efficiencies (e.g., steadier output, more storage (external), economies of scale, default security settings, etc.). Yet, the cloud has also morphed into an entry point for threat actors. In fact, cloud computing,…
Read More