WebProNews

Tag: cloud security

  • One-Third of Organizations Struggle With Data Loss Prevention Systems

    One-Third of Organizations Struggle With Data Loss Prevention Systems

    The Cloud Security Alliance (CSA) has bad news for the industry, saying that nearly one-third of organizations struggle with data loss prevention (DLP) systems.

    The CSA is an organization dedicated to helping secure cloud computing. A survey the organization conducted with Netskope found that DLP solutions are a critical component used in cloud security.

    Unfortunately, that’s where the good news ends. While companies are relying on DLP systems, nearly a third struggle to use them effectively.

    Among the top challenges cited by organizations are management difficulties (29%), too many false positives (19%), the need for manual version upgrades (18%), and deployment complexity (15%).

    “DLP solutions are an integral part of organizations’ data security strategy, but leaders are still struggling with this strategy and the implementation of solutions, especially for how complicated legacy and on-prem based solutions are to manage and maintain,” said Naveen Palavalli, Vice President of Products, Netskope. “These findings highlight the need for a comprehensive and easy-to-use cloud delivered data protection solution that integrates into their existing security controls and is a key tenant of their Zero Trust security strategy.”

    Cloud security is increasingly in the spotlight as more and more organizations experience data breaches at a time when the cloud is becoming integral to more companies and industries.

    The Biden administration has signaled it is preparing to regulate cloud security in an effort to better protect organizations. If the CSA’s findings are any indication, it looks like the industry could use the help.

  • Biden Administration Prepares to Regulate Cloud Security

    Biden Administration Prepares to Regulate Cloud Security

    The Biden Administration is preparing to regulate cloud security, viewing the industry as too great a security risk to ignore.

    Cloud computing has become an increasingly integral part of daily life for companies, government organizations, and individuals alike. There’s hardly any aspect of daily life that isn’t touched by the cloud in some way. That ubiquity is a source of concern, especially with the growing number and scope of cybersecurity threats.

    According to Politico, the Biden Administration now views the cloud industry as “too big to fail” and is beginning the process of regulating cloud computing security.

    The industry has “become essential to our daily lives,” Kemba Walden, acting national cyber director, told Politico. “If it’s disrupted, it could create large potentially catastrophic disruptions to our economy and to our government.”

    Industry veterans echoed those concerns.

    “A single cloud provider going down could take down the internet like a stack of dominos,” said Marc Rogers, chief security officer at Q-Net Security and former Cloudflare head of information security.

    Unfortunately while companies have raced to deploy cloud platforms and services, cloud security has often lagged behind, leaving organizations and individuals vulnerable. Even worse, critical infrastructure has come under attack as a result of cloud security lapses.

    “The reality is that today cloud security is often separate from cloud,” said Anne Neuberger, the deputy national security adviser for cyber and emerging technology. “We need to get to a place where cloud providers have security baked in with that.”

    Her sentiments echo those of Google executives, who recently penned a blog post calling for companies to be held accountable for cybersecurity:

    “The bottom line: People deserve products that are secure by default and systems that are built to withstand the growing onslaught from attackers,” the executives wrote.

    The Biden Administration agrees:

    “In the United States, we don’t have a national regulator for cloud. We don’t have a Ministry of Communication. We don’t have anybody who would step up and say, ‘It’s our job to regulate cloud providers,’” said Rob Knake, deputy national cyber director for strategy and budget. The cloud, he said, “needs to have a regulatory structure around it.”

  • Google Cloud May Be Vulnerable to Unnoticed Data Theft

    Google Cloud May Be Vulnerable to Unnoticed Data Theft

    Google Cloud may be more vulnerable than its competitors to unnoticed data theft, thanks to logs that are not as helpful as they should be.

    Cybersecurity firm Mitiga analyzed Google Cloud’s online storage and found that the platform’s logging mechanism comes up woefully short in terms of providing useful information. This is especially concerning since these logs are used by security professionals and law enforcement to identify the scope of a potential breach.

    According to Mitiga, Google’s current logging system cannot effectively differentiate between a threat actor viewing data versus exfiltrating it:

    Even with the detailed logging constraint applied, Google logs events of reading Metadata of an object in a bucket the same way it logs events of downloading the exact same object. This lack of coverage means that when a threat actor downloads your data or, even worse, exfiltrates it to an external bucket, the only logs you would see will be the same as if the TA just viewed the metadata of the object.

    While this issue doesn’t inherently make Google Cloud any more insecure than the next cloud provider, it does mean that customers impacted by a data breach on Google Cloud may have a much harder time taking the appropriate investigative action.

    Mitiga reached out to Google Cloud and received the following response:

    “The Mitiga blog highlights how Google’s Cloud Storage logging can be improved upon for forensics analysis in an exfiltration scenario with multiple organizations. We appreciate Mitiga’s feedback, and although we don’t consider it a vulnerability, have provided mitigation recommendations.”

  • CloudBees: 45% of Execs Are Only Halfway Through Securing Supply Chain

    CloudBees: 45% of Execs Are Only Halfway Through Securing Supply Chain

    The latest report from CloudBees is bad news for the cloud industry, with many companies still not fully securing their supply chain.

    Supply chain attacks have become increasingly common, with hackers viewing them as a high-reward attack vector. Rather than trying to compromise individual targets, a single, successful attack against a vendor whose software or APIs are used by thousands of companies can yield far greater results.

    Unfortunately, many companies have yet to fully secure their supply chain, according to CloudBees. Of the C-suite executives surveyed, 93% believed they were well-prepared for an attack. A deeper dive, however, showed a different story.

    A whopping 45% of execs say they are only halfway through the process of securing their supply chain, with only 23% nearly done. Even worse, a disturbing 64% say they don’t know who they would turn to first in the wake of an attack.

    “We discovered that as software becomes the primary source of customer experience and value, supply chain security is getting the attention it deserves and at the proper levels in the organization,” writes Prakash Sethuraman, Chief Information Security Officer, CloudBees. “However, this study reveals gaps that indicate supply chain security is not well understood, nor are systems as robust or comprehensive as they should be.

    “Bottom line, the results reinforce the concept that software supply chain security needs to go beyond “shift left” to “shift security everywhere” — with automation. The software you are developing must be as secure as possible, but it doesn’t stop there. The delivery process itself must be protected, and you have to be able to detect and instantly mitigate problems in production to consider your software supply chain as secure.”

  • Beginner’s Guide to the Benefits of Cloud Security

    Beginner’s Guide to the Benefits of Cloud Security

    Considering over 45% of US companies have experienced a data breach in the last 12 months, the rate of cybercrime impacting individuals and businesses across the globe is increasing at an alarming rate. While data leaks from breaches may seem like an easily-resolvable problem, they actually contribute to numerous bankruptcy filings, with 60% of small businesses that suffer a leak going bankrupt within the following year.

    With alarming statistics like these, it’s no wonder that more companies are turning toward updating their online security systems. The first line of defense when it comes to data protection and keeping systems safe is cloud security.

    In this article, we’ll be exploring exactly what cloud security is, demonstrating its benefits, and clarifying why your business should be moving to cloud security tools. Let’s get right into it.

    What Exactly is Cloud Security?

    Cloud security is the liberation of security services away from on-site premises and into the remote cloud. Instead of having huge repositories that contain security protocols that you store in your own building, businesses can turn to cloud security to get efficient coverage wherever they are.

    By moving to cloud security, you no longer need all the room for server storage, with the tools and software provided by this online form of security directly linking into your systems. These third-party data centers are often much cheaper to run than in-house data centers, saving your business money while also offering an unmatched level of security support.

    Going beyond this, cloud security is a very generalist term, acting as an umbrella for many types of cybersecurity. Everything from data center security and c to network security and detection and mitigation tools are included in this holistic practice. In short, it’s a comprehensive form of digital security for your business.

    What are the Advantages of Cloud Security?

    When it comes to cloud security, a large part of what makes this system so useful for modern businesses is how convenient and accessible it is. Around 20 years ago, to create a strong cyber defense for your company, you would have to designate large portions of your buildings to server storage space, also then paying someone to look after the servers and set up security protocols.

    Nowadays, by navigating to a cloud security agency, you’re able to select the cyber defense plan that you want and instantly get access to your business. Going beyond just the convenience of this service, there are a range of benefits to using cloud security:

    ●  Scalable

    ●  24/7 Support

    ●  DDoS Protection

    ●  Advanced Threat Detection

    Let’s break these down further.

    Scalable

    When it comes to in-house security, if you need to scale your security defenses, then you have to increase your server capacity, buy more hardware, and potentially even hire more management staff. On the other hand, if you need to increase your security when working with a cloud supplier, you simply click on a different package.

    As you can click through different personalized plans, you’ll always be able to find the very best cloud security package for your business. With this, scalability is made something simple and easy. Instead of having to plan months in advance, all you need to do if you want to boost your defense is to access your cloud supplier’s webpage and increase the scope of your plan.

    Cloud security services make scalability easier than ever.

    24/7 Support

    Another benefit of cloud security is that whenever you need to get in contact with support, you will be able to do so. Instead of an in-house team that has set working hours, cloud security offers 24/7 support, allowing you to get in contact with someone whenever you need to.

    Whether you have a particular problem that you need to sort out or you simply need advice or additional support, you’ll only need to get in contact with your security supplier. This around-the-clock supervision also means that your company is protected at all hours of the day, not just during daylight working hours.

    DDoS Protection

    20% of businesses that have over 50 employees have suffered a DDoS attack within the past 12 months, demonstrating how common this occurrence is. With additional layers of support and their own defenses, cloud security services are much harder to DDoS. Due to the much larger server base, they are much less vulnerable to DDoS attacks, making your business, in turn, less vulnerable.

    With their built-in redundancies and advanced security tools, they’ll prevent attacks and keep your business as safe as possible.

    Advanced Threat Detection

    As cloud security businesses only exist for that one function, all of their time and budget is poured back into the security protocols. Continually developing their defenses to cover every inch of the MITRE Attack Framework and more, they create a comprehensive level of defense.

    From neutralization to detection, every single aspect of this process is covered by a cloud security service, helping to keep your business as safe as can be. It will also cover all of your attack surfaces, helping you with everything from stopping ransomware emails to blocking any data penetration attempts.

    This is really only the beginning, with cloud security providing an incredibly advanced level of security for your whole business. No matter what individual packages or specific security protocols you need, you’ll be able to find a cloud security partner that has it all.

    Final Thoughts

    In an age where the digital threat from hackers is higher than ever, it’s only natural that more and more businesses are turning towards modern methods of protection, mitigation, and defense. As a customizable, scalable, convenient, and comprehensive digital security system, cloud security is one of the most all-encompassing cyber defenses that you can invest in.

    With continual updates, around-the-clock support, and the ability to scale your security services at a moment’s notice, cloud security is the mobile tool that all modern businesses should be looking towards.

  • Oracle Releases Massive April 2022 Critical Patch Update

    Oracle Releases Massive April 2022 Critical Patch Update

    Oracle has released a major April 2022 Critical Patch Update, fixing a whopping 520 issues.

    Oracle regularly releases updates to its software and service. This update, however, is a large one, containing hundreds of fixes. The update also slightly changes the quarterly release schedule, making it easier to plan for future updates

    “With this Critical Patch Update release, Oracle is making a small adjustment to the Critical Patch Update release schedule,” Eric Maurise, Vice President of Security Assurance, wrote in a blog post. “Critical Patch Updates will no longer be released on the Tuesday closest to the 17th of the month of January, April, July, and October, but they will be released on the third Tuesday of January, April, July, and October. This minor adjustment will not affect the frequency of Critical Patch Update releases (still 4 times a year), but essentially, makes it easier to set calendar reminders and determine the date of future Critical Patch Update releases.”

  • IBM Announces SaaS Cloud Pak for Zero Trust Security

    IBM Announces SaaS Cloud Pak for Zero Trust Security

    IBM is going all-in on zero trust security, with the introduction of a Software as a Service (SaaS) version of Cloud Pak for Security.

    In the age of cloud computing, zero trust security is viewed as an essential component. Traditional security focuses on maintaining a perimeter, within which the devices connected to that network are trusted. In cloud computing, however, there is no clear perimeter. As a result, each device must be treated with zero trust.

    “Our customers need to secure their rapidly changing business environments without causing delays or friction in their daily operations,” said Mary O’Brien, General Manager, IBM Security. “It’s not uncommon to have users, data and applications operating in different environments. They all need to connect to one another quickly, seamlessly, and securely. A zero trust approach offers a better way to address the security complexity that is challenging businesses today.”

    IBM is helping companies embrace zero trust security for their operations, with its SaaS Cloud Pak for Security.

    “With a mobile workforce and data residing everywhere, the Internet has become our primary network,” said Mauricio Guerra, CISO for The Dow Chemical Company who will participate in IBM Think on May 11. “Embracing a zero trust architecture enables us to add new capabilities and strengthen security. Working with partners like IBM Security and Zscaler can help us provide users with secure remote access to all of our locations, as well as access to applications wherever and however they are hosted.”

    “Working from anywhere, combined with enterprises’ move to SaaS and the cloud, has effectively rendered the perimeter security model obsolete and traditional security defenses ineffective,” said Jay Chaudhry, Chairman, CEO and Founder of Zscaler. “The only way to truly secure today’s digital businesses is to adopt a zero trust security model where validated user identity is combined with business policies for direct access to authorized applications and resources. Our alliance partnership with IBM Security, as part of the Zscaler Zero Trust Ecosystem, is helping organizations and their employees fully embrace working from anywhere while protecting enterprise data.”

  • Darktrace CEO: People Are Going To Give a Hard Look At Cloud Security

    Darktrace CEO: People Are Going To Give a Hard Look At Cloud Security

    “People are going to really give a hard look at cloud security,” says Darktrace CEO Nicole Eagan. “At the end of the day, it also says when you have something of this scale why not use some artificial intelligence or something that could have spotted this. Actually what was done was pretty blatant. It was 30 gigabytes of data moving to unusual storage locations. So there were a lot of ways that something like an AI system could have detected this and also prevented it from becoming an issue.”

    Nicole Eagan, CEO of Darktrace, discusses how the Capital One cyber attack happened and how it could have been prevented, in an interview on Bloomberg Technology:

    People Are Going To Really Give a Hard Look At Cloud Security

    There is so much positive momentum around cloud and so many benefits that I don’t anticipate seeing a pendulum swing back to on-prem data centers (because of the Capital One cyber hack). What I do think it means is people are going to really give a hard look at cloud security. This attack was a result of a vulnerability known as a configuration error in a Web Application Firewall that was specific to Capital One. What it does show is these configuration errors are actually really very commonplace. They’re commonplace in on-prem data centers and in cloud.

    This does highlight a few things. It does highlight insider threats, someone who had some insider knowledge. It also highlights supply chain level security. At the end of the day, it also says when you have something of this scale why not use some artificial intelligence or something that could have spotted this. Actually what was done was pretty blatant. It was 30 gigabytes of data moving to unusual storage locations. So there were a lot of ways that something like an AI system could have detected this and also prevented it from becoming an issue.

    Capital One Attack Was Human Error

    Configuration errors are basically a human error. Somebody somewhere made a human error, a mistake. We have to expect that humans are fallible and we’re going to see those type of errors. What’s so strange about this one is how public the disclosure was by the attacker on Twitter and GitHub and other places. That was what made it so unusual but also meant that the investigation moved very quickly. It seems like there’s been quite a bit of transparency as well.

    It’s interesting timing because we’re actually going into Back Hat and DEF CON, which is often known as a summer camp for hackers. There will be literally tens of thousands of people in Las Vegas next week. All of this is going to change the conversation. We’re going to see a lot about cloud security, about 5G security, about encryption and decrypting data, and of course, the evolution towards AI-based attacks. 

    What’s interesting is that people want to kind of say let’s make sure we prevent the kind of attacks we saw in 2016 (regarding the election).  The reality is the way the cybersecurity industry works the attackers keep moving on. They keep changing what’s called threat vectors. I do think we’ll see plenty of threats for 2020 but they may not look anything like the ones we saw in 2016.

    People Are Going To Give a Hard Look At Cloud Security – Darktrace CEO Nicole Eagan
  • Oracle to Deliver the Most Comprehensive Cloud on Planet Earth

    Oracle to Deliver the Most Comprehensive Cloud on Planet Earth

    Yesterday Oracle CEO Larry Ellison announced that his company is poised and ready to deliver the most comprehensive cloud this planet has ever seen, and there’s some real substance to what he’s saying.

    Oracle’s new public cloud features their fusion applications delivered as both software as a service (SaaS) and platform as a service (PaaS). On top of their new social network, they will also offer database and Java services.

    A considerable edge which Oracle has over their competition is top-notch security. One of their first customers was the Central Intelligence Agency, and that experience has been at the forefront of all Oracle’s endeavors ever since.

    Oracle CEO, Larry Ellison comments:

    “We have very comprehensive, fine-grained security in our system,”

    “Your database is not commingled with other customers’ data,”

    “It’s a big difference between our cloud and others on the market.”

    “Modern virtual technology is how we offer safety.”

    Check out Ellison’s first tweet from the Oracle Social Network:

    Larry Ellison
    @larryellison     Oracle’s got 100+ enterprise applications live in the #cloud today, SAP’s got nothin’ but SuccessFactors until 2020
    14 hours ago via web · powered by @socialditto
     Reply  · Retweet  · Favorite

    Actually it is a monumental achievement for Oracle who took a lot of flak for moving all their applications from on-premise to the cloud many years back. They have invested heavily over the past half decade and it has really paid off for them. Cloud computing is the next big thing and they were on of the first to get there.

    Ellison again comments:

    “We think a modern cloud lets you decide when you want to upgrade, not have the cloud vendor tell you when you have to upgrade,”

    “We think that’s a very big deal. We’ll allow you, within reason, to decide when to upgrade.”

    And it seems that Oracle is still investing heavily in the future. Earlier this week we reported on the company’s intention to acquire Collective Intellect, a cloud-based social monitor and analytics firm. The addition of Collective Intellect to Oracle’s already broad base of client services will allow their customers to understand and anticipate consumer’s actions on a much fuller spectrum.

    Late last month, Oracle also revealed their plan to acquire Virtue Social Marketing Platform. Among other things, Virtue allows clients to manage social media campaigns across Twitter, Facebook, Google+, and YouTube. This investment alone cost Oracle over $300 million.

    So it’s clear Oracle has no plans to stop and this newest public cloud is their shining masterpiece and, most likely, the foundation for all their future innovations and refinements. They don’t seem to worried about the competition, it sounds like they are ahead of the pack on this one.