Articles about Cloud security

A new report finds 80 percent of organizations have experienced at least one severe cloud security incident in the past year, and 41 percent say cloud native services increase complexity, further complicating their security efforts

On a positive note though the study, from developer security specialist Snyk, shows 49 percent of organizations now find deployment is faster as a result of improved cloud security.

Continue reading →

New data unveiled by the Atlas VPN team shows that cloud servers are now the number one way in for cyberattacks on businesses, with 41 percent of companies reporting them as the first point of entry.

The data, based on the Cyber Readiness Report 2022 by insurer Hiscox, also shows a 10 percent increase in cloud server attacks over the year before.

Continue reading →

When an organization migrates its IT systems to the cloud -- and builds new applications in the cloud -- it relieves its security team of the responsibility of building and maintaining physical IT infrastructure. The shared security model of cloud dictates that cloud service providers (CSPs) such as Amazon Web Services (AWS), Google Cloud, and Microsoft Azure are responsible for the security of the physical infrastructure. Their customers are responsible for the secure use of cloud resources.

But embracing the cloud for building and managing new applications means security teams cannot deploy the traditional security technologies and processes they’ve long relied on to thwart cyberattacks. Cloud computing represents a paradigm shift in their roles and responsibilities and their approach to protecting sensitive data against falling into the wrong hands.

Continue reading →

New managed detection and response (MDR) offerings launched by Trustwave aim to give organizations real-time 24x7 monitoring of their hybrid multi-cloud environments for active threats and anomalies.

Trustwave MDR and Trustwave MDR Elite are backed by a team of global threat operators, threat hunters, and malware experts. Clients also get a free subscription to Trustwave Security Colony -- a battle-tested resource specifically built for CISOs that includes toolkits, guidelines, playbooks, and assessment capabilities.

Continue reading →

Policy as code is central to establishing and maintaining secure cloud architecture by enabling security teams to impart their knowledge across the organization in a common, machine-readable language.

Cloud computing cyberattacks don’t play out like the scenes from Hollywood thrillers. No one is slowly lowering Tom Cruise into a preselected target’s secure data center equipped with ultrasensitive noise, temperature and motion detectors so he can steal a specific file.

Continue reading →

Microsoft has launched a new family of products called Entra. Microsoft Entra encompasses a number of identity and access management solutions including the existing Azure AD. The launch comes after the acquisition of CloudKnox Security last year, and is Microsoft's attempt to help boost security across multicloud environments -- or "secure access for a connected world".

Bolstering the product family, the company has also launched cloud permission management tool Microsoft Entra Permissions Management​, and Microsoft Entra Verified ID​ -- a system that allows for more secure interactions, based on decentralized identity standards. Microsoft has also announced public previews of Workload Identities​ and Lifecycle Workflows.

Continue reading →

Cloud use is commonplace among large enterprises, with 82 percent of organizations with $1B or more in revenue using three or more clouds, up from 66 percent last year.

However, with the majority of companies (70 percent) using two or more identity systems, 75 percent of respondents say they lack the ability to easily discover all existing access policies, according to a new study conducted by Osterman Research for Strata Identity.

Continue reading →

Ask security professionals to name the biggest threat to their organizations' cloud environments, and most won’t hesitate to give a one-word answer: misconfigurations. Technically, they’re not incorrect, yet they’re defining "misconfiguration" much too narrowly. They’re likely thinking of an Amazon S3 bucket that’s left exposed or a misconfigured security group rule. While identifying and remediating misconfigurations must be a priority, it’s important to understand that misconfigurations are but one means to the ultimate end for attackers: control plane compromise, which has played a central role in every major cloud breach to date.

Considering the steady cadence of news headlines tying cloud breaches to misconfigurations over the last several years, it’s understandable that finding and fixing misconfigurations has been the primary focus of security professionals and their solutions vendors.

Continue reading →

A new survey of more than 800 IT professionals finds that 55 percent of respondents are using three or more cloud providers and 57 percent have five or more cloud security tools.

But the study from Orca Security shows this combination of multi-cloud adoption and disparate tooling is overwhelming security teams with inaccurate alerts. For example, 59 percent of respondents receive more than 500 public cloud security alerts a day, and 38 percent receive more than 1,000 a day.

Continue reading →

Windows users are familiar with Microsoft Defender running on their computers offering local protection, but there is also a cloud-based version of the security tool. Microsoft Defender for Cloud is the result of the unification of Azure Security Center and Azure Defender.

Having already added support for Amazon Web Services (AWS), Microsoft has now added protection for Google Cloud Platform. The latest addition comes as Microsoft recognizes the fact that 92 percent of organizations now embrace a multi-cloud strategy.

Continue reading →