Articles about Cloud

Ask security professionals to name the biggest threat to their organizations' cloud environments, and most won’t hesitate to give a one-word answer: misconfigurations. Technically, they’re not incorrect, yet they’re defining "misconfiguration" much too narrowly. They’re likely thinking of an Amazon S3 bucket that’s left exposed or a misconfigured security group rule. While identifying and remediating misconfigurations must be a priority, it’s important to understand that misconfigurations are but one means to the ultimate end for attackers: control plane compromise, which has played a central role in every major cloud breach to date.

Considering the steady cadence of news headlines tying cloud breaches to misconfigurations over the last several years, it’s understandable that finding and fixing misconfigurations has been the primary focus of security professionals and their solutions vendors.

Continue reading →

While 72 percent of respondents to a new survey expect that the majority of their apps will be created using cloud-native development by 2023, only 47 percent of them say they know a lot about it.

The survey of over 500 IT leaders and developers across industries, carried out for low-code development specialist OutSystems, shows that selecting the right tools/platforms (52 percent), and architectural complexity (51 percent) are the top two challenges, even for those currently using cloud-native.

Continue reading →

Attackers are finding new ways to target cloud-native environments according to a new report from Aqua Security's Nautilus threat research team.

While cryptominers are the most common malware observed, with increasing frequency researchers have discovered an increased usage of backdoors, rootkits and credential stealers.

Continue reading →

The ransomware threat is very real with attacks growing in size and frequency, in part, because of the acceleration of digital transformation initiatives and the move to embrace digital services as well as the rapid implementation of hybrid ways of working.

As new digital systems required multiple access points for customers, partners, and employees, this has created a vastly expanded attack surface. This has hastened the rise in ransomware attacks, as attackers quickly took advantage of the increased number of possible attack vectors. 

Continue reading →

Over 50 percent of DevOps professionals and leaders say their cloud service provider is already a competitive threat to their B2B or B2C business or is expected to become one according to new research.

The study, carried out for cloud provider Linode, by Techstrong Research surveyed over 500 development professionals, managers and senior managers across 20 industries, and finds 75 percent say that their IT infrastructure will be cloud-based by the end of this year.

Continue reading →

A new report from Enterprise Strategy Group (ESG), sponsored by Keepit, shows that granular and air-gapped backup are critical to data recovery when businesses are hit by ransomware.

Of more than 600 respondents to the survey, 79 percent have experienced a ransomware attack within the last year, with 17 percent experiencing attacks weekly and 13 percent daily.

Continue reading →

The COVID-19 pandemic has led to a technology leapfrog beyond anything we’ve seen in decades. But now that we’ve made this leap is there any going back? And do we have the right technology for enterprises to keep up with new demands?

According to Pew Research, as of around two years into the pandemic, roughly 60 percent of U.S. workers who say their jobs can mainly be done from home (59 percent) are working from home. Our research found that digital experiences like online gaming, streaming and telehealth increased dramatically during the early days pandemic. And now, technologies and experiences like cloud gaming caught on during the pandemic are exploding. 

Continue reading →

A Business Continuity Plan is, broadly speaking, a set of processes and principles to improve resilience and ensure a business can continue functioning. Due to the importance of IT to productivity for almost every organization in the 21st century -- downtime, when IT systems are offline, is its antithesis.

Thanks to the rapid adoption of digital tools spurred on by the pandemic and the general move to online we have seen throughout the world, there is a tremendous amount of risk out there for businesses with online assets, from cyberattacks and ransomware to natural disasters and power outages. However, using cloud-based IT assets such as remote desktops, SaaS applications, and cloud storage of data can be a shortcut to protecting their continuity -- and therefore the continuity of your business.

Continue reading →

What’s the optimal way to manage cloud finances, one of the core disciplines of a FinOps practice?

The answer largely relies on automating efforts, but many FinOps practitioners haven’t taken full advantage of opportunities available to them or of the savings available to their organizations. According to a report from the FinOps Foundation, a Linux Foundation non-profit trade association focused on codifying and promoting cloud financial management best practices and standards, nearly half (49 percent) of the more than 800 respondents (with a collective $30+ billion in annual cloud spend) had little or no automation of cloud spend management.

Continue reading →

According to a new report, 60 percent of IT decision makers say cloud capabilities have been pivotal to helping their organization grow.

The study by Foundry finds this number increases to 64 percent for enterprises and 58 percent for SMBs. The research also shows that on average, organizations will allocate 32 percent of their total IT budget to cloud computing with the total average spend being $78 million over the next 12 months, up from $73 million in 2020.

Continue reading →

The latest research from Cado Security reveals the first publicly known malware that is specifically designed to execute in the AWS Lambda serverless environment.

Named Denonia, the malware downloads and runs crypto mining software, and demonstrates how attackers are exploiting newer cloud computing use cases to take advantage of their ephemeral nature to evade detection.

Continue reading →

A new study from Israel-based XM Cyber, based on findings from nearly two million endpoints, files, folders and cloud resources throughout 2021, shows 94 percent of critical assets can be compromised within just four steps of the initial breach point.

The research team analyzed the methods, attack paths and impacts of attack techniques that imperil critical assets across on-premise, multi-cloud and hybrid environments, and developed tips for thwarting them.

Continue reading →

A new multi-vector endpoint detection and response (EDR) solution from Qualys aims to reduce the risk of compromise with vulnerability management and patching all from a single agent.

Traditional EDR solutions still focus solely on endpoint activity to detect attacks and incorporate only MITRE ATT&CK techniques -- not tactics. This means security teams are forced to rely on additional tools to strengthen their risk management.

Continue reading →

Recent vulnerabilities like Log4j have highlighted how difficult it can be to manage risks and ensure that software patches are kept up to date.

We spoke to Rob Gurzeev, CEO of attack surface management specialist CyCognito, to discuss the challenges involved and how to deal with them.

Continue reading →

With the increased investment in remote workforces since the start of the pandemic and subsequent acceleration in cloud adoption and digital transformation, cost reduction initiatives have grown in importance as a critical consideration for technology leaders and C-Suite.

According to research from Deloitte, two of three (66 percent) organizations globally are currently pursuing cost reduction strategies and, overall, cost reduction initiatives have dramatically increased -- by 74 percent -- since pre-COVID.  Within this, a common assumption is that migration to the cloud instantly translates to cost savings for a business. But without the right evaluation process in place, the true costs of cloud computing can add up fast.

Continue reading →