Cloud Security

Threat Stack Releases 451 Research Pathfinder Report: Refocusing Security Operations in the Cloud Era

Grazed from Threat Stack

Threat Stack announced the publication of the 451 Research Pathfinder Report: Refocusing Security Operations in the Cloud Era. The Pathfinder Report, commissioned by Threat Stack, provides specific and actionable guidance for IT, DevOps, and security teams as they adapt to the increased adoption of public cloud, DevOps practices, and modern infrastructure like containers.

As organizations continue to adopt public cloud and drive towards digital transformation initiatives, many will shift towards a DevOps culture that values agility and flexibility in the development process. The 451 Research Pathfinder Report cautions that it can be easy to overlook security during this transition and provides security guidance for organizations with an IT infrastructure in transition.

MobileIron Modernizes Multi-Factor Authentication for the Cloud

Grazed from MobileIron

MobileIron, the secure foundation for modern work, today announced the addition of MobileIron Authenticator to its comprehensive MobileIron Access cloud security solution. MobileIron Authenticator is a new mobile application that allows organizations to verify a user's identity using the phone as a second factor of authentication.  

Passwords are failing

According to the 2018 Verizon Data Breach Investigations Report, compromised credentials are the top cause of reported data breaches. The best solution is to move beyond passwords, as MobileIron already does with seamless single sign-on for trusted devices and apps. But when that is not possible because of legacy devices or untrusted environments, many organizations look to multi-factor authentication (MFA) as additional evidence to confirm a user's identity. Traditional MFA, however, uses hardware tokens that are easily lost or software tokens that require inconvenient activation through QR codes. Neither of these is an ideal user experience.

Demystifying Cloud Security

Cloud-based IT systems perform important functions in almost all modern sectors. Businesses, non-profit organisations, governments and even educational institutions use The Cloud to expand the reach of the market, analyse performance, manage human resources and offer better services. Of course, effective Cloud security governance is essential for any entity wishing to reap the benefits of distributed IT.

Like all IT domains, Cloud technology faces unique security problems. Although the idea of ​​maintaining data security in The Cloud has long been considered an unmanageable paradox, extensive industry operations reveal numerous techniques that offer effective protection. Because Cloud service providers maintain FedRAMP compliance, effective Cloud protection is feasible and practical in the real world.

Bitglass 2018 Report: Cloud Security Adoption Trails Cloud Usage, Leaving Two Thirds of Organizations Vulnerable

Grazed from Bitglass

Bitglass, the Next-Gen CASB company, today released the 2018 Cloud Adoption Report, its fourth such study, which examines cloud adoption in more than 135,000 organizations around the globe. The report corroborates what is now broadly apparent -  the flexibility, productivity and cost savings benefits of cloud apps have fueled widespread adoption in every industry. Surprisingly, the report finds that the adoption of cloud security technologies lags cloud adoption, leaving many at risk of a data breach. 

The report finds that while 81 percent of organizations globally now use cloud apps, just 25 percent of organizations have adopted single sign-on (SSO), which is typically the first, most basic cloud security technology implemented. SSO combined with multi-factor authentication lowers the risk of phishing and password hacks.

"Cloud adoption hits new highs year after year as organizations worldwide have come to trust platforms like Office 365 and AWS, but it is surprising to see that far fewer organizations have invested in basic technologies like SSO to protect their data in the cloud," said Rich Campagna, CMO, Bitglass. "The disparity suggests that data breaches will continue to plague organizations."

 

A Global Technology Provider for 700+ financial services clients, Increases Efficiency of Personnel and SOC team by 37%

Article Written by Arun Gandhi, Director of Product Management at Seceon and Grigoriy Milis, Chief Technology Officer at RFA

As security breaches and attacks continue to lead global headlines, effective cybersecurity protections are the "new normal" for conducting business today. In addition to recently enacted regulations, with more coming in near future, it is imperative for managed service providers (MSPs) to provide best-in-class security solutions to customers while differentiating themselves from the competition. 

Traditional solutions are no longer sufficient; tools must evolve to combat the increasing sophistication of cybercriminal techniques and technologies. Customized malware exists now that can evade and bypass many of the traditional endpoint security solutions. Traditional signature- and manual calculation-based approaches are simply not sufficient for providing security with the increasing sophistication of cyber threats. Above all, the biggest challenge remains integration of these point solutions as they are from different manufacturers and not built to communicate with each other inherently. 

In business for nearly thirty years, Richard Fleischman & Associates, also known as RFA, is a trusted technology partner to more than 700 clients globally who retain more than $900 billion in total assets under management. Serving as an MSP for its financial sector clients, RFA used a number of traditional solutions and services from large market leaders successfully, but was always challenged to find a solution that could address threats (i.e., detect, contain and eliminate) between the perimeter and endpoints to their required level of sophistication. Multi-layered approaches recommended by industry experts were rendered ineffective as the solutions were note properly integrated and remained silo'ed. Moreover, the level of protection afforded resulted in dissatisfaction when compared to the overhead cost. 

Tripwire Expands Cloud Security Capabilities with Cloud Management Assessor

Grazed from Tripwire

Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced expanded support for cloud environments with Tripwire Cloud Management Assessor (CMA). The solution now features File Integrity Monitoring (FIM) capabilities for addressing publicly exposed data in the cloud, and its core secure configuration management functionality now supports all major cloud providers, including Google Cloud Platform.

"Tripwire is dedicated to helping organizations implement critical security controls in their environments, especially as these environments grow more complex with the adoption of hybrid and multicloud models," said Tim Erlin, vice president of product management and strategy at Tripwire. "We've expanded our capabilities to help organizations keep their cloud environments properly configured and prevent inadvertent exposure of their data."

New Kaspersky Lab Solution for Hybrid Cloud Security Management

Grazed from Kaspersky Lab

To support companies moving to a cloud architecture, today, Kaspersky Lab has launched its new Kaspersky Hybrid Cloud Security offering, expanding the company's virtualization and cloud security portfolio. The new solution is the next generation of hybrid cloud protection for businesses of all sizes, integrated with Amazon Web Services (AWS) and Microsoft Azure.

Organizations that struggle to deal with the speed of business process automation and growth of corporate data are turning to the hybrid cloud to expand their infrastructure. At the same time, more than half (59%) of businesses feel they cannot fully trust its data to cloud services because it could introduce new risks to their IT security. Their concerns are authentic with the lack of visibility in hybrid cloud ecosystems today - making them even more vulnerable to cyberattacks.

 

RedLock, Barracuda Join Forces to Help Organizations With a Cloud Threat Defense Strategy

Grazed from RedLock and Barracuda

RedLock, the Cloud Threat Defense company, and Barracuda Networks Inc., a provider of cloud-enabled security and data protection solutions, today announced their joint efforts to help organizations fulfill their responsibilities in securing public cloud environments. The joint-solution approach offers enterprises the ability to implement a broad Cloud Threat Defense strategy across Amazon Web Services, Microsoft Azure, and Google Cloud environments that aligns with the National Institute of Standards and Technology's Cybersecurity Framework (NIST CSF). The two companies plan several go-to-market initiatives, including joint sales efforts, joint product demonstrations and joint solution collateral development.

"RedLock and Barracuda products fit together to address the security challenges in public cloud computing environments," said Varun Badhwar, CEO and co-founder at RedLock. "The solutions assist enterprises with addressing the four functions of NIST CSF, which include identifying assets, protecting against threats, detecting security events, and responding to incidents. We're privileged to work with Barracuda in helping organizations obtain the benefits of public cloud computing."

McAfee Study Reveals 1-in-4 Organizations Using Public Cloud Has Had Data Stolen

Grazed from McAfee

McAfee, the device-to-cloud cybersecurity company, today announced its third annual cloud adoption and security report, Navigating a Cloudy Sky: Practical Guidance and the State of Cloud Security. The report outlines the current state of cloud adoption, the primary concerns with private and public cloud services, security implications and the evolving impact of unmanaged cloud use for the more than 1,400 information technology (IT) professionals surveyed.

Lack of adequate visibility and control is the greatest challenge to cloud adoption in an organization. However the business value of the cloud-Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (SaaS)-is so compelling that some organizations are plowing ahead. Fortunately modern cloud security tools and practices don't require organizations to make that difficult choice between business velocity and data security.

"Despite the clear prevalence of security incidents occurring in the cloud, enterprise cloud adoption is pressing on," said Rajiv Gupta, senior vice president of the cloud security business unit, McAfee. "By implementing security measures that allow organizations to regain visibility and control of their data in the cloud, businesses can leverage the cloud to accelerate their business and improve the security of their data."

New Global Standards for Cloud Security

Article Written by Avery Phillips

As of May, the requirements of cloud security will be getting an overhaul. The General Data Protection Regulation (GDPR) will introduce tighter security protocols for many businesses not just in the EU, but around the world. You are mistaken if you think that the GDPR is only going to affect European companies and organizations. 

Appnovation, a global IT company, understands the GDPR's reach when they state "Put simply, this is something which will [affect] every organization that processes EU citizens' data, whether processed within or outside Europe." This bombshell that's about to drop on the digital security and data world is going to change the cloud and hold companies accountable for how they process sensitive data on it.  

Failure to adhere to these policy changes will result in hefty fines to your business. So, if you hold extensive data on the cloud, you'll want to know how it's going to change in accommodation for the GDPR. Read below to understand how and why it will change cloud security.