How identity and access management is causing headaches in cloud security

Identity and access management (IAM) is seen as an important tool for determining who’s who in a nefarious cloud landscape – but organisations are struggling to get to grips with it, according to new research.

The latest Cloud Report from cloud access security broker (CASB) Netskope has revealed the majority of Center for Internet Security (CIS) benchmark violations occurring in Amazon Web Services (AWS) environments fall...

By James Bourne, 25 October 2018, 1 comment. Categories: Data & Analytics, Infrastructure, Research, Security.

Check Point Software acquires Dome9 to beef up multi-cloud options

Check Point Software, an Israel-based cyber security firm, has announced the acquisition of compatriot Dome9 – with multi-cloud capability once again proving key.

Dome9, which like Check Point is based in Tel Aviv, offers a SaaS platform which aims to visualise organisations’ security postures in the public cloud. Companies can have verifiable infrastructure security for every public cloud, including the behemoths of AWS, Azure and...

By James Bourne, 24 October 2018, 0 comments. Categories: Data Management, Security.

Understanding the cloud security conundrum: What is the answer?

Name an online cloud storage service provider and you’ll have no problem at all finding reports for a breach. Recently, we’ve seen frequent incidents reported in the press involving companies leaking data through misconfigurations involving the cloud, as well as headlines reporting on user inexperience leading to weak security in cloud deployments.

But user error, complexity and misconfiguration surrounding cloud...

By Evtim Batchev, 19 October 2018, 0 comments. Categories: Data & Analytics, Infrastructure, Security.

Amid various privacy scares – yes, you can collaborate and communicate securely in the cloud

Last week, Facebook announced the launch of Portal, a voice-activated smart home camera device. Considering the recent data breach the company suffered, the tech press response to Portal ranged from bafflement to incredulity.

In response, Facebook senior exec Andrew Bosworth insisted< all processing was done locally on the device – so no information was uploaded to the cloud, or stored on Facebook servers. But is this sensible policy...

By John Mason, 19 October 2018, 0 comments. Categories: Data & Analytics, Data Management, Privacy, Security.

Putting the ‘ops’ back in DevOps: Keeping relevant and providing value for IT

DevOps is the new normal for rapidly delivering high quality software and, with software as the new face of business, speed and quality can determine success. However, integrating DevOps into your organisation can take some getting used to.

Despite initial challenges, the end result has a huge upside. Once DevOps is embraced and established, continuous testing and continuous release will enable you to confidently provide more...

By Bill Talbot, 18 October 2018, 0 comments. Categories: Developers, DevOps, Infrastructure, Security.

Digital trust: Why enterprise IT compliance matters

Do you wonder, are there significant benefits for building a culture of digital trust? New research has uncovered a direct connection between the cause and effect of bad actors in organisations across the globe. Information technology has many uses, but business leaders must be mindful of compliance.

Twenty-nine percent of employees observed at least one compliance violation at work in 2016 or 2017, according to the latest worldwide market study by Gartner. The survey, which sampled more than 5,000 employees...

By David H Deans, 16 October 2018, 0 comments. Categories: Data & Analytics, Data Management, Enterprise, Security.

Simplifying complex public sector environments through cloud: A guide

Government and public sector organisations continue to seek ways to improve services and mitigate the risk of migrating mission-critical applications to the cloud. Already, many organisations, focused on improving the citizen experience, have set their sights on the cloud. Flexible, agile and affordable, managed cloud can accelerate the agency mission.  Still, CIOs are cautious about which applications to prioritise and what steps they must take to ensure the reality fulfils the promise.

In the US, since...

By Roberto Mircoli, 11 October 2018, 0 comments. Categories: Infrastructure, PublicSector, Security.

How identities are the new security perimeter

  • Privileged credentials for accessing an airport’s security system were recently for sale on the Dark Web for just $10, according to McAfee.
  • 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000, and 24% of employees know of someone who has sold privileged credentials to outsiders, according to a recent Accenture survey.
  • Apple employees in Ireland have been offered as much as €20,000 ($22,878) in exchange for their privilege access credentials in 2016, according to 

By Louis Columbus, 03 October 2018, 1 comment. Categories: Data & Analytics, Data Management, Security, Vulnerabilities.

The importance of APIs in public cloud security: How secure do you think yours are?

The use of the cloud is now mainstream and, despite some concerns, it is generally accepted that the public cloud is not inherently insecure. In fact, in many cases it is more secure than most data centres.

This can be explained when we consider how many opportunities there are for a piece of sensitive information that...

By Jason Macy, 01 October 2018, 0 comments. Categories: Architecture, Developers, Platform, Security, Vulnerabilities.

Five Kubernetes role-based access control mistakes to avoid

If you run workloads in Kubernetes, you know how much important data is accessible through the Kubernetes API—from details of deployments to persistent storage configurations to secrets. The Kubernetes community has delivered a number of impactful security features in 2017 and 2018, including Role-Based Access Control (RBAC) for the Kubernetes API.

RBAC is a key security feature that protects your cluster by allowing you to control who can access specific API resources. Because the feature is relatively...

By Kaizhe Huang, 26 September 2018, 0 comments. Categories: Containers, Data & Analytics, Data Management, Developers, Kubernetes, Security.

Cloud security and small businesses – what you need to know to avoid the pitfalls

Today we work in a world that is increasingly connected, convenient and cloud-based. This comes with a world of benefits not just for enterprises, but also for small to medium sized businesses (SMBs).

It’s now easier than ever to share documents in the cloud, video-conference with colleagues across the world and compile resources so that global teams can quickly access them from shared storage. The downfall,...

By Dirk Morris, 21 September 2018, 1 comment. Categories: Infrastructure, Security, Software, Vulnerabilities.

How the Cloud Security Alliance Cloud Controls Matrix benefits financial institutions

The self-service and dynamic nature of cloud infrastructure creates challenges for risk and compliance professionals. Tools that worked well in the traditional data centre do not translate to the public cloud.  

Due to these concerns over regulatory compliance and security, as well as the complexity involved in replacing legacy systems, financial institutions are taking a more...

By Brian Johnson, 14 September 2018, 0 comments. Categories: Compliance, Data & Analytics, Industry, Security.

Why healthcare providers need Zero Trust Security to boost their digital initiatives

  • 58% of healthcare systems breach attempts involve inside actors, which makes this the leading industry for insider threats today.
  • Ransomware leads all malicious code categories, responsible for 70% of breach attempt incidents.
  • Stealing laptops from medical professionals’ cars to obtain privileged access credentials to gain access and install malware on healthcare networks, exfiltrate valuable data or sabotage systems and applications are all common breach strategies.

These and many other fascinating insights are from 

By Louis Columbus, 11 September 2018, 0 comments. Categories: Applications, Best Practice, Data & Analytics, Data Management, Security.

Tresorit raises €11.5 million in series B funding to help promote secure cloud collaboration

Tresorit, a European provider of cloud security and collaboration software, has announced it has raised €11.5 million (£10.4m) in series B funding to help accelerate growth and scale marketing and sales operations.

The company, which sits in the enterprise file and sync space, offers products focused at the legal, healthcare and HR departments around encrypted storage and secure file sharing, as well as...

By James Bourne, 04 September 2018, 0 comments. Categories: Collaboration, Compliance, Security, Software.

Google Cloud gets up to speed with AWS and Azure with launch of HSM crypto tool

Google Cloud has announced the launch of a managed cloud-hosted hardware security module (HSM) service – joining Amazon Web Services and Microsoft Azure in this security benchmark.

The Cloud HSM will enable customers to host encryption keys and perform cryptographic operations in FIPS 140-2 Level 3 certified HSMs, according

By James Bourne, 22 August 2018, 0 comments. Categories: Compliance, Data Management, Google, Security.

Protecting your company’s crown jewels: Building cloud-based backup and DR into ransomware defence

It’s a sad fact of life that whenever someone owns anything of value, there’s someone else out there who wants to get their hands on it illegally. Today’s corporate crown jewels are the critical data on which organisations depend and the highwaymen are cybercriminals, who have built a lucrative industry from ransomware attacks that disrupt businesses, steal data and aim to extract payment from their victims.

Tackling this scourge is a critical challenge for IT managers on several levels, but...

Alibaba Cloud focuses on Asia Pacific with latest launches – and expands Elasticsearch partnership

It has been another busy week at Alibaba Cloud, with the company’s latest releases focusing on both Asia Pacific and European expansion.

The increased focus on Asia Pacific comes through the launch of no fewer than nine products around cloud architecture, machine learning, the Internet of Things (IoT), and security.

These include PAI, Alibaba Cloud’s proprietary machine...

By James Bourne, 16 August 2018, 0 comments. Categories: Alibaba, Infrastructure, Security.

Risk and finance industry still see cloud as a concern, notes Gartner

Even the slowest industries are moving workloads to the cloud – take risk, audit and finance as an example. Yet there is still plenty more to be done before these verticals become truly comfortable.

That’s according to the latest report from analyst firm Gartner. In the company’s most recent Emerging Risks study, cloud computing remains the primary concern for those in risk and compliance. Cloud was ahead of...

By James Bourne, 15 August 2018, 0 comments. Categories: Infrastructure, Research, Security, Vulnerabilities.

Demytisfying the public or private cloud choice: Compliance, cost, and technical requirements

Every business wants to operate like a tech company today. Companies can’t thrive without improving IT, and executives must decide where to house and process data – under these circumstances, cloud strategies are increasingly nuanced.

A Forrester study found that just 4% of organisations run their applications exclusively in the public cloud today, and 77 percent of organisations are using multiple types of clouds, both on-premises and off-premises.

So do you take the public or private cloud...

By Michael Coté, 13 August 2018, 0 comments. Categories: Compliance, Infrastructure, Private, Public, Security.