Realising the impact of unsecured container deployments: A guide

A recently published report by StackRox on the state of containers and Kubernetes security has revealed the statistics related to security concerns in data centres with containerised workloads. 94% of respondents out of 540 IT and security professionals who participated in the survey had experienced security incidents in the last 12 months. Misconfigurations and human errors were the...

By Sagar Nangare, 20 March 2020, 0 comments. Categories: Containers, Data Centres, Developers, Kubernetes, Security, Vulnerabilities.

Five key takeaways from RSA Conference 2020: Cloud SIEM, Zero Trust, API-based security, and more

Bottom line: Passwordless authentication, endpoint security, cloud-native SIEM platforms, and new API-based data security technologies were the most interesting tech developments, while keynotes focusing on election security, industrial control systems’ vulnerabilities and the persistent threat of state-sponsored ransomware dominated panel discussion.

This year’s RSA Conference was held February 24 to 28 in San Francisco’s Moscone Center, attracting more than 36,000 attendees, 704 speakers, and 658...

Google Cloud bolsters security offerings at RSA – as Thales report warns of more breaches

Google Cloud has beefed up its security offerings to include greater threat detection, response integration, and online fraud prevention.

The news, announced at the RSA Conference in San Francisco, focused predominantly on enterprise security product Chronicle, which was ‘acquired’ by Google Cloud last year having been a bet of the...

By James Bourne, 25 February 2020, 0 comments. Categories: Data Loss, Data Management, Google, Infrastructure, Security, Vulnerabilities.

Human error and misconfigurations primary source of Kubernetes security snafus, report says

StackRox, a provider of cloud-native, container and Kubernetes security, warned in its previous report that the security implications for Kubernetes were beginning to spill over to adoption – and the release of its updated winter study have proved the company right.

The paper, the winter edition of its State of Container and Kubernetes Security Report, was put together alongside 451 Research and polled more than 500 industry...

By James Bourne, 21 February 2020, 0 comments. Categories: Containers, Data Loss, Developers, Kubernetes, Legal, Platform, Research, Security, Vulnerabilities.

Netskope secures $340m in funding at $3bn valuation to further cloud security mission

Cloud security provider Netskope has announced the closure of a $340 million (£263m) investment on a valuation of almost $3 billion.

The move represents the seventh funding round for the Santa Clara-based company, taking its total funding to more than $740m. Netskope’s most recent funding was a series F round

By James Bourne, 07 February 2020, 0 comments. Categories: Data & Analytics, Data Management, Economy, Security, Vulnerabilities.

The top 10 cybersecurity companies to watch in 2020: How AI and ML is a key differentiator

  • Worldwide spending on information security and risk management systems will reach $131bn in 2020, increasing to $174bn in 2022 approximately $50bn will be dedicated to protecting the endpoint according to Gartner’s latest information security and risk management forecast
  • Cloud security platform and application sales are predicted to grow from $636m in 2020 to...

By Louis Columbus, 05 February 2020, 0 comments. Categories: Data & Analytics, Data Management, Security, Software, Vulnerabilities.

Organisations struggling with sensitive cloud data as they shun security-first approach

Corporate data may be reaching a tipping point in the cloud – but security policies are yet to follow it.

That is the key finding from a new report by security provider Thales. The study, which was put together by the Ponemon Institute and which polled more than 3,000 IT and IT security practitioners across eight countries, found that while almost half (48%) of corporate data was in the cloud, less than a third (32%) of...

By James Bourne, 10 October 2019, 0 comments. Categories: Data & Analytics, Data Management, Research, Security, Vulnerabilities.

Eradicate human error and make your cloud implementation a picnic

Sunshine, sandwiches, scenic views, and not a care in the world besides the occasional wasp. Everyone loves a picnic.

Unfortunately, the same cannot be said for PICNIC, an enduring acronym in IT circles standing for Problem In Chair, Not In Computer. The term, dating back to the 1980s, was first employed by frustrated IT professionals weary of dealing with computer problems arising from user error rather than any actual issues with the...

By Matt Lock, 08 October 2019, 0 comments. Categories: Data Loss, Data Management, Infrastructure, Security, Vulnerabilities.

Three reasons why killing passwords will improve your cloud security

By Louis Columbus, 27 September 2019, 0 comments. Categories: Data Management, Security, Software, Vulnerabilities.

How does privileged access security work on AWS and other public clouds?

Bottom line: Amazon’s Identity and Access Management (IAM) centralises identity roles, policies and Config Rules yet doesn’t go far enough to provide a Zero Trust-based approach to Privileged Access Management (PAM) that enterprises need today.

AWS provides a baseline level of support for Identity and Access Management at no charge as part of their AWS instances, as do other public cloud providers. Designed to provide customers with...

By Louis Columbus, 27 August 2019, 0 comments. Categories: Amazon, Data Management, Infrastructure, Public, Security, Vulnerabilities.

Cloud Security Alliance publishes ‘egregious 11’ list of top threats to the cloud

If one other thing besides death and taxes is certain, it is that cloud security will remain a key talking point. Whose responsibility is it exactly – and why does the shared responsibility model continue to cause havoc?

Some areas however can be nailed down much more solidly. The Cloud Security Alliance (CSA) has issued what it calls the ‘egregious 11’ in its latest report, giving organisations an up-to-date...

By James Bourne, 19 August 2019, 0 comments. Categories: Architecture, Infrastructure, Research, Security, Vulnerabilities.

What’s in your cloud? Key lessons to learn after the Capital One breach

The lack of visibility into the expanded cloud attack surface is a fast-growing problem that is only getting worse. Although we have seen misconfigurations in the cloud before, the Capital One breach is a sobering reality check for the security industry. We need to vastly improve threat detection and response in cloud environments.

The attack behaviours associated with the Capital One breach that occurred in March 2019 are...

By Chris Morales, 16 August 2019, 0 comments. Categories: Amazon, Data Management, Security, Vulnerabilities.

Skybox and Zscaler team up for stronger cloud firewall integration

If there is one thing safer than a cloud security provider, it is two cloud security providers – in theory, at least. Zscaler and Skybox Security are coming together to connect two of their products for greater end-to-end protection.

The two companies will combine Zscaler’s Cloud Firewall product with the Skybox Security Suite, which encompasses visibility, vulnerability control, as well as firewall and network...

By James Bourne, 05 August 2019, 0 comments. Categories: Data Management, Security, Vulnerabilities.

McAfee notes gap between cloud competence and transformation – with CASBs key to success

It is another case of mind the gap, according to McAfee: while the vast majority of companies are seeing some level of business acceleration through their cloud initiatives, only a fraction are exploiting its full potential.

The security provider has released a special edition of its Cloud and Risk Adoption Report, which polled 1,000 enterprise organisations worldwide alongside collating data from anonymised cloud events across its...

By James Bourne, 21 June 2019, 0 comments. Categories: Data & Analytics, Infrastructure, Research, Security, Vulnerabilities.

How to prevent AIOps from becoming just another cog in the machine

Over the past few years, companies have been rapidly transitioning to dynamic, hybrid cloud environments in a bid to keep up with the constant demand to deliver something new. However, while the cloud provides the agility businesses crave, the ever-changing nature of these environments has generated unprecedented levels of complexity for IT teams to tackle.

Traditional performance management strategies have been stretched to...

How leveraging APIs will help to enable comprehensive cloud security

Cloud computing has utterly transformed the IT industry, requiring organisations to make fundamental changes to how they design, deploy, manage and optimise their security strategy. Many organisations, however, are simply using the same security model they have relied on for over a decade in their traditional networks to the cloud. But true cloud security requires more than deploying isolated cloud-enabled network security tools to protect cloud-based resources.

The future...

By Lior Cohen, 24 May 2019, 0 comments. Categories: Data & Analytics, Developers, Security, Vulnerabilities.

Cloud providers are under attack - and sabotaged services will freeze operations

Over the next two years, cloud service providers will be systematically sabotaged by attackers aiming to disrupt critical national infrastructure (CNI) or cripple supply chains. Organisations dependent on cloud services will find their operations and supply chains undermined when key cloud services go down for extended periods of time.

Nation states that engage in a digital cold war will aim to disrupt economies and take down CNI by sabotaging cloud infrastructure through traditional physical attacks or by...

Do cryptographic keys belong in the cloud?

Thanks to the cloud, organisations of all sizes can enjoy scalability, ease of use, and significant savings by outsourcing hardware and software ownership and maintenance in multi-tenant environments. Medium-sized companies no longer have to pay to build their own infrastructure, which makes the cloud especially appealing to this market.

However, the cloud still suffers from security issues....

By Brian Jenkins, 24 January 2019, 0 comments. Categories: Data & Analytics, Security, Vulnerabilities.