Jetstack unveils industry-first software supply chain security toolkit

Links of a rusty chain.

Jetstack, a Venafi company and specialist in cloud native, open source and strategic consulting services, has announced the availability of an easy-to-use, interactive and comprehensive toolkit for securing modern software supply chains.

The visual, web-based resource is available to everyone and is designed to help organisations evaluate and plan the crucial steps they need to tackle effective software supply chain security. Software supply chain security has become an...

Aqua Security creates first unified scanner for cloud native security

A padlock on a shed.

Aqua Security, a pure-play cloud native security provider, has unveiled multiple updates to Aqua Trivy, which it says makes it the world’s first unified scanner for cloud native security.

Consolidating multiple scanning tools into a single tool, it is now the most comprehensive vulnerability and misconfigurations scanner for cloud native applications and infrastructure. Trivy is also being integrated into the Aqua Platform as Trivy Premium, through which customers can take...

Cisco releases its Cloud Controls Framework to the public

Cisco building in Amsterdam.

Cisco has released the Cisco Cloud Controls Framework (CCF) to the public.

The Cisco CCF is a comprehensive set of international and national security compliance and certification requirements, aggregated in one framework. It empowers teams to make sure cloud products and services meet security and privacy requirements thanks to a simplified rationalized compliance and risk management strategy, saving significant resources.

Meeting the fast-evolving requirements for...

Evolution of cybercriminals’ attacks on cloud native environments revealed

A graphic of a padlock.

Attackers are finding new ways to target cloud native environments, according to Nautilus, the threat research team of cloud native security provider, Aqua Security.

The team's latest research shows that adversaries are adopting more sophisticated techniques, leveraging multiple attack components, and shifting attention to Kubernetes and the software supply chain. The “2022 Cloud Native Threat Report: Tracking Software Supply Chain and Kubernetes Attacks and Techniques”...

Cloud-native adoption shifts security responsibilities across teams

A padlock on a keyboard.

Cloud-native and open-source are booming with IT decision makers (97%) and developers (96%) stating that their organisations plan to expand use over the next 12 months.

With this increase in use comes a greater need for security due to rising compliance regulations and ever-evolving cyberattacks. Both parties stated that they have high confidence in their organisations’ ability to manage security for cloud-based applications, with 97% of IT decision-makers and 96% of developers...

Andrew Egoroff, ProcessUnity: On the increased cybersecurity threat and mitigating risks

Cloud Tech caught up with Andrew Egoroff, Senior Cybersecurity Specialist at ProcessUnity, to discuss the increased threat around the Russia-Ukraine crisis and how to mitigate risks from third parties.

A business can implement excellent internal cybersecurity measures, but a slip-up from a third-party vendor can have devastating consequences. ProcessUnity specialises in helping businesses determine what vendors carry the lowest risk.

“We try and evangelise the...

Misconfiguration was the number one cause of cloud-security incidents in 2021

As organisations continue to adopt the cloud, with 35% running more than 50% of their workloads on the likes of Azure, AWS and GCP, they struggle to manage the complexity of securing their cloud infrastructures across multiple cloud platforms, while also suffering a cyber-skills and knowledge shortage.

This is one of the key findings from the 2022 Cloud Security Report from cybsersecurity solutions provider Check Point Software Technologies.

The global report, based on a...

Majority of malware downloads come from cloud apps

Computer code in the shape of a skull.

More than two-thirds of malware downloads came from cloud apps in 2021, according to a study by Netskope, a secure access service edge (SASE) specialist, titled Cloud and Threat Spotlight: January 2022. 

The research highlights the continued growth of malware and other malicious payloads delivered by cloud applications. The year-over-year analysis identifies the top trends in cloud attacker activities and cloud data risks from 2021 as compared to 2020, and examines changes in the...

Head in the clouds: Securing a path to the cloud for your business

A mountain pathway through clouds.

The International Data Corporation (IDC) has dubbed 2021 The Year of the Multicloud, and with good reason.

Even prior to the pandemic, the market for cloud tools was broadening and becoming increasingly complex, giving businesses a lot to think about as they started to ramp up their digital transformation efforts. For small to medium-sized businesses in particular, the path to the cloud can often seem like a series of daunting hurdles with difficult questions to answer at...

Most businesses are not protecting their sensitive data in the cloud

A padlock on a keyboard.

As many as 40% of organisations have experienced a cloud-based data breach in the past 12 months. 

Despite increasing cyber-attacks targeting data in the cloud, the vast majority (83%) of businesses are still failing to encrypt half of the sensitive data they store in the cloud, raising even greater concerns as to the impact cyber criminals can have.

These details have been unveiled in the 2021 Thales Global Cloud Security Study, commissioned by Thales and conducted...