Security News

As cloud adoption pervades, one of the bigger security and privacy challenges for cloud service customers is having to relinquish a significant amount of control and ownership of their data and infrastructure to cloud service providers. Every CSP will implement security differently and every cloud model will have varying degrees of security control ownership, which is why it might be difficult for them to meet all security requirements.

Survey findings highlighted that, while M&E organizations are still relatively new to cloud storage, public cloud storage use is on the rise, with 89% of respondents looking to increase or maintain their cloud services. "The media and entertainment industry is a key vertical for cloud storage services, driven by the need for accessibility to large media files among multiple organizations and geographically distributed teams," said Andrew Smith, senior manager of strategy and market intelligence at Wasabi Technologies, and a former IDC analyst.

A new security flaw has been disclosed in the Google Cloud Platform's Cloud SQL service that could be potentially exploited to obtain access to confidential data. "The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition to customer data," Israeli cloud security firm Dig said.

5G encompasses robust security features that guarantee confidentiality, integrity, and availability of network services and user data. Essential 5G security methods and technologies include encryption, privacy protection, authentication and authorization, network slicing, and network equipment security assurance.

TechRepublic Premium Bring your own device policy PURPOSE The purpose of this Bring your own device policy from TechRepublic Premium is to provide requirements for BYOD usage and establish the steps that both users and the IT department should follow to initialize, support and remove devices from company access. These requirements must be followed as documented in order to protect company systems .....

The presence of each third-party application increases the potential for attacks, particularly when end users install them without proper oversight or approval. IT security teams face challenges in obtaining comprehensive knowledge about the apps connected to their corporate SaaS platforms, including their permissions and activities.

AppSec teams are stuck in a catch-up cycle, unable to keep up with the increasingly rapid, agile dev pace, and playing security defense via an endless and unproductive vulnerability chase, according to Backslash Security. Far and wide, enterprises are victims of this costly 'defensive tax:' the cost of employing AppSec engineers who chase vulnerabilities rather than drive a comprehensive cloud-native AppSec program is estimated to be upwards of $1.2 million annually.

IBM continues to expand its cloud offerings with Hybrid Cloud Mesh, a software-as-a-service platform meant to give DevOps and CloudOps teams more fine-grained control over application connectivity between clouds. Hybrid Cloud Mesh takes advantage of the recent acquisition of network automation company NS1. Hybrid Cloud Mesh will be available later in 2023, IBM said, and ut is currently part of an early access program.

In an effort to grow its hybrid cloud and artificial intelligence capabilities, IBM announced on Tuesday that it was acquiring Polar Security, an Israel-based company specializing in data security posture management. A 2023 study by Gartner, looking at DSPM functions and capabilities, reported that DSPM solutions are getting savvier at uncovering data repositories and identifying their exposure risk, thanks to their ability to use data lineage to "Discover, identify and map data, across structured and unstructured data repositories, that relies on integrations with, for example, specific infrastructure, databases and CSPs.".

TechRepublic spoke with Ankur Shah, SVP and general manager of Prisma Cloud, about what cloud security means and how IT pros and decision makers should think beyond the traditional cybersecurity playbook when it comes to cloud security. Ankur Shah: Before the cloud, security was like a house with one front door, a camera and a security guard: one level of security and you're good to go.