Security News

The Council's inaugural Cloud Data Management Benchmark Report, based on responses from more than 250 data professionals in more than 30 countries across the globe, found that less than half of the companies it polled trust cloud security and reliability enough to store their more crucial data there. The EDM Council benchmark study found that among the companies polled, cloud data management is still in the early stages, with respondents characterizing the status of their data management for cloud-deployed data in "Developmental" or "Defined" stages and few at the "Achieved" or "Enhanced" stages of maturity.

Cybersecurity researchers have unearthed an attack infrastructure that's being used as part of a "Potentially massive campaign" against cloud-native environments. "This infrastructure is in early stages of testing and deployment, and is mainly consistent of an aggressive cloud worm, designed to deploy on exposed JupyterLab and Docker APIs in order to deploy Tsunami malware, cloud credentials hijack, resource hijack, and further infestation of the worm," cloud security firm Aqua said.

Thales cloud security study shows that 79% of organizations have more than one cloud provider and 75% of companies said they store at least 40% of their sensitive data in the cloud. While Thales, in its 2023 Cloud Security Study, found that well over a third of businesses experienced a data breach in their cloud environment last year versus 34% in 2021, organizations are increasingly caching sensitive data in multiple cloud environments.

To overcome these challenges, IT organizations are turning to hybrid solutions to leverage the benefits of the cloud and the mainframe. An astounding 93% of respondents strongly agree with the sentence, "I believe my organization needs to embrace a hybrid infrastructure model that spans from mainframe to cloud."

Since cloud security implies a shared responsibility between the customers and the cloud provider, IT teams and decision-leaders must have a clear understanding of the types of cloud services more vulnerable to cyberattacks. Another security consideration that emerges when businesses are moving their information system to the cloud is identifying the cases where the risks outweigh the rewards.

Asia In Brief Japan's government last Friday rebuked Fujitsu for shabby cloud security. Fujitsu operates a cloud called "FENICS" and in February 2023 admitted that in December 2022 it had detected network misconfigurations that allowed unauthorized remote access to the service.

Findings in network intelligence firm Gigamon's Hybrid Cloud Security Survey report suggest there's a disconnect between perception and reality when it comes to vulnerabilities in the hybrid cloud: 94% of CISOs and other cybersecurity leaders said their tools give them total visibility of their assets and hybrid cloud infrastructure, yet 90% admitted to having been breached in the past 18 months, and over half fear attacks coming from dark corners of their web enterprises. Key to understanding hybrid cloud security Must-read security coverage Google offers certificate in cybersecurity, no dorm room required The top 6 enterprise VPN solutions to use in 2023 EY survey: Tech leaders to invest in AI, 5G, cybersecurity, big data, metaverse Electronic data retention policy.

Although numerous respondents acknowledged employing risky practices and behaviors within their cloud environments, they strongly believe in the effectiveness of their security tools and processes to safeguard their organizations against meticulously planned attacks, according to Permiso. The survey assessed both the respondents cloud security practices and the scale of their environment, including the number of identities and secrets they manage, response time to an attack, the different methods of access into their environment, and the types of solutions they utilize to help secure their environments.

Sponsored Post Imagine if you could get instant advice on how to protect your cloud infrastructure against cyber threats from some of the world's best cloud security experts without leaving the comfort of your chair. Starting at 11 am UTC on Friday 18th August, the SANS Cloud Security Exchange 2023 is a free and virtual event that brings together cloud security experts from AWS, Google Cloud, Microsoft Azure and the SANS Institute onto one digital stage.

Moving critical data and workloads to the cloud has significantly changed information security teams. Most don't have the resources to be successful in their cloud attack modeling-not to mention the deployment of measurable controls to defend against these evolving attacks.