Security News
Moving critical data and workloads to the cloud has significantly changed information security teams. Most don't have the resources to be successful in their cloud attack modeling-not to mention the deployment of measurable controls to defend against these evolving attacks.
Attackers typically find exposed "Secrets" - pieces of sensitive information that allow access to an enterprise cloud environment - in as little as two minutes and, in many cases, begin exploiting them almost instantly, highlighting the urgent need for comprehensive cloud security, according to Orca Security. Orca's research was conducted between January and May 2023, beginning with the creation of "Honeypots" on nine different cloud environments that simulated misconfigured resources in the cloud to entice attackers.
Palo Alto Networks held its annual Code to Cloud Cybersecurity Summit Thursday, focusing on cloud, DevOps and security. Recently, Palo Alto Networks' Unit 42 issued a cloud threat report finding that the average security team takes six days to resolve a security alert.
Migrating to the cloud does not alleviate an organization's cyber risk, nor does it transfer the risk to the CSP. Instead, it requires a shared security model where roles and responsibilities are clearly defined. While the shared security model does make some aspects of cloud security easier, managing the risk of exploitation by sophisticated cyber threat actors is not one of them.
China has a playbook to use IP theft to seize leadership in cloud computing, and other nations should band together to stop that happening, according to Nathaniel C. Fick, the US ambassador-at-large for cyberspace and digital policy. The ambassador described China's actions in the telecoms industry as "a playbook" and warned the nation will "Run it in cloud computing they will run it in AI, they will run it in every core strategic technology area that matters."
What's more, orchestration platforms like Kubernetes carry additional security considerations, such as securing a cluster's network and API endpoints, which aren't as visible to traditional security tools. Lastly, with deployments growing in scale and complexity, manual security management becomes impractical and security automation - from threat detection to compliance management - is essential.
The Syxsense Synergy event last week featured a range of analysts, end users and company spokespeople with a central theme of the convergence of endpoint management and security - two areas that have traditionally remained apart. "That's why there is a growing need for the convergence of the security and endpoint management groups within organizations to address attack surface management, vulnerability protection and automated remediation."
The growing adoption of cloud has elevated cloud security fear for IT teams, as they grapple with the challenges and concerns arising from the widespread use of complex cloud environments while diligently addressing them, according to SUSE. Cloud security fear is growing. Data stores as top cloud security concern: 31% of respondents named data stores hosted by cloud or third parties as their top cloud security concern.
Amid an industry migration away from passwords, Okta has launched Okta Device Access, part of its suite of Workforce Identity Cloud products and an effort to unify passkey access across all devices under a single identity and access management platform. Designed to extend identity access management to the point of device login, the Okta Device Access service is also meant to reduce the likelihood that users, faced with the aggravation of having to wrangle repeatedly with logins for each device, will jettison security protocols.
The Associated Press reported that in response to its inquiries about the cause of the outage, Microsoft admitted that Anonymous Sudan and DDoS orchestrated by the group were the cause of the outages. The post that the AP claims is Microsoft's admission of succumbing to Anonymous Sudan doesn't mention the source of the DDoS - but does state: "Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.".