Security News

While 93% of CIOs expect an increase in IT budgets for 2023, 83% of them are feeling pressured to stretch their budgets even further than before, with a focus on managing cloud costs more efficiently and addressing the growing issue of technical debt, according to SoftwareOne. 38% said the accumulation of this debt is largely because of rushed cloud migrations during the pandemic, with 31% failing to optimize their workloads before commencing the migration process.

We're now making cloud security automation easier for you by releasing CIS hardening components in EC2 Image Builder on Amazon Web Services. Our CIS hardening components help give you more options for building a golden image, especially when you need to automate your image creation process.

Over 60% of organizations have been operating in a cloud environment for three or more years, but technical complexities and maintaining comprehensive security still hamper their cloud migration efforts, according to the 2023 State of Cloud-Native Security Report. In the report, the ideal cloud security solution is scalable and able to handle immediate security needs and additional use cases as the company expands cloud applications and uses.

Cloud adoption has had significant effects on data classification, minimization, and end-of-life data disposal. Just 55% of organizations can boast a mature data classification model that determines when data has reached EOL-meaning that nearly half fall short when it comes to determining when to dispose of cloud-stored data.

Skies are overcast for cloud security With defenders' scanning for malware, data extraction is easier Zero trust key to malware-free insurgency Worldwide growth in hacktivists, nation-state actors and cybercriminals A rogues' gallery of jackals, bears and other adversaries Versatility key to cloud defenders and engineers Skies are overcast for cloud security. Cloud exploitation increased three-fold, with threat actors focused on infiltrating containers and other components of cloud operations, according to Adam Meyers, senior vice president of intelligence at CrowdStrike.

Cloud workload security is a practice that ensures all cloud workloads are adequately monitored and protected. Cloud security solutions assist in protecting against threats targeting cloud infrastructure thereby lowering risk, improving application reliability, and ensuring regulatory compliance.

Malicious actors can take advantage of "Insufficient" forensic visibility into Google Cloud Platform to exfiltrate sensitive data, a new research has found. "Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic investigation, making organizations blind to potential data exfiltration attacks," cloud incident response firm Mitiga said in a report.

Attackers can exfiltrate company data stored in Google Cloud Platform storage buckets without leaving obvious forensic traces of the malicious activity in GCP's storage access logs, Mitiga researchers have discovered. "In normal usage, files inside storage objects are read multiple times a day as part of day-to-day activity of the organization," Mitiga cloud incident responder Veronica Marinov noted.

An advanced hacking operation dubbed 'SCARLETEEL' targets public-facing web apps running in containers to infiltrate cloud services and steal sensitive data. While the attackers deployed cryptominers in the compromised cloud environments, the hackers showed advanced expertise in AWS cloud mechanics, which they used to burrow further into the company's cloud infrastructure.

After working strictly in the cloud with industry-leading enterprises for the past six years, I've seen it all and can sympathize with CISOs facing cloud security challenges. The overall risk level in key areas such as cloud security posture management, cloud infrastructure entitlement management, cloud workload protection platform and data are considered "High"' While a few organizations were at only a "Medium" level in some areas, none were at "Low" risk.