Security News

An automated and large-scale 'freejacking' campaign abuses free GitHub, Heroku, and Buddy services to mine cryptocurrency at the provider's expense. The operation relies on abusing the limited resources offered to free-tier cloud accounts to generate a tiny profit from each free account, which, when combined, becomes something more significant.

One answer for law enforcement agencies is to switch from on-premises systems to those that are cloud-native. The team overseeing an on-prem server at a local law enforcement agency must be concerned about a seemingly endless list of threats, weaknesses and vulnerabilities, ranging from floods to temperature variations and malware to denial of service attacks.

Sponsored Post Shifting workloads and applications to the cloud is on every forward-thinking CIO's wish list. The cloud first popped up on the IT agenda over a decade ago, yet fears around regulatory compliance, governance and cybersecurity still linger.

What about when data is being actively processed in memory, especially today when systems are typically shared or even operated by a third party like a public cloud provider? So protecting and creating confidentiality for data in use is sort of a new frontier, and that's what we're calling Confidential Computing. If you think about a multi-tenant cloud environment for example, where sensitive data is meant to be kept isolated from other privileged portions of the system stack.

The steady migration of applications and infrastructure out of in-house data centres and server farms and into the cloud looks unstoppable at this moment in time. The cloud offers all sorts of potential advantages around flexible procurement, resource utilisation, cost and scalability, but it still has work to do on data security.

A hybrid cloud is a cloud computing framework where private cloud, on-premises infrastructure and public cloud blend to serve as a single computing ecosystem. With the public cloud being a major target for hackers, organizations can save their enterprise by adapting quality security practices they deem necessary to their private cloud without losing the gains of the public cloud.

At this week's event, Google presented its latest solutions as it tries to overtake Amazon and Microsoft in the cloud market. The post Google Next ’22: A new era of built-in cloud services...

Microsoft is rolling out its usual host of cloud security features and services at this week's Ignite 2022 conference, with the focus on what's happening in and outside the firewall. Protecting against sensitive information being shared by teams is also a theme, according to the show briefing, although some of the newly-announced security features have been previewed with Redmond Microsoft 365 E5 license users.

"As a result the data is not readable by human admins as well as the cloud providers' hypervisors, other tenants or the operating system. So you no longer have to trust the cloud provider's security even if they were corrupted and intentionally malicious." Intel SGX offers an additional layer of beyond data and application isolation inside the TEE. The remote attestation function verifies that a cloud user's SGX-enabled application can be trusted.

Cloud security plays a key role in this transition and journey to cloud, and it involves examining an organization's data processing and storage practices to outline unique strategies for protecting data. Using the best cloud security practices is essential for any organization because of the severe reputational consequences of not doing so.