Security News
Update: A Threat Actor claims to have completely compromised Uber - they have posted screenshots of their AWS instance, HackerOne administration panel, and more. Bug hunter Sam Curry claims to have heard from an Uber employee.
In this whitepaper we describe the various CSP security offerings and provide a framework for data protection with a set of strategic selection criteria. In relation to the "Big Three" CSPs-Amazon Web Services, Google Cloud Platform, and Microsoft Azure-we make an attempt to objectively reflect on what their data security services entail, based on discussions with CSPs and the published documentation made publicly available by the CSPs. It also outlines what enterprises should be aware of prior to consuming these services in the context of their belated yet increasing capabilities in the data-centric security space.
Laminar released findings from its 2022 Security Professional Insight Survey conducted at AWS re:Inforce in July 2022 and Black Hat in August 2022. The research revealed gaps in organizations' defenses that security teams will want to proactively address to reduce their risk of data exposure.
Couchbase announced findings from industry research examining the challenges faced by development teams amid the race to the cloud and to execute on digital transformation initiatives. "The modern business depends on the developer and development agility more than ever before. Development teams are not assisting the business, they are leading it to new frontiers through digital transformation. That's why they need to be given the right resources: be it cloud-based infrastructure, CI/CD friendly tooling and the right training. This is what will ensure success in these times of product-led transformation and growth."
Google closed its $5.4 billion Mandiant acquisition today in a move that brings the threat intel and incident response giant under the Google Cloud umbrella. Six months and one shareholder lawsuit later, the two companies' combined services and products help customers shift to a "More proactive approach" to security operations, according to Google Cloud CEO Thomas Kurian.
A Netwrix survey revealed that 47% of educational institutions suffered a cyberattack on their cloud infrastructure within the last 12 months. For 27% of them, incidents in the cloud were associated with unplanned expenses to fix security gaps.
Organizations continue to shift workloads to the cloud at a rapid pace to achieve faster time to market, increased responsiveness, and cost reductions. With the majority of organizations expected to have more than half their workloads in the cloud within the next 12-18 months, it is no surprise that cloud security continues to remain a top concern.
Organizations are struggling to sufficiently secure new cloud environments implemented during the pandemic, while maintaining legacy equipment and trying to adapt their overall security strategy to the evolving landscape, according to a Proofpoint study released in collaboration with The Cloud Security Alliance reveals. This Help Net Security video highlights how organizations adopt cloud infrastructures to support their remote and hybrid work environments.
65.1% of respondents said they currently have data resident in the public cloud. With public cloud adoption having a compound annual growth rate of nearly 26%, it's surprising that respondents haven't yet hardened data security for these assets.
During AWS re:Inforce, Amazon executives emphasized how important access control is when it comes to cloud security and why IT leaders need to ask who has access to what and why. The executives emphasized the importance of enabling multi-factor authentication and blocking public access, with Kurt Kufeld, vice president of AWS platform, going as far as to say it "Will absolutely save lives."