Security News
Attackers have seized on vulnerabilities in these environments, creating more work and larger budgets for security teams. The hybrid workforce reality is causing greater concerns with data leakage, ransomware and attacks through remote access tools and cloud services.
Get lifetime access to 2TB of cloud storage for just $49 We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. Everybody needs safe, secure and reliable cloud storage.
Over the past several years, we have seen more and more examples of vulnerabilities in cloud assets, cloud service provider outages, sensitive data disclosure, and breaches involving the use of public cloud environments. The 2021 Data Breach Investigations Report from Verizon, released in the second quarter of 2021, noted that compromised external cloud assets were more common than on premises assets in both incidents and breaches.
Bridgecrew by Prisma Cloud is the codified cloud security platform built to bridge the gap between DevOps and security teams. Powered by automation, Bridgecrew empowers teams to find, fix, and prevent vulnerabilities, misconfigurations, and license compliance issues in source code, containerized applications, and infrastructure as code.
Security and compliance rank as the top challenges for deploying cloud-native apps. Tigera's State of Cloud-Native Security report is based on a survey of 304 security and IT professionals from around the world.
Dell is partnering with high-profile cloud-based data analytics vendor Snowflake to enable organizations to take the data they're keeping in their data centers in Dell object storage and run it in Snowflake's Data Cloud while keeping the data on premises or copying it to the public cloud, an important capability for companies with data sovereignty or privacy concerns who can't freely move it around. In another move to bridge the gap between data stored in central data center and in public clouds, Dell at the show is demonstrating how its block and file storage platforms can run in public clouds and how companies can buy the software as a managed service via cloud credits.
"Kubernetes attacks are actually quite common, especially given how popular the container orchestration software is," said Trevor Morgan, product manager at comforte AG. "The array of threats to Kubernetes environments is quite broad.". As an example of how popular targeting vulnerable cloud infrastructure has become, Akamai security researcher Larry Cashdollar recently set up a simple Docker container honeypot, just to see what kind of notice it might attract from the wider web's cadre of cyberattackers.
The mad dash to set up shop in the cloud can sometimes lead to stormy weather: There are, after all, beaucoup security challenges hidden behind the cloud's promise of blue skies. As Prevailion CTO Nate Warfield enumerates, cloud marketplaces "Are rife with pre-built virtual machine images containing unpatched vulnerabilities, overly permissive firewall settings, and even malware and coin miners. Cloud providers don't take a proactive stance towards breach and compromise monitoring and, in many cases, won't even pass on notifications to their customers which they have received from external researchers."
The report reveals that while analysts expect a sharp rise in cloud-native development globally, 53% of respondents still don't know much about it. "Our research reveals that most businesses don't know enough about cloud-native's challenges and don't have the staff to successfully implement it. The answer lies in high-performance low-code tools that can help speed and simplify the path forward and dramatically improve the way they build and manage apps for the future."
MITRE, the non-profit organization behind the CVE system, does not designate CVE IDs for security issues deemed to be the responsibility of cloud providers. The assumption is that cloud providers own the problem, and that assigning CVEs that are not customer-controlled or patched by admins falls outside of the CVE system purview.