Security News
A report released Wednesday by security provider IBM X-Force describes the types of threats that impact cloud security and how companies can better protect their cloud-based assets. Based on a survey of senior business and IT professionals, IBM's "2020 Cloud Security Landscape Report" found that while the cloud can empower certain business and technology capabilities, the type of ad-hoc management of cloud resources is causing increased complexity for IT and security staffs.
YouAttest, an innovator in the Identity Governance & Administration market, announced the general availability of YouAttest's Identity Compliance Solution, the first cloud-based tool which automates reporting and auditing services for Okta's Identity Cloud. YouAttest has joined the Okta Integration Network and its ICS products have completed certification with the Okta SSO and security methodology.
SecureTrust, a division of Trustwave, announced SecureTrust PCI Manager, a cloud-based platform delivering Payment Card Industry compliance validation and enhanced risk mitigation for acquiring banks and merchant service providers. "SecureTrust PCI Manager helps our merchants achieve PCI compliance through a process that drives accuracy and is less time consuming, giving our merchants more time to focus on growing their business and enhancing the customer experience," stated Robyn Mitchell, chief compliance officer at North American Bancard.
Cloud adoption has grown at an astonishing rate, providing organizations with the freedom to store data in numerous cloud applications that meet their specific business demands. While utilizing these cloud apps provides flexibility and cost savings, it also can allow sensitive data to be exposed.
Google this week announced the availability of a cloud-based solution meant to help work-from-home employees securely access enterprise resources. The newly launched BeyondCorp Remote Access is based on a zero-trust model and provides employees with the ability to remotely access internal web apps from almost any device, from anywhere, even without the use of a VPN. "Over time, we plan to offer the same capability, control, and additional protections for virtually any application or resource a user needs to access," Google says.
The DHS is partnering with BlueRISC Inc to develop Cloud-based Root-of-Trust technology to keep agency email separate and secure on corporate-owned, personally enabled devices, even when the user operates personal email from the same device. "The EPRIVO Enterprise 2.0 email system ensures the confidentiality of email in transit, in cloud storage at an email service provider, and when stored on the mobile device, providing both physical and cryptographically based protections," said Kris Carver, BlueRISC Technical Director.
IDERA, a provider of powerful database productivity tools, announced an expanded portfolio of cloud-based database and workload management solutions for SQL Server. SQL Inventory Manager to automatically discover, track, and manage SQL Server inventory and perform health checks, including SQL Server in the cloud.
Echoworx, the industry leader in message encryption, unveiled enhancements to its OneWorld cloud-based security platform with the addition of user-centric two-factor authentication, enabling enterprises of all sizes to adopt best-in-class security protocols while improving user experience. "Enterprises, customers and employees want the enhanced security that multi-factor authentication provides," said Chris Peel, Echoworx Vice President Customer Engineering.
Infoblox, the leader in Secure Cloud-Managed Network Services, announced new updates to its Network Identity Operating System platform, adding the ability to monitor NIOS via the cloud-based BloxOne platform, as well as improving performance and simplifying network monitoring for NIOS users. This latest update enables organizations to deploy robust, manageable and cost-effective DNS, DHCP and IP address management services to networks of any size, while providing a bridge to innovative, cloud-based networking services and IT management solutions.
WAF is not a new technology and has been around for a while now, where many organizations have some form of WAF deployed. Static WAF rules in traditional WAF do not provide visibility to application vulnerabilities, nor do they provide complete protection when it comes to the everchanging threat landscape.