Security News

SecurityWeek will host its 2021 Cloud Security Summit virtual event on Wednesday, July 21, 2021. Through a fully immersive virtual environment, attendees will be able to interact with end users tasked with securing various cloud environments and services, and gain insights from leading solution providers and industry experts.

While there are many different encryption techniques, none are completely secure, and the search continues for new technologies that can counter the rising threats to data privacy and security. In a recent study published in KeAi's International Journal of Intelligent Networks, a team of researchers from India and Yemen describe a novel, two-step cryptography technique - the first to combine genetic technology with mathematical technique.

Register for this upcoming webinar to learn how to reduce risk with integrated endpoint-to-cloud security. Currently, security from endpoints to the cloud involves multiple standalone tools that solve specific problems.

Cloud security is critically important for organizations across the globe as adoption of cloud infrastructure continues to grow at a rapid clip. The shift toward the cloud is unstoppable, and inevitably, it's driving soaring demand for skilled security professionals, according to GIAC. Demand for specific cloud security skills is far outpacing the broader demand for cybersecurity skills, according to Burning Glass.

OpsCompass announced the results of a report it conducted on cloud security posture and management challenges. "Operations teams are managing increasingly complex cloud infrastructure and are hyper-concerned about misconfigurations and configuration drift resulting in security gaps and potential breaches. Our goal with this report is to assess what teams are experiencing today, understand their concerns, and drive conversations to improve cloud security."

Deloitte announced its acquisition of substantially all the assets of CloudQuest, a cloud security posture management provider based in Cupertino, Calif. The deal will bolster Deloitte's existing cloud cybersecurity offerings with CloudQuest's cloud-native security capabilities to more seamlessly manage security workflows, reduce risk and improve data security. "While the global pandemic slowed some things, it didn't slow cloud migration or cloud reliance for the vast majority of organizations," said Vikram Kunchala, Deloitte Risk & Financial Advisory Cyber Cloud leader and principal, Deloitte & Touche LLP. "As organizations work to build or advance their security postures for cloud or hybrid-cloud environments, we're expanding and diversifying our services and solutions portfolio to help our clients continuously monitor, prevent and remediate security threats."

The Cloud Security Alliance released an update to its Consensus Assessment Initiative Questionnaire, a set of questions that allow cloud consumers and auditors to ascertain a cloud service provider's compliance with the Cloud Controls Matrix. With CAIQv4, users can showcase additional accountability and transparency regarding their security and privacy practices, providing additional value for both cloud service providers and customers.

That's why last December we were one of the first in the world to launch support for the Intel SGX encryption standard in our public cloud. This technology dramatically enhances data protection with built-in cloud management tools from Intel.

There, an Amazon Web Services cloud vulnerability, compounded by Capital One's own struggle to properly configure a complex cloud service, led to the disclosure of tens of millions of customer records, including credit card applications, Social Security numbers, and bank account information. As long as a cloud provider isn't losing customers by the droves - which generally doesn't happen after a security incident - it is incentivized to underinvest in security.

Accurics announced that its open source project Terrascan, which enables teams to detect compliance and security violations across Infrastructure as Code, now integrates with the Argo Project. This integration, coupled with the new Terrascan admission controller feature to enforce CNCF's Open Policy Agent policies across the software development lifecycle, significantly enhances cloud security as developers adopt a GitOps approach.