Security News

The Cloud Security Alliance released an update to its Consensus Assessment Initiative Questionnaire, a set of questions that allow cloud consumers and auditors to ascertain a cloud service provider's compliance with the Cloud Controls Matrix. With CAIQv4, users can showcase additional accountability and transparency regarding their security and privacy practices, providing additional value for both cloud service providers and customers.

That's why last December we were one of the first in the world to launch support for the Intel SGX encryption standard in our public cloud. This technology dramatically enhances data protection with built-in cloud management tools from Intel.

There, an Amazon Web Services cloud vulnerability, compounded by Capital One's own struggle to properly configure a complex cloud service, led to the disclosure of tens of millions of customer records, including credit card applications, Social Security numbers, and bank account information. As long as a cloud provider isn't losing customers by the droves - which generally doesn't happen after a security incident - it is incentivized to underinvest in security.

Accurics announced that its open source project Terrascan, which enables teams to detect compliance and security violations across Infrastructure as Code, now integrates with the Argo Project. This integration, coupled with the new Terrascan admission controller feature to enforce CNCF's Open Policy Agent policies across the software development lifecycle, significantly enhances cloud security as developers adopt a GitOps approach.

Cloud security is more topical than ever when considering all the fun things that have happened in 2021 with security startups! Before talking about innovation and startups though, let's talk about a brief history of cloud security especially public cloud.

The problem is not the cloud, one expert said. It's the speed at which companies are moving items to the cloud without considering security controls.

CSPM provides a single pane of glass for seeing your cloud vulnerabilities and security posture in real time. In reality, organizations need comprehensive and centralized visibility, security, and compliance, and a CSPM is the perfect tool to both improve and scale cloud security.

Whatever unit of measurement you use, it's clear that more and more enterprise computing is happening in the cloud - which also means the cloud is an ever-growing target for cyber attackers. SANS Institute has expanded its line-up of cloud-focused security courses, adding six freshly minted courses, with a seventh one currently in beta testing phase.

Cloud Sniper is an open-source platform for managing cloud security operations that aims to make it easy for cloud teams to deal with security incidents. "One of our main goals is end-to-end automation of security incident lifecycles. Cloud Sniper performs automatic actions from deployment via Terraform to findings management," Nicolás Rivero Corvalán, one of the tool's creators, told Help Net Security.

A security strategy - and accompanying toolset - that makes a daily check for configuration risks is woefully inadequate for the cloud. The bad guys have bots continually searching for openings in your cloud services, and you need to continually monitor for risky configurations and unexpected changes.