Security News

OpsCompass announced the results of a report it conducted on cloud security posture and management challenges. "Operations teams are managing increasingly complex cloud infrastructure and are hyper-concerned about misconfigurations and configuration drift resulting in security gaps and potential breaches. Our goal with this report is to assess what teams are experiencing today, understand their concerns, and drive conversations to improve cloud security."

Deloitte announced its acquisition of substantially all the assets of CloudQuest, a cloud security posture management provider based in Cupertino, Calif. The deal will bolster Deloitte's existing cloud cybersecurity offerings with CloudQuest's cloud-native security capabilities to more seamlessly manage security workflows, reduce risk and improve data security. "While the global pandemic slowed some things, it didn't slow cloud migration or cloud reliance for the vast majority of organizations," said Vikram Kunchala, Deloitte Risk & Financial Advisory Cyber Cloud leader and principal, Deloitte & Touche LLP. "As organizations work to build or advance their security postures for cloud or hybrid-cloud environments, we're expanding and diversifying our services and solutions portfolio to help our clients continuously monitor, prevent and remediate security threats."

The Cloud Security Alliance released an update to its Consensus Assessment Initiative Questionnaire, a set of questions that allow cloud consumers and auditors to ascertain a cloud service provider's compliance with the Cloud Controls Matrix. With CAIQv4, users can showcase additional accountability and transparency regarding their security and privacy practices, providing additional value for both cloud service providers and customers.

That's why last December we were one of the first in the world to launch support for the Intel SGX encryption standard in our public cloud. This technology dramatically enhances data protection with built-in cloud management tools from Intel.

There, an Amazon Web Services cloud vulnerability, compounded by Capital One's own struggle to properly configure a complex cloud service, led to the disclosure of tens of millions of customer records, including credit card applications, Social Security numbers, and bank account information. As long as a cloud provider isn't losing customers by the droves - which generally doesn't happen after a security incident - it is incentivized to underinvest in security.

Accurics announced that its open source project Terrascan, which enables teams to detect compliance and security violations across Infrastructure as Code, now integrates with the Argo Project. This integration, coupled with the new Terrascan admission controller feature to enforce CNCF's Open Policy Agent policies across the software development lifecycle, significantly enhances cloud security as developers adopt a GitOps approach.

Cloud security is more topical than ever when considering all the fun things that have happened in 2021 with security startups! Before talking about innovation and startups though, let's talk about a brief history of cloud security especially public cloud.

The problem is not the cloud, one expert said. It's the speed at which companies are moving items to the cloud without considering security controls.

CSPM provides a single pane of glass for seeing your cloud vulnerabilities and security posture in real time. In reality, organizations need comprehensive and centralized visibility, security, and compliance, and a CSPM is the perfect tool to both improve and scale cloud security.

Whatever unit of measurement you use, it's clear that more and more enterprise computing is happening in the cloud - which also means the cloud is an ever-growing target for cyber attackers. SANS Institute has expanded its line-up of cloud-focused security courses, adding six freshly minted courses, with a seventh one currently in beta testing phase.