Security News

Cloud security is more topical than ever when considering all the fun things that have happened in 2021 with security startups! Before talking about innovation and startups though, let's talk about a brief history of cloud security especially public cloud.

The problem is not the cloud, one expert said. It's the speed at which companies are moving items to the cloud without considering security controls.

CSPM provides a single pane of glass for seeing your cloud vulnerabilities and security posture in real time. In reality, organizations need comprehensive and centralized visibility, security, and compliance, and a CSPM is the perfect tool to both improve and scale cloud security.

Whatever unit of measurement you use, it's clear that more and more enterprise computing is happening in the cloud - which also means the cloud is an ever-growing target for cyber attackers. SANS Institute has expanded its line-up of cloud-focused security courses, adding six freshly minted courses, with a seventh one currently in beta testing phase.

Cloud Sniper is an open-source platform for managing cloud security operations that aims to make it easy for cloud teams to deal with security incidents. "One of our main goals is end-to-end automation of security incident lifecycles. Cloud Sniper performs automatic actions from deployment via Terraform to findings management," Nicolás Rivero Corvalán, one of the tool's creators, told Help Net Security.

A security strategy - and accompanying toolset - that makes a daily check for configuration risks is woefully inadequate for the cloud. The bad guys have bots continually searching for openings in your cloud services, and you need to continually monitor for risky configurations and unexpected changes.

While spending on cloud services is high, with more than half of respondents having spent more than $10 million and 11% having spent more than $100 million in the last three years, security preparedness is low, with 32% saying they are doing less than they need to, or nothing at all, to ensure security of their cloud resources, an Osterman Research survey reveals. "Despite being aware of serious shortcomings in public cloud security tools and the rise of cloud-focused vulnerability exploits, 32% of those surveyed are not actively working to solve these challenges," said Mike Osterman, President and Principal Analyst, Osterman Research.

Aruba, a Hewlett Packard Enterprise company announced an expansive set of cross-portfolio edge-to-cloud security integrations for Aruba ESP. The new advancements include the integration of the ClearPass Policy Manager secure network access control platform with the Aruba EdgeConnect SD-WAN edge platform, formerly Silver Peak, the integration of Aruba Threat Defense with the EdgeConnect platform, and the expansion of the Aruba ESP multivendor security partner ecosystem, providing enterprise customers with the freedom to deploy, cloud-delivered secure access service edge security components of their choice. Since IoT devices are agentless, IT departments cannot install security clients or redirect device traffic to cloud security services; therefore, zero trust security must be applied at the WAN edge.

Threat Stack announced its ability to support AWS Graviton2-based instances through the Threat Stack Cloud Security Platform. The rapid adoption of AWS Graviton2 workloads presents a challenge for security leaders as many of today's legacy tools do not support it.

The Cloud Security Alliance has released new Crypto-Asset Exchange Security Guidelines, a set of guidelines and best practices for crypto-asset exchange security. Drafted by CSA's Blockchain/Distributed Ledger Working Group, the document provides readers with a comprehensive set of guidelines for effective exchange security to help educate users, policymakers, and cybersecurity professionals on the pros and cons of further securing cryptocurrency exchanges, including both Decentralized Exchanges and hosted wallets at cloud-based exchanges, OTC desks, and cryptocurrency swap services.