Security News

The Risk Protection Program is designed to help customers reduce cloud security risk and in turn potentially reduce costs by connecting with two of the world's leading insurers for specialized and enhanced cyber insurance designed exclusively for Google Cloud customers. As the use of cloud services increases, expanding to sensitive workloads and new data types, customers more than ever need assurances that their use of cloud services is integrated tightly into their overall risk management program.

Bridgecrew announces they've shifted their security scanning and fixing technology even further left with a new Visual Studio Code extension. "While Bridgecrew's mission is to ensure infrastructure security at every stage of the development lifecycle from code and build, through deployment, and into runtime the earlier you catch issues, the less headaches you'll have later down the road," said Barak Schoster, CTO, Bridgecrew.

To select a suitable cloud security solution for your business, you need to think about a variety of factors. Let's face it, managing security on-premises is hard enough, but add in multiple cloud vendors and platform options, increased threat vectors and attack surfaces - the need for cloud security cannot be overstated.

A new analysis of security risks in cloud deployments found that companies are facing an increased risk of more advanced attacks and struggling to control managed infrastructure options. The Cloud Cyber Resilience Report from Accurics describes how insecure defaults and identity management are causing new problems.

Palo Alto Networks on Tuesday snapped up early-stage startup Bridgecrew, adding a cloud security platform for developers to its $3.4 billion-a-year enterprise product portfolio. For Palo Alto, the deal is part of a strategy to spend big to snap up early-stage companies in the cloud security and DevOps workflow space.

IO. This is the second acquisition Rapid7 has made in the cloud security market in the past nine months, having acquired DivvyCloud, a leader in Cloud Security Posture Management this past April. Together, these acquisitions will enhance Rapid7's ability to provide a cloud native security platform to its customers and facilitate continuous management of risk and compliance across their cloud environments.

The Cloud Security Alliance announced the availability of version 4 of the Cloud Controls Matrix, CSA's cybersecurity framework for cloud computing. The CCM v4 includes additional cloud security and privacy-related controls and encompasses coverage of requirements deriving from new cloud technologies, improved control auditability, enhanced interoperability and compatibility with other standards, and expanded support offerings to navigate the cloud shared responsibility model.

Security in cloud environments is a far cry from securing on-premises infrastructure. To utilize Cloud Foundry effectively, DevOps, security, and R&D all have to understand the multi-tenant identity management service UAA, the Cloud Controller for directing the deployment of applications via REST API endpoints, and also the rules and best practices around service deployment.

So how do we solve this problem? It begins with a better vulnerability management system, a refocused commitment to cloud application security best practices and a realignment of our current security posture with the specific requirements of the cloud. Vulnerability assessments are conducted periodically to evaluate the existing security posture and help inform any necessary changes to the vulnerability management action plan.

Data protection and compliance solutions provider HITRUST has announced the release of new Shared Responsibility Matrices for Amazon Web Services and Microsoft Azure. Best known for the HITRUST CSF, the Texas-based company has worked with healthcare, technology and information security organizations to help organizations safeguard sensitive information and manage information risk.