Security News

Cloud security is a critical aspect of modern computing, as businesses and individuals increasingly rely on cloud services to store, process, and manage data. Cloud computing offers numerous benefits, including scalability, flexibility, and cost efficiency, but it also introduces unique security challenges that need to be addressed to ensure the confidentiality, integrity, and availability of sensitive information.

In 2023, the cloud isn't just a technology—it's a battleground. Zenbleed, Kubernetes attacks, and sophisticated APTs are just the tip of the iceberg in the cloud security warzone. In collaboration...

In the last year, 47% of all data breaches originated in the cloud, and more than 6 in 10 respondents believe cloud security is lacking and poses a severe risk to their business operations, according to Illumio. 97% believe Zero Trust Segmentation can greatly improve their organization's cloud security strategy because it improves digital trust, ensures business continuity, and bolsters cyber resilience.

Sponsored Post The job of the cyber security professional is never easy, and it gets progressively harder with the movement of sensitive data and applications across the multiple different on and off premise systems that make up modern hybrid cloud environments. That's why SANS has created a training and certification curriculum devoted specifically to cloud security, designed to help those responsible for implementing effective cloud security measures within their organisation to broaden their knowledge and skills.

Which is why I'm pleased to announce that the Center for Internet Security has tested its CIS Hardened Images with two popular cloud services: Azure Update Manager and Amazon EC2 Image Builder. Making sure the essentials are covered to help YOU. The CIS Hardened Images are virtual machine images that are pre-hardened to the security recommendations of the CIS Benchmarks.

At its Google Next '23 event this week, Google revealed how - with the use of its PaLM 2 foundational model - it is applying the generative AI Duet AI to security solutions in Google Cloud, including posture management, threat intelligence and detection and network and data security. Integrating Duet AI into Chronicle explicitly addresses security operations workload and tool proliferation, and implicitly the shortage of security operators in SOC teams, Potti explained.

Cloud Native Application Protection Platforms have emerged as a critical category of security tooling in recent years due to the complexity of comprehensively securing multi-cloud environments, according to Cloud Security Alliance. Much of CNAPPs popularity has been driven by their ability to consolidate the capabilities of the numerous security tools organizations current deploy, namely Cloud Security Posture Management, Cloud Workload Protection, and Cloud Infrastructure Entitlement Management, network security, and secure DevOps.

Ermetic released CNAPPgoat, an open-source project that allows organizations to test their cloud security skills, processes, tools, and posture in interactive sandbox environments that are easy to deploy and destroy. CNAPPgoat supports AWS, Azure, and GCP platforms for assessing the security capabilities included in Cloud Native Application Protection Platforms.

As a result, security is an afterthought, and any attempt to squeeze siloed security into agile SDLC can swell the cost of patching by 600%. A new cloud security operating model is long overdue. Stripping back to a system of low context may have drastically sped up the CI/CD pipeline, but this low-context approach is disappointing for any attempt to shift security to the left.

Microsoft announced on Wednesday it would provide all customers free access to cloud security logs - a service usually reserved for premium clients - within weeks of a reveal that government officials' cloud-based emails were targets of an alleged China-based hack. Microsoft wrote on its blog it was expanding the service's access beginning in September 2023 to "Increase the secure-by-default baseline" of its cloud platforms "In response to the increasing frequency and evolution of nation-state cyber threats."