Security News
Cloud Native Application Protection Platforms have emerged as a critical category of security tooling in recent years due to the complexity of comprehensively securing multi-cloud environments, according to Cloud Security Alliance. Much of CNAPPs popularity has been driven by their ability to consolidate the capabilities of the numerous security tools organizations current deploy, namely Cloud Security Posture Management, Cloud Workload Protection, and Cloud Infrastructure Entitlement Management, network security, and secure DevOps.
Ermetic released CNAPPgoat, an open-source project that allows organizations to test their cloud security skills, processes, tools, and posture in interactive sandbox environments that are easy to deploy and destroy. CNAPPgoat supports AWS, Azure, and GCP platforms for assessing the security capabilities included in Cloud Native Application Protection Platforms.
As a result, security is an afterthought, and any attempt to squeeze siloed security into agile SDLC can swell the cost of patching by 600%. A new cloud security operating model is long overdue. Stripping back to a system of low context may have drastically sped up the CI/CD pipeline, but this low-context approach is disappointing for any attempt to shift security to the left.
Microsoft announced on Wednesday it would provide all customers free access to cloud security logs - a service usually reserved for premium clients - within weeks of a reveal that government officials' cloud-based emails were targets of an alleged China-based hack. Microsoft wrote on its blog it was expanding the service's access beginning in September 2023 to "Increase the secure-by-default baseline" of its cloud platforms "In response to the increasing frequency and evolution of nation-state cyber threats."
Since cloud security implies a shared responsibility between the customers and the cloud provider, IT teams and decision-leaders must have a clear understanding of the types of cloud services more vulnerable to cyberattacks. Another security consideration that emerges when businesses are moving their information system to the cloud is identifying the cases where the risks outweigh the rewards.
Asia In Brief Japan's government last Friday rebuked Fujitsu for shabby cloud security. Fujitsu operates a cloud called "FENICS" and in February 2023 admitted that in December 2022 it had detected network misconfigurations that allowed unauthorized remote access to the service.
Findings in network intelligence firm Gigamon's Hybrid Cloud Security Survey report suggest there's a disconnect between perception and reality when it comes to vulnerabilities in the hybrid cloud: 94% of CISOs and other cybersecurity leaders said their tools give them total visibility of their assets and hybrid cloud infrastructure, yet 90% admitted to having been breached in the past 18 months, and over half fear attacks coming from dark corners of their web enterprises. Key to understanding hybrid cloud security Must-read security coverage Google offers certificate in cybersecurity, no dorm room required The top 6 enterprise VPN solutions to use in 2023 EY survey: Tech leaders to invest in AI, 5G, cybersecurity, big data, metaverse Electronic data retention policy.
Although numerous respondents acknowledged employing risky practices and behaviors within their cloud environments, they strongly believe in the effectiveness of their security tools and processes to safeguard their organizations against meticulously planned attacks, according to Permiso. The survey assessed both the respondents cloud security practices and the scale of their environment, including the number of identities and secrets they manage, response time to an attack, the different methods of access into their environment, and the types of solutions they utilize to help secure their environments.
Sponsored Post Imagine if you could get instant advice on how to protect your cloud infrastructure against cyber threats from some of the world's best cloud security experts without leaving the comfort of your chair. Starting at 11 am UTC on Friday 18th August, the SANS Cloud Security Exchange 2023 is a free and virtual event that brings together cloud security experts from AWS, Google Cloud, Microsoft Azure and the SANS Institute onto one digital stage.
The growing adoption of cloud has elevated cloud security fear for IT teams, as they grapple with the challenges and concerns arising from the widespread use of complex cloud environments while diligently addressing them, according to SUSE. Cloud security fear is growing. Data stores as top cloud security concern: 31% of respondents named data stores hosted by cloud or third parties as their top cloud security concern.