Cloud security - Articles - Page 18

The reality of the shared responsibility model

June 17, 2021

Some organizations believe that the use of public cloud services allows them to outsource all of their security needs, but often those options don't cover an organization's entire threat surface.

Cloud Security Alliance releases new telehealth risk management guidance

June 15, 2021

The Cloud Security Alliance (CSA) announced the release of Telehealth Risk Management, focusing on the importance of healthcare delivery organizations (HDO) having processes and controls in place to ensure the privacy and security of telehealth patient information in the cloud in accordance with HIPAA privacy rules and the GDPR.

Cloud security priorities of “pandemic-evolved” businesses

High-performing security organizations driving dramatic and substantive change, and reaping the benefits of going “all in” on cloud

June 11, 2021

Devo Technology announced the results of a report assessing the current state and pace of change with regards to enterprise cloud transformation initiatives and the ramifications on teams running a Security Operations Center (SOC).

Integrated Solutions

Why retailers are economizing and optimizing with cloud video surveillance

For both heightened security and business optimization, here’s what retailers should look for in a video management system and provider.

Ken Francis

June 9, 2021

Thanks to advancements in cloud video surveillance, retailers who want a high-performance video surveillance system do have alternatives to ripping and replacing and expensive upgrades. For both heightened security and business optimization, here’s what retailers should look for in a video management system and provider.

5 minutes with Vishal Jain - Navigating cybersecurity in a hybrid work environment

Maria Henriquez

June 4, 2021

Are you ready for hybrid work? Though the hybrid office will create great opportunities for employees and employers alike, it will create some cybersecurity challenges for security and IT operations. Here, Vishal Jain, Co-Founder and CTO at Valtix, a Santa Clara, Calif.-based provider of cloud native network security services, speaks to Security magazine about the many ways to develop a sustainable cybersecurity program for the new hybrid workforce.

How DevOps has changed the way app security works (Part 2)

Andrew Peterson

May 28, 2021

App security is too important to be an afterthought. With the threats facing modern web applications, organizations need to find a new way to ensure protection without impeding innovation. To move forward, security and DevOps will need to work together to solve the challenges they face—in terms of both security and organizational politics.

Average cost of cloud account compromises reached $6.2 million over a 12-month period

May 27, 2021

Proofpoint, Inc. and Ponemon Institute released the results of a new study on “The Cost of Cloud Compromise and Shadow IT.” The average cost of cloud account compromises reached $6.2 million over a 12-month period, according to over 600 IT and IT security professionals in the U.S. In addition, 68% of these survey respondents believe cloud account takeovers present a significant security risk to their organizations, with more than half indicating the frequency and severity of cloud account compromises has increased over the last 12 months.

Palo Alto Cortex Xpanse Researchers identify missing metric for a modern SOC

May 24, 2021

Palo Alto Cortex Xpanse research team spent the first three months of 2021 monitoring the activities of attackers to better understand how much of an edge adversaries have in detecting systems that are vulnerable to attack. They followed a benchmark that they call “mean time to inventory” (MTTI), which is simply how long it takes somebody to start scanning for a vulnerability after it’s announced. Xpanse research found 79% of observed exposures occurred in the cloud.

5 steps to integrating security into the app development process (without disrupting CI/CD workflows)

Art Poghosyan

May 21, 2021

The traditional approach to securing cloud access goes against everything that DevOps is about. Regardless of what providers of legacy IAM, PAM, and other security solutions claim about their ability to scale with cloud application dev cycles, they’re concealing the extensive time, effort, and resources required to manage their solutions – three things that are in short supply in DevOps teams. So, the challenge becomes: how can enterprises integrate world class technologies for securing identities and access to cloud environments without bringing DevOps to a grinding halt?

Lessons learned from the iPhone call recording app vulnerability

Michael Isbitski

May 10, 2021

News quickly spread about a vulnerable call recording app for iPhone named “Call Recorder,” or “Acr call recorder,” as its listing in the Apple App Store states. TechCrunch was the first outlet to flag a design flaw with the mobile application’s API when it obtained call recordings from AWS S3 cloud storage to prove it was insecure and therefore open to API-based attacks. The weaknesses exhibited by the mobile app represent a vital shift occurring in cybersecurity towards the importance of the protection and hardening of APIs. From this instance alone, we can learn a number of valuable lessons as API attacks are set to rise drastically this year. Most of the issues in the Call Recorder vulnerability map directly to the OWASP API Security Top 10, a list that captures the most common API mistakes. This document is a great reference for DevOps and security teams that are looking to implement strong API security that can be applied to both web and mobile application systems, including those in the cloud.