Securing identities and their privileges and access should be at the center of your strategy for reducing your cloud attack surface. The old network perimeter, with its limited number of points of ingress secured with firewalls and other perimeter defenses has given way to a distributed arrangement. Software-as-a-Service (SaaS) today is the new IT, and cloud identities are the new perimeter with thousands of users and points of potential failure existing outside of your traditional security protocols. The greatest threats to this new perimeter include:
Organizations' migration to the cloud is a broad term that encompasses many different trends: (1) Moving existing applications from private data centers to AWS, Azure, or the Google Cloud Platform as cloud service providers (CSPs), often referred to as lift-and-shift or infrastructure-as-a-service (IaaS); (2) Completely restructuring how applications are built to make heavier use of prepackaged services available on these cloud service platforms – often referred to as lift-and-reshape, serverless, or platform-as-a-service (PaaS); (3) Choosing to forgo running copies of standard applications instead of having the application vendor host them is sometimes referred to as drop-and-shop or software-as-a-service (SaaS).
Fast forward to 2020, and the pandemic is causing another quantum shift in how the world thinks about security. This time around, businesses are responsible for protecting their workplaces and people from an invisible intruder. As SARS-CoV-2 continues to disrupt businesses and economies, video intercom systems are once again on the frontline of security. But this time, the intercom has the force of modern technology on its side.
To understand current cloud infrastructure (IaaS) utilization and management practices, SailPoint, in partnership with dimensional research, surveyed executives and governance professionals who are directly involved with IaaS compliance and governance.
The report reviews the global research survey which investigates current issues, risks, and challenges with IaaS environments as well as the tools used to manage access and governance of those environments.
In addition, the report found that a large majority (74%) of companies use more than one IaaS provider, with some companies reporting using as many as seven and eight – which can lead to significant security issues.
Cloud communications and other advanced networking solutions have not only changed the way we connect with the world around us today, but they are also driving the change in future connectivity and are set to transform the way businesses create operating models, collaborate, and more. So, what does the future of connectivity look like in 2021? The near future consists of more robust security, more intuitive and streamlined connectivity, and increased mobility for a global workforce.
What are the expectations, technical implementations, and challenges of using cloud security access brokers (CASB)? Cloud Security Alliance's latest study reveal unrealized gaps between the rate of implementation or operation and the effective use of the capabilities within the enterprise.
Organizations may consider adopting an adaptive risk-based trust approach to securing their privileged access. This approach uses least-privilege, zero-trust as a baseline for how organizations build trust scores which will then be used to determine the level of security which is required to gain access to the cloud, and specific applications and systems.
T-Rex Solutions, LLC announced Marine Corps veteran, entrepreneur and cybersecurity executive Dr. Allen Harper joined the organization as Executive Vice President of Cybersecurity. Dr. Harper will lead the company’s delivery of secure cloud services to the Federal government.
Qualys, Inc., a provider of disruptive cloud-based IT, security and compliance solutions, announced the appointment of Ben Carr as Chief Information Security Officer (CISO).
My favorite definition of the (public) cloud is “It’s someone else’s computer.” That is really what any external cloud service is. And if your services, data and other assets are located on someone else’s equipment, you are at their mercy on whether you can access those assets and data at any time. It isn’t up to you. It’s solely determined by them, and any service level agreement you agreed to. And you can lose everything stored there permanently. You should have multiple backups of your data no matter where it is stored, especially including if it is stored using a cloud service.