Top of Page
 

Cloud Insights Banner

(ISC)²'s bi-monthly e-newsletter Cloud Security INSIGHTS, delivers timely, must-read original articles for the professional development of infosecurity practitioners focused on cloud security.

Issue: 2019 November

In Cloud We Trust (Mostly), According to New Survey

By DEBORAH JOHNSON 

Since organizations began digital transformations en masse, a perennial question has been: Is data safer in the cloud or on-premises? A new survey shed some insight on how both are currently perceived by cybersecurity executives.

To measure the use of cloud services—now a $325 billion global market—and the level of trust in them, Nominet Cyber Solutions queried 274 C-level and other high-ranking cybersecurity professionals in the United States and United Kingdom.  Read More


Issue: 2019 September

Minimizing Exposures Associated with Free Cloud Services

By MATT GILLESPIE

Free and low-cost public cloud services such as email and storage drops have democratized IT disruption. One result is an extended attack surface, affecting companies large and small.

Verizon’s 2019 Data Breach Investigations Report finds that compromised cloud-based email accounts now comprise  60% of web application hacks. Likewise, improper configuration of cloud-based file storage is leading to massive data exposure, accounting for 21% of breaches caused by errors. Read More


Issue: 2019 July

Forecast Looking Good for Cloud Security Solutions

By SHAWNA McALEARNEY

Organizations are embracing the deployment of mission-critical workloads to the public cloud at an unprecedented rate, driving the global cloud security solutions market to an estimated $12.7 billion by 2023.

That’s according to Forrester’s Cloud Security Solutions Forecast, 2018 to 2023. The same analysis noted more than half (54%) of global infrastructure decision makers have implemented, or are expanding, their use of the public cloud, up from 25% in 2015. Read More


Issue: 2019 May

Turning to History to Build Trust in the Cloud Era

By PAUL SOUTH

Amin Vahdat, a Google Fellow and technical lead for the company, is a student of history. The internet’s history, to be more precise.

In the early days of distributed systems, trust was implicit, he recalled. Protocols for routing and the like were not built with an adversarial mindset. Malware, phishing scams and state-sponsored cyber threats were rarely considered (at least publicly). Read More

 


Issue: 2019 March

Managing the Potholes and Possibilities During Cloud Migrations

By PAUL SOUTH

Sometimes the journey to the cloud means pedal-to-the-metal driving on a smooth track. Other times, the road is rife with potholes to be avoided. Knowing when to press forth and when to maneuver around a pockmarked path will depend on how each organization selects, deploys and maintains cloud-related services. Read More

 


Issue: 2019 January

More Security Coming from Cloud Platform Providers

By JOYCE FLORY

Cloud security has come a long way in the last decade. With cloud service providers building more protections into their platforms, some information security professionals now see cloud security on par with, and possibly better than, on-premises environments. That viewpoint, however, is far from universal. Read More


Issue: 2018 November 

How National Gypsum Is Leveraging Its Digital Transformation to Improve Data Security

By Paul South

Sometimes, it takes some nudging to get a company to embrace new technology, especially when that technology involves moving secured on-premises data into the cloud. For century-old National Gypsum, that push came in part due to expenses generated by lawsuits. Read More


Issue: 2018 September

Is It Time for You to Fully Embrace Cloud Services?

By Wesley Simpson

In case you are one of the last holdouts on moving to the cloud, I applaud your risk tolerance for keeping your company safe and secure. But in reality, in order to stay competitive, there is no better time than now to fulfill a digital transformation, including fully embracing cloud services. Read More


Issue: 2018 July

A False Sense of Security: 10 Controls That May Be Missing in Your Cloud Architecture

By Shawna McAlearney

Cloud services offer numerous cost benefits, business efficiencies and competitive advantages to organizations of all sizes. Despite advances, the cloud remains vulnerable to a host of security issues, most particularly data breaches and denial of service attacks. Fortunately, measures can be taken to set a foundation for a zero-trust implementation. Predrag “Pez” Zivic, CISSP, recently discussed 10 controls to architect strong security... Read More


Issue: 2018 May

Leveraging the Cloud to ‘Transform’ Cybersecurity at the Toronto Stock Exchange

By James Hayes

Bobby Singh, CISO and Global Head of Infrastructure Services at TMX Group, the technology provider at the heart of the Toronto Stock Exchange, is responsible for corporate IT systems and services, as well as all aspects of security, governance, risk and compliance. His role includes delivery of secure and highly available technology services across the organization, and as a member of its executive leadership team, he defines TMX Group’s cybersecurity vision and strategy. Read More


Issue: 2018 March

Again: Who’s Responsible for Vulnerability Management in the Cloud?

By Shawna McAlearney

The debate about who is responsible for security in the cloud, ongoing since the earliest days of cloud computing, has now been tested, thanks to Spectre and Meltdown. Users may not like the answers they are getting from their cloud providers.

The new year ushered in not just one but two incredibly serious hardware vulnerabilities that posed both an immediate threat and long-term implications to cloud computing. These vulnerabilities, resident in many different vendors’ processors and operating systems, could be used to compromise most computer chips to read sensitive information stored in a computer’s memory, including account numbers and passwords. Read More


Issue: 2018 January

Customers Have a Role in Reducing the Deluge of Cloud Breaches

By Teri Radichel

As the number of companies moving to the cloud increases, so do cloud breaches. In 2017, a variety of attacks on cloud systems occurred at major corporations and government agencies around the world. One of the most prevalent forms of cloud data leaks stemmed from improperly configured Amazon Web Services (AWS) S3 buckets. Organizations such as Verizon and Booz Allen Hamilton exposed credentials and sensitive data that existed in AWS storage buckets lacking proper configuration. These customers also failed to correctly encrypt the data. Read More


Issue: 2017 November

Managing Cloud Data-Loss Risk in a ‘Cloud First’ World

By Alexander Getsin

Cloud adoption and services remain among the top trends and IT strategies, as does cybersecurity. As a result, enterprises, federal agencies and startups alike are adopting a “cloud first” policy in their IT spending and plans. It is imperative for them to do so if they are to compete effectively and provide adequate services to their markets. Yet, chief among these same companies’ concerns is the risk of data loss, particularly the loss of data confidentiality. That’s why it is increasingly important to understand the loss of data confidentiality risk and how to mitigate it. Read More


Issue: 2017 September

Dispelling Myths About FedRAMP

By Abel Sussman, CISSP, CCSP, PMP, CRISC

Cloud computing is having a substantial and growing impact on U.S. government agencies’ work to bring efficiency, agility and innovation to citizen services. This trend shows few signs of slowing; the Federal Cloud Computing Strategy, published in 2011 by then U.S. Chief Information Officer Vivek Kundra, estimated the federal cloud computing market to be valued at $20 billion, offering significant opportunity to cloud service providers (CSPs). But to be able to tap into this market, they first must meet specific cybersecurity requirements. Read More


Issue: 2017 July

Malware in the Cloud 101

By Todd Clarke

Companies have underestimated the scope of cloud adoption by nearly 10x. Its rapid rise has created a new effect: a “cloud attack fan-out.” With so many devices now connected to the cloud, this has increased the attack surface. Sync and share activities have increased data velocity in the cloud, so now the propensity for and the severity of malware attacks have intensified. Read More


Issue: 2017 May

Is It Time to Add a CASB to Your Toolbox?

By Anita J. Bateman, CISSP

According to a recent survey by the Cloud Security Alliance, 64.9 percent of IT leaders think the cloud is “as secure or more secure” than on-premises software. However, the same survey revealed that one in three enterprises do not have a process to onboard cloud services, and the most common reasons for rejecting cloud requests are related to trust, encryption and data loss prevention. Read More


Issue: 2017 March

7 Ways to Build Cloud Resilience within Your Organization

By Duncan Greaves

Cloud computing is here to stay. The amount of infrastructure, applications and storage being used continues to grow rapidly. The provision of infrastructure, platform and software services has not only revolutionized where computing is being carried out, but it is also changing the face of systems management and security.

The very size of cloud data storage makes it a potential target for a really large breach. A great deal of investment has been made to protect cloud systems against attack. It is essential for cloud security suppliers to provide customers confidence in uploading their information. Read More


Issue: 2017 January

How to Secure Data Destruction in the Cloud

By Colleen Frye

Like a classic horror film that has you believing the monster is dead, only to roar back to life, will the data you thought was securely deleted from the cloud come back to haunt you-and possibly put you at risk for a breach?

It's a huge issue, says Johannes Ullrich, director of the Internet Storm Center at the SANS Technology Institute. "You cannot securely delete anything in the cloud; you don't control the medium. Read More


Issue: 2016 November

Using the Cloud for Disaster Recovery Requires Different Skills

By Crystal Bedell

It wasn't long ago that business continuity/disaster recovery (BC/DR) was reserved for the privileged few. Only the largest enterprises had the resources to build and maintain a secondary site, so only the largest enterprises had the peace of mind that comes with BC/DR capability. Today, however, that has changed. Cloud computing has democratized BC/DR, making it available to virtually any organization. The concern now is how to use cloud-based BC/DR securely.

According to analyst firm Enterprise Strategy Group (ESG), the number one planned use case for cloud computing is improving data backup and archive. BC/DR comes in second, and has for two years in a row, says Jason Buffington, a senior analyst for ESG. Read More


Debut Issue: 2016 September

Wrangling in the Cloud: Tactics for Avoiding a Data Stampede

By Paul South

In television's early days, cowboy shows like Rawhide galloped across a black and white landscape. Every third episode or so featured a stampede, triggered most often by a gunshot at a rattlesnake, an unexpected thunderstorm or a disgruntled cowhand.

And it was left to the cowboys to wrangle in the wayward herd. Read More

OK