What Your CISO and/or SOC Shouldn’t Miss in Evaluating a Cloud Service Provider
Since the advent of cloud computing, enterprises have struggled with choosing the best cloud service provider based on their unique needs. Common use cases include low cost, security, interoperability, big data analytics, storage, VDI, etc. On the flip side, major cloud service providers (Amazon Web Services, Microsoft Azure, Google Cloud, Alibaba Cloud, IBM Cloud or Oracle Cloud) have been working tirelessly to entice customers into consuming their services. Read More
What Lurks Beyond Leaky Storage Buckets and Reduced Visibility
In 2020, a large SaaS provider with hundreds of thousands of users asked Palo Alto Networks to run a red team exercise against the customer’s cloud infrastructure. Though the cybersecurity company normally doesn’t conduct pen tests, it accepted the challenge. Read More
Difficulties Remain with Fixing Cloud Misconfigurations
Despite recent years’ acceleration into cloud-native environments—or perhaps because of it—remediations for cloud misconfigurations are still measured in weeks and months, not days, on average. This lag also comes at a time when watering hole attacks like the one tied to SolarWinds are coming for the cloud, according to a study released earlier this year. Read More
What to Do About Multi-Cloud Audit Log Overload
In an interview with Expel Chief Technology Officer Peter Silberman, we explore one of the biggest issues cybersecurity professionals must overcome in 2021: data overload due to logs generated by multiple cloud platforms.
Most of us are familiar with data sprawl generated by cloud services, but not data overload. Can you discuss how this came to be such a big problem? And just how big of a problem is it now? Read More
From the Front Lines: Securing a Cloud-Native Company
Eric Gauthier, CISSP, had a traditional IT background that included running data centers and security when he landed at a company that tasked him with building a screening program for a cloud-native, serverless infrastructure.
What Gauthier learned from his early challenges were outlined in an (ISC)² Security Congress presentation to help others establish similar secure environments without compromising on security. Read More