Top of Page
 

Cloud Security INSIGHTS Newsletter Archive

Our bi-monthly e-newsletter Cloud Security INSIGHTS, delivers timely, must-read original articles for the professional development of infosecurity practitioners focused on cloud security. You can view the most current issue here.

  • 2021 INSIGHTS 2021 INSIGHTS

    September INSIGHTS

    What Your CISO and/or SOC Shouldn’t Miss in Evaluating a Cloud Service Provider

    Since the advent of cloud computing, enterprises have struggled with choosing the best cloud service provider based on their unique needs. Common use cases include low cost, security, interoperability, big data analytics, storage, VDI, etc. On the flip side, major cloud service providers (Amazon Web Services, Microsoft Azure, Google Cloud, Alibaba Cloud, IBM Cloud or Oracle Cloud) have been working tirelessly to entice customers into consuming their services. Read More

    July INSIGHTS

    What Lurks Beyond Leaky Storage Buckets and Reduced Visibility

    In 2020, a large SaaS provider with hundreds of thousands of users asked Palo Alto Networks to run a red team exercise against the customer’s cloud infrastructure. Though the cybersecurity company normally doesn’t conduct pen tests, it accepted the challenge. Read More

    May INSIGHTS

    Difficulties Remain with Fixing Cloud Misconfigurations

    Despite recent years’ acceleration into cloud-native environments—or perhaps because of it—remediations for cloud misconfigurations are still measured in weeks and months, not days, on average. This lag also comes at a time when watering hole attacks like the one tied to SolarWinds are coming for the cloud, according to a study released earlier this year. Read More

    March INSIGHTS

    What to Do About Multi-Cloud Audit Log Overload

    In an interview with Expel Chief Technology Officer Peter Silberman, we explore one of the biggest issues cybersecurity professionals must overcome in 2021: data overload due to logs generated by multiple cloud platforms.

    Most of us are familiar with data sprawl generated by cloud services, but not data overload. Can you discuss how this came to be such a big problem? And just how big of a problem is it now? Read More

    January INSIGHTS

    From the Front Lines: Securing a Cloud-Native Company

    Eric Gauthier, CISSP, had a traditional IT background that included running data centers and security when he landed at a company that tasked him with building a screening program for a cloud-native, serverless infrastructure.

    What Gauthier learned from his early challenges were outlined in an (ISC)² Security Congress presentation to help others establish similar secure environments without compromising on security. Read More

  • 2020 INSIGHTS 2020 INSIGHTS

    November INSIGHTS

    Practical Advice to Harden Multi-Cloud Environments

    By Paul South

    Jeremy Snyder traveled the globe for several years learning how companies large and small secured their multi-cloud environments. The result of this international listening tour? A list of 10 recommendations for how to improve your multi-cloud security posture—a goal that’s now more important than ever with the shift to remote work and bad actors seeking novel ways to infiltrate public, private and hybrid cloud infrastructures accessed from so many more entry points. Read More

    September INSIGHTS

    The Evolution of Vulnerability Management on Cloud Endpoints

    By Oscar Monge España, CISSP, CCSP

    One of the most common challenges when securing the cloud is not having full visibility of all resources deployed. This exponentially increases the exposure factor, which could lead to a possible breach.

    Six to eight years ago, when organizations started moving to the cloud, the main goal was a smooth transition in order to quickly reap the benefits of cloud to deploy workloads and reduce capital expenditures. Security came later. Read More

    July INSIGHTS

    Is It Time to Buy into Cloud Security Posture Management?

    By Anne Saita

    Mistakes happen. When it comes to cloud services, it’s important to know who is responsible when a mistake causes financial and reputational damage. With so many “shared responsibility models” currently being rewritten, now is an opportune time to consider the liabilities from cloud misconfigurations and technical solutions to help minimize them. Read More

    May INSIGHTS

    Survey: Security Lags as Cloud Use Rapidly Grows More Complex

    By Shawna McAlearney

    Offering flexibility, convenience and speed to drive business initiatives, the cloud continues to present unrivaled opportunities for innovation—if it can be properly secured. Unfortunately, security efforts are still coming up short in many environments.

    “Between the use of multiple cloud platforms and heterogeneous security solutions, to the lack of qualified personnel needed to implement and manage them, enterprises find themselves compromising security to achieve their business objectives,” according to FireMon’s The 2020 State of Hybrid Cloud Security survey of 522 IT and security professionals. Read More

    March INSIGHTS

    Building a Hardened Container Infrastructure—In and Outside of the Cloud

    By Matt Gillespie

    Bank vaults, mainframes and mountain fortresses are desirable for their lack of subtlety. Protection of their contents is ensured by sheer heft, so proprietors can focus elsewhere.

    That calculus changes when low overhead is paramount. For instance, Linux containers epitomize lightweight, ephemeral infrastructure. And workloads that by design exist with only fleeting ties to physical systems must rely elsewhere for protection. Read More

    January INSIGHTS

    Bringing PKI to the Cloud May Be Easier than You Think—And Already Happening

    Most cybersecurity professionals are familiar with public key infrastructure (PKI) as it relates to creating and managing digital identities for people, platforms and devices across an enterprise. That increasingly includes building or outsourcing PKI within the cloud.

    “We have always consumed PKI in the cloud, we just haven’t called it that because we have gone out and bought SSL certs that are publicly-rooted from the vendors,” explained Chris Hickman, the chief security officer for PKI-as-a-service provider Keyfactor, during an (ISC)2 roundtable discussion. “If we look at the history of certificates and how they were used, one could easily argue that PKI was actually one of the first applications in the cloud, by virtue of needing a certificate to protect my e-commerce website or my website. In general, that was what I did: I went out and bought a cert. That cert was from somebody who was providing PKI in the cloud. It is actually not a new concept.” Read More

  • 2019 INSIGHTS 2019 INSIGHTS

    November INSIGHTS

    In Cloud We Trust (Mostly), According to New Survey

    By Deborah Johnson

    Since organizations began digital transformations en masse, a perennial question has been: Is data safer in the cloud or on-premises? A new survey shed some insight on how both are currently perceived by cybersecurity executives.

    To measure the use of cloud services—now a $325 billion global market—and the level of trust in them, Nominet Cyber Solutions queried 274 C-level and other high-ranking cybersecurity professionals in the United States and United Kingdom. Read More

    September INSIGHTS

    Minimizing Exposures Associated with Free Cloud Services

    By Matt Gillespie

    Free and low-cost public cloud services such as email and storage drops have democratized IT disruption. One result is an extended attack surface, affecting companies large and small.

    Verizon’s 2019 Data Breach Investigations Report finds that compromised cloud-based email accounts now comprise 60% of web application hacks. Likewise, improper configuration of cloud-based file storage is leading to massive data exposure, accounting for 21% of breaches caused by errors. Read More

    July INSIGHTS

    Forecast Looking Good for Cloud Security Solutions

    By Shawna McAlearney

    Organizations are embracing the deployment of mission-critical workloads to the public cloud at an unprecedented rate, driving the global cloud security solutions market to an estimated $12.7 billion by 2023.

    That’s according to Forrester’s Cloud Security Solutions Forecast, 2018 to 2023. The same analysis noted more than half (54%) of global infrastructure decision makers have implemented, or are expanding, their use of the public cloud, up from 25% in 2015. Read More

    May INSIGHTS

    Turning to History to Build Trust in the Cloud Era

    By Paul South

    Amin Vahdat, a Google Fellow and technical lead for the company, is a student of history. The internet’s history, to be more precise.

    In the early days of distributed systems, trust was implicit, he recalled. Protocols for routing and the like were not built with an adversarial mindset. Malware, phishing scams and state-sponsored cyber threats were rarely considered (at least publicly). Read More

    March INSIGHTS

    Managing the Potholes and Possibilities During Cloud Migrations

    By Paul South

    Sometimes the journey to the cloud means pedal-to-the-metal driving on a smooth track. Other times, the road is rife with potholes to be avoided. Knowing when to press forth and when to maneuver around a pockmarked path will depend on how each organization selects, deploys and maintains cloud-related services. Read More

    January INSIGHTS

    More Security Coming from Cloud Platform Providers

    By Joyce Flory

    Cloud security has come a long way in the last decade. With cloud service providers building more protections into their platforms, some information security professionals now see cloud security on par with, and possibly better than, on-premises environments. That viewpoint, however, is far from universal. Read More

  • 2018 INSIGHTS 2018 INSIGHTS

    November INSIGHTS

    How National Gypsum Is Leveraging Its Digital Transformation to Improve Data Security

    By Paul South

    Sometimes, it takes some nudging to get a company to embrace new technology, especially when that technology involves moving secured on-premises data into the cloud. For century-old National Gypsum, that push came in part due to expenses generated by lawsuits. Read More

    September INSIGHTS

    Is It Time for You to Fully Embrace Cloud Services?

    By Wesley Simpson

    In case you are one of the last holdouts on moving to the cloud, I applaud your risk tolerance for keeping your company safe and secure. But in reality, in order to stay competitive, there is no better time than now to fulfill a digital transformation, including fully embracing cloud services. Read More

    July INSIGHTS

    A False Sense of Security: 10 Controls That May Be Missing in Your Cloud Architecture

    By Shawna McAlearney

    Cloud services offer numerous cost benefits, business efficiencies and competitive advantages to organizations of all sizes. Despite advances, the cloud remains vulnerable to a host of security issues, most particularly data breaches and denial of service attacks. Fortunately, measures can be taken to set a foundation for a zero-trust implementation. Predrag “Pez” Zivic, CISSP, recently discussed 10 controls to architect strong security... Read More

    May INSIGHTS

    Leveraging the Cloud to ‘Transform’ Cybersecurity at the Toronto Stock Exchange

    By James Hayes

    Bobby Singh, CISO and Global Head of Infrastructure Services at TMX Group, the technology provider at the heart of the Toronto Stock Exchange, is responsible for corporate IT systems and services, as well as all aspects of security, governance, risk and compliance. His role includes delivery of secure and highly available technology services across the organization, and as a member of its executive leadership team, he defines TMX Group’s cybersecurity vision and strategy. Read More

    March INSIGHTS

    Again: Who’s Responsible for Vulnerability Management in the Cloud?

    By Shawna McAlearney

    The debate about who is responsible for security in the cloud, ongoing since the earliest days of cloud computing, has now been tested, thanks to Spectre and Meltdown. Users may not like the answers they are getting from their cloud providers.

    The new year ushered in not just one but two incredibly serious hardware vulnerabilities that posed both an immediate threat and long-term implications to cloud computing. These vulnerabilities, resident in many different vendors’ processors and operating systems, could be used to compromise most computer chips to read sensitive information stored in a computer’s memory, including account numbers and passwords. Read More

    January INSIGHTS

    Customers Have a Role in Reducing the Deluge of Cloud Breaches

    By Teri Radichel

    As the number of companies moving to the cloud increases, so do cloud breaches. In 2017, a variety of attacks on cloud systems occurred at major corporations and government agencies around the world. One of the most prevalent forms of cloud data leaks stemmed from improperly configured Amazon Web Services (AWS) S3 buckets. Organizations such as Verizon and Booz Allen Hamilton exposed credentials and sensitive data that existed in AWS storage buckets lacking proper configuration. These customers also failed to correctly encrypt the data. Read More

Ok