The US Department of Homeland Security has issued an alert today about “ongoing” cyber-attacks against managed service providers –a term used to describe online cloud-based services.
The DHS believes the attacks are being carried out by advanced persistent threats (APTs), a generic term used by the cyber-security industry to describe cyber-espionage and hacking units under the control and operating under the supervision of foreign governments. According to security experts, the attacks are most likely linked to APT10, a Chinese cyber-espionage group, also known as Red Apollo, Stone Panda, POTASSIUM, or MenuPass.
Read more about the US DHS alert regarding APT attacks on ZDNet.
Organizations that take a pragmatic approach to securing the use of user- and business-unit-led-cloud services realize appreciable business benefits compared with organizations that take more draconian, coarse-grained approaches. According to a report conducted by the Enterprise Strategy Group, only 21% of organizations have adopted this kind of pragmatic approach.
Organizations are at different stages of their journey with respect to the maturity of their approach to cloud security, both in terms of their strategic approach to the cloud as well as tactical measures.
Read more about the findings of the new report by the Enterprise Strategy Group on Help Net Security.
Robert Corradini, Director of Product Management at 5nine, often hears system administrators tell him that their organization’s cloud-first strategy is jeopardizing security. With each new software-, infrastructure, and platform-as-a-service adopted by line-of-business users or within enterprise IT, security seems to be an afterthought.
The challenge with most cloud-first strategies is that they incorporate both hybrid cloud (private and public) and multicloud (heterogeneous cloud infrastructures from multiple vendors) environments; in almost all cases, these infrastructures lack consistency in management interfaces, access controls, and third-party tool support. So, not only do cloud-first strategies increase your organization’s attack surface, they can be difficult to manage and secure.
Read Robert Corradini’s list of best practices that organizations can implement to ensure their cloud-first strategy is optimized for security on DarkReading.
Creating a thorough and effective security program is difficult enough when your data is stored on-premises. But most organizations and agencies straddle hybridized on-prem and cloud environments—or they’re cloud-native entirely. This complicates the role of cybersecurity teams who now need tools that can traverse multiple environments without missing a beat.
According to RightScale’s 2018 State of the Cloud report, public cloud adoption is up to 92 percent from 89 percent last year. Your cloud systems need proactive and ongoing support for integrity monitoring, configuration management, vulnerability management and more.
Read about a few ways cloud security poses its own particular challenges, as well as two strategies for overcoming those, on Tripwire.
The second annual Ixia 2018 Security Report analyzes how enterprise network attack surfaces are increasing as the perimeter of the traditional network expands into the cloud. Data shows that over 90% of enterprises are concerned about data and application security in public clouds, while nearly 60% of respondents reported that public cloud environments make it more difficult to obtain visibility into data traffic.
87% of enterprises suffered downtime of an hour or more during their last network outage, which according to Gartner, can cost a company as much as $5,600 per minute, as well as impact customer satisfaction. Also, 88% had experienced a business related issue from a lack of visibility into public cloud traffic.
A new survey of executives shows that the vast majority are deploying hybrid cloud architectures for their organization. When queried about the state of their IT security, the breakdown is interesting: Half say it’s healthy, one-quarter have some level of concern, and one-quarter seem to be at best overconfident, at worst delusional.
The survey, sponsored by Cavirin Systems, asked executives about how they were building their application architectures for the business. Roughly 80% say that they are building hybrid clouds, with half of those saying that Microsoft Azure is part of their infrastructure.
Read more about the new Cavirin Systems survey on DarkReading.
Though virtually all organizations are moving some assets to the cloud, a lack of cybersecurity talent is slowing migration for 40% of IT professionals, according to a new report from McAfee. Of the 1,400 IT professionals surveyed worldwide, 97% said their organization is using some type of cloud service—up from 93% last year. However, those with a cloud-first strategy dropped from 82% in 2017 to 65% in 2018, the report found.
The cybersecurity skills shortage has actually improved over last year, when 49% of IT leaders said that they were slowing cloud migrations, the report found. Interestingly, those with a cloud-first strategy were almost twice as likely to have slowed adoption than those without such a strategy. Private-only cloud operators were more likely to report experiencing skills shortages, and more likely to have slowed their adoption, which helps to explain the continued shift to hybrid cloud.
Read more about the findings of the new report from McAfee on TechRepublic.
Cloud adoption has ramped up over the past five years, according to a new Cloud Threat Report released by Oracle and KPMG this week. The percentage of businesses using public cloud services went from 57% in 2013 to 85% in 2018. In 2013, only 21% of organizations said they used infrastructure-as-a-service (IaaS). This year, that number hit 51% – a 143% increase.
This major shift is creating a new wave of cybersecurity challenges, says Akshay Bhargava, vice president of Oracle’s cloud business group. Enterprise cloud users are realizing the complexity of threats to data in the cloud as new devices and identities access cloud environments. If you’re thinking with a cloud-first mindset, you should make sure all the right boxes are checked before you make the leap.
Read which 7 important steps you should keep in mind while moving to the cloud on DarkReading.
Enterprise companies are adopting SaaS at a rapid pace but are failing to budget for security solutions to protect the data they hold, research suggests. This week, cloud security firm iboss released a white paper documenting the rising adoption rates of software as a service (SaaS) applications, which while often valuable for companies, may also pose a risk when cybersecurity is an afterthought.
The report, titled “Head in the Cloud: Misconceptions Hindering Enterprise Cloud Adoption,” claims that 64 percent of US enterprise players believe the pace of SaaS application adoption is “outpacing their cybersecurity capabilities.” In total, 61 percent of enterprise IT staff cite data privacy as a primary concern for the growing adoption of SaaS. With data breaches now so commonplace, the idea of sensitive, corporate information being leaked from non-secure cloud environments causes IT staff to break out in a cold sweat.
Read more about the findings of the report by iboss on ZDNet.
The IT network is changing, and it has been for over a decade now. All of the IT infrastructures that used to be dominated by Microsoft® Windows® has since grown into heterogeneous environments including macOS® and Linux® systems. These two platforms have entered the workforce in droves, and they are creating headaches for IT admins at the same time. The main challenge that IT admins are encountering with these solutions is figuring out how to effectively implement macOS management into a modern IT network. Fortunately, a next-generation cloud Mac® management solution is emerging to help solve these problems.
Read about the next-generation Apple’s Mac cloud Management systems on Security Boulevard.