Category Archives: cloud security

Security gaps found in encrypted cloud storage services

Researchers from ETH Zurich have uncovered significant security vulnerabilities in several widely used end-to-end encrypted (E2EE) cloud storage services. The cryptographic flaws could allow attackers to bypass encryption, compromise file confidentiality, tamper with data, or even inject unauthorised files into users’ storage. The study analysed five E2EE cloud storage providers—Sync, pCloud, Seafile, Icedrive, and Tresorit—which… Read more »

The post Security gaps found in encrypted cloud storage services appeared first on Cloud Computing News.

How Cloudflare is democratising cybersecurity

There are estimates that global internet traffic could reach 175 zettabytes by 2025. Securing this vast digital ecosystem is complex. Amid the mass of data, Cloudflare has emerged as a significant player in shaping internet infrastructure and cybersecurity practices. In a recent interview with Cloud Computing News, Alissa Starzak, Cloudflare’s Deputy Chief Legal Officer and Global Head… Read more »

The post How Cloudflare is democratising cybersecurity appeared first on Cloud Computing News.

European organisations demand fair EU cybersecurity practices for big tech

The cloud computing sector in Europe is under considerable regulatory review at the moment, particularly around the proposed cybersecurity certification scheme (EUCS) for cloud services, which is a major topic of industry conversations. Reuters has reported that this initiative has triggered discussions among stakeholders about how it might affect leading cloud service providers, as well… Read more »

The post European organisations demand fair EU cybersecurity practices for big tech appeared first on Cloud Computing News.

Why companies continue to struggle with cloud visibility – and code vulnerabilities

A new report from the Cloud Security Alliance (CSA) has thrown up more difficulties organisations are facing in security remediation – and achieving visibility from code to cloud. The report, produced in collaboration with security firm Dazz, polled just over 2,000 IT and security professionals to better understand current cloud environments and security tools. The… Read more »

The post Why companies continue to struggle with cloud visibility – and code vulnerabilities appeared first on Cloud Computing News.

Security still viewed as a barrier to progress – Dell

Security CCTV camera in office buildingA recent survey from Dell demonstrates security is still seen as a hindrance to innovation as companies aim to develop a more digitally orientated proposition for the market, reports Telecoms.com.

While a substantial 89% of the respondents highlighted their organization was in the middle of a digital transformation project, 76% agree security is brought into the equation too late in the development process, with 85% saying they actively avoid bringing security experts in due to the belief they will slow or even scupper the project.

“This survey produced some eye-opening results and reinforces what we’ve been hearing directly from our customers,” said John Milburn, GM of One Identity Products at Dell. “Organisations face challenges securing their digital transformations and recognise that their current security measures are exposing the business to risk.

Security has been one of the biggest talking points within the telecommunications and technology industry, generally due to a lack of understanding. Until recently, security challenges would appear to have been pushed to the side as there have not been any clear routes to success. It would seem companies are not willing to allow security concerns to stop progress, instead aiming to secure products retrospectively.

The survey demonstrates attitudes towards are still relatively negligent. While numerous CEO’s and board members have highlighted security would be considered at the top of the agenda, surveys such as this tell a different story, much to the disappointment of security professionals and vendors alike. One conclusion which could be drawn from the survey is security is still considered a barrier to success when driving towards innovation. In fact 37% of respondents agreed with the statement “it is likely that the security team will delay or block a new initiative presented to us today”, and 49% agreed with “our security team does have a reputation for blocking projects based on the past, but now we do a better job of enabling the business”.

“Our goal is to provide our customers with solutions that address these needs. When done right, security can enable organisations to aggressively adopt new technologies and practices that can have a direct, positive impact on revenue, profits, employee productivity and the customer experience. Done right, security also helps CISOs open their own ‘Department of Yes,’ empowering them to deliver the strategic projects and innovative initiatives that drive businesses forward.”

Security is, and will continue to be, a paramount facet of any organization, though the implications which can be drawn from this survey suggest there is still some way before organizations would consider themselves secure. One encourage factor from the survey is 91% of respondents agreed if the security team was given more resources they could do a better job. What is unclear is whether CEOs and other board members will follow up on the promise security will receive more investment.

Infoblox bolsters off-premise security capabilities

Security CCTV camera in office buildingInfoblox has released its DNS Firewall as a service, extending its services to roaming devices off-premise, which will be available towards the end of 2016.

The new service will offer protection to customers roaming outside the corporate perimeter, as well as within, by offering a single pane of glass for protection from malware and cyberattacks. The cloud-service works through providing actionable network intelligence to customers to strengthen their operational and security postures. It also delivers unified reporting and single-policy configuration, which Infoblox claims are capabilities not available through purely cloud-based DNS services.

“Enterprise networks do not have the luxury of being walled gardens any more, not with employees bringing their own devices and accessing data from everywhere,” said Scott Fulton, EVP of Products at Infoblox. “Infoblox DNS Firewall as a service helps our customers by providing the same industry leading protection for on- and off-premise devices, helping organisations to build enterprise networks that are more available, secure, and smart.”

The offerings capitalize on the threat intelligence technology which Infoblox acquired through buying IID in February 2016. IID was acquired for approximately $45 million as a means for Infoblox to increase its threat detection capabilities, as a means to differentiate Infoblox from other DDI vendors.

IID’s cloud-based platform for threat intelligence federation allows customers to share threat intelligence, which has been highlighted as another potential growth area for Infoblox, though this is a competitive marketplace already. Companies such as iSight already have a healthy presence in the threat intelligence market segment, though Infoblox does have a number of partnerships with these vendors, inherited through recent acquisitions, which the team does not expect to change moving forward.

IBM Security targets incident response marketplace with Resilient acquisition

security monitoring roomIBM Security has completed the acquisition of Resilient, as part of the company’s expansion in the incident response marketplace. Financial terms of the agreement have not been released.

The company had announced its plans to acquire Resilient in February, alongside the launch of its X-Force Incident Response Services. Resilient’s incident response system allows customers to automate and orchestrate the many processes needed when dealing with cyber incidents. The new services include a remote incident response capability to help clients map how a breach occurred and take action to shut it down.

“The combination of Resilient’s people – top thought leaders in the incident response marketplace – and their technology is a differentiating addition to our security business,” said Marc van Zadelhoff, General Manager at IBM Security. “Our investments in threat detection and prevention have helped us move into a leadership position in the security market. With Resilient, we’re expanding the capabilities we bring to customers, helping them manage the complexities in resolving security incidents, including the coordination of teams, best practices, and reporting.”

The company have claimed by combining Resilient Systems’ Incident Response Platform with IBM’s QRadar Security Intelligence Incident Forensics, BigFix, X-Force Exchange and other Incident Response Services, it will be able to offer increased speed in dealing with threats.

IBM has been quietly building its security business over recent years through various acquisitions and company hires. In the last three years, the company has bought a number of security specific vendors including CrossIdeas, Lighthouse Security Group and Trusteer, the latter was rumoured to be around the $1 billion mark. The company now claims to be the largest cloud and cyber security vendor in the market, exceeding $2 billion in revenue and hiring more than 1000 security professionals in 2015, as well as holding than 3,000 security patents.

“The Resilient team is delighted to be joining IBM Security,” said John Bruce, Resilient’s CEO, “Together, we will be a powerful force helping organizations to manage the evolving security challenges that they face. With the scale of IBM research, development and investment behind us, we’re excited about the possibilities for innovation and to engage with new clients around the world.”

Employees are biggest security inhibitor – survey

Cybersecurity2A survey from Citrix and Censuswide has revealed employee negligence and indifference to IT policy is one of the most significant inhibitors to cloud security.

Polling around 2000 IT workers, the results showed respondents have a much more stringent approach to security at home than in work, while older younger employees are more likely to ignore company protocols when using devices and platforms.

“This research demonstrates that despite many individuals being well aware of basic precautions for handling their own personal data, too many are not so conscientious at work,” said Chris Mayers, Chief Security Architect at Citrix. “Employers have a responsibility to provide the tools and safeguards: employees need to use them.  Protecting a company’s digital assets is a two way street.”

The survey highlighted specifically that while 45% of workers are likely to use passwords to secure documents at home, this number drops to 35% at work. In terms of shredding and disposing of important documents, 68% would do this at home, whereas only 40% would do it in the work environment.

Despite security being consistently highlighted as a top concern for decision makers and the board, industry insiders have told BCN the company culture, as opposed to the technical challenges, should be more of a priority. The importance of security is underplayed by employees as they do not appreciate the threat of downloading unauthorized software or using public cloud platforms that are not approved by the IT department.

Our sources highlighted that board members in enterprise are focusing their attention on technology to address security challenges, when very little will change if the culture towards security is not altered, and education programmes are not launched.

The survey results also highlighted there is a much more relaxed approach to security from younger generations. Respondents aged over 55 are more likely to only use work devices with trusted company security software, 59%, compared to 47% of those aged between 25 and 34.

IT security still a barrier to public cloud and employee mobility – Dell survey

Dell office logoDell has released the findings from its Data Security Survey which revealed IT decision makers are still not confident enough to encourage mobility or use of public cloud platforms.

Although the pattern over the last few years has been to broaden employee boundaries, increasing flexibility within the working environment, the survey demonstrated that a substantial number of businesses are resisting mobility due to security concerns.

The majority of businesses would claim cyber and cloud security sits at the top of the priority list, and whilst this might be the case, Dell’s survey has highlighted a number of deficiencies across the board.

Over the last 12 months the tech world has been lit up by numerous data breaches, hacks and leaks on both sides of the Atlantic. From TalkTalk to Ashley Madison to Kaspersky Labs, security has once more been highlighted as a major deficiency in the IT world.

Following a number of PR disasters for large scale enterprise throughout the world, 75% of decision makers agree that C-Suite recognises the importance of data security, though only 25% believe that the C-Suite is adequately educated about the issues to make informed decisions. The survey also highlighted that only 25% feel that their leadership has the ability to set suitable budget to tackle the challenges of data security over the next five years.

65% of mid-market companies are freezing plans to increase mobility within their workforce, with 67% resisting BYOD programmes, due to security concerns. The benefits of a mobility strategy, both from an employee satisfaction and productivity perspective, are well documented, though these statistics demonstrate security fears drastically outweigh the benefits. In fact, 82% of decision makers have made attempts to reduce mobility for employees, by decreasing data access points.

On the contrary, only 40% of respondents highlighted that they were actively interested in pursuing opportunities to increase employee mobility.

In terms of public cloud platforms, there does not appear to be a high level of confidence in offerings such as Google Drive. Almost 80% of decision makers said that they would not be confident in uploading critical data to the cloud, 58% highlighted that they believed the threat to be greater than 12 months ago, and 38% restricted access to public cloud sites within their organization.

Another area addressed by the survey is that of Shadow IT. Almost every business will have a strict IT policy in place, though there will still be a proportion of the workforce deems this to prohibit their working day. Despite the concerns of public cloud platforms, 83% of respondents acknowledge that their employees are using such platforms to store or share valuable data.

As these statistics demonstrate, most organizations have not identified the crossroads between security, assumed business risk and productivity, to most effectively enable the workforce.

“Security programs must enable employees to be both secure and productive, and this means enabling technology that helps them do their jobs,” said Brett Hansen, Executive Director, Data Security Solutions for Dell. “Companies can try to limit or prohibit public cloud use, but it’s more effective to use intelligent data encryption to protect corporate data wherever it may go, and reduce the risk of employees working around restrictive policies in order to be productive.”

While the survey demonstrates growth within the cyber and cloud security world, it also highlights a number of restrictions. On the positive side, security is now a priority throughout the business, as opposed to simply in the IT team. It also emphasises a slight overreaction from decision makers who have taken the move of reducing mobility and access to public cloud offerings; two areas which could increase an organization’s competitiveness in an already challenging market.

CSA survey finds trust in the cloud increasing

Secure cloudSuspicion of the cloud has lifted so much that trust in cloud services is on par with on-premises applications, according to a survey by the Cloud Security Alliance.

Around 200 IT executives were quizzed about the state of cloud adoption, the evolving role of IT, and how enterprises approach cloud security. The results suggest that while trust in the cloud may be on the rise companies are trying to replicate the same security controls they did for their on-premises systems.

Cloud professionals are now caught between dual responsibilities, says the study: they are obliged to enable the business while at the same time they must tighten security. Only 35% of IT leaders believe that cloud-based systems of record are less secure than their on-premises counterparts. The other 65% say that the cloud is either more secure than on-premises software or equally secure. However, even when enterprise-ready cloud services are more secure than their own data centres, the users present more danger, which is why the ability to enforce corporate security policies is the number one barrier to moving applications to the cloud, said 68% of IT leaders. Another blockage was the need to comply with regulatory requirements (61%) and lack of budget to replace legacy systems (32%).

The top barrier to securing data is a lack of skilled security professionals as businesses are hiring IT security professionals faster than the market can train and develop experienced security professionals. In August, it was reported that JP Morgan expected to spend $500 million on cyber security in 2015, double its 2014 budget of $250 million. Rapid hiring is leading to a shortage of people to fill open positions. A 2015 report from labour analytics firm Burning Glass shows that cyber security job postings grew 91% from 2010 to 2014, more than three times the rate of growth in all IT jobs.

The most important new job is a chief IT security officer (CISO) the report found. Just 19% of companies without a CISO have a complete incident response plan while 54% of companies with a CISO have a complete incident response plan and those with a CISO are also more likely to have cyber insurance to protect against the cost of a data breach.