Category Archives: cloud security

Why companies continue to struggle with cloud visibility – and code vulnerabilities

A new report from the Cloud Security Alliance (CSA) has thrown up more difficulties organisations are facing in security remediation – and achieving visibility from code to cloud. The report, produced in collaboration with security firm Dazz, polled just over 2,000 IT and security professionals to better understand current cloud environments and security tools. The… Read more »

The post Why companies continue to struggle with cloud visibility – and code vulnerabilities appeared first on Cloud Computing News.

Security still viewed as a barrier to progress – Dell

Security CCTV camera in office buildingA recent survey from Dell demonstrates security is still seen as a hindrance to innovation as companies aim to develop a more digitally orientated proposition for the market, reports

While a substantial 89% of the respondents highlighted their organization was in the middle of a digital transformation project, 76% agree security is brought into the equation too late in the development process, with 85% saying they actively avoid bringing security experts in due to the belief they will slow or even scupper the project.

“This survey produced some eye-opening results and reinforces what we’ve been hearing directly from our customers,” said John Milburn, GM of One Identity Products at Dell. “Organisations face challenges securing their digital transformations and recognise that their current security measures are exposing the business to risk.

Security has been one of the biggest talking points within the telecommunications and technology industry, generally due to a lack of understanding. Until recently, security challenges would appear to have been pushed to the side as there have not been any clear routes to success. It would seem companies are not willing to allow security concerns to stop progress, instead aiming to secure products retrospectively.

The survey demonstrates attitudes towards are still relatively negligent. While numerous CEO’s and board members have highlighted security would be considered at the top of the agenda, surveys such as this tell a different story, much to the disappointment of security professionals and vendors alike. One conclusion which could be drawn from the survey is security is still considered a barrier to success when driving towards innovation. In fact 37% of respondents agreed with the statement “it is likely that the security team will delay or block a new initiative presented to us today”, and 49% agreed with “our security team does have a reputation for blocking projects based on the past, but now we do a better job of enabling the business”.

“Our goal is to provide our customers with solutions that address these needs. When done right, security can enable organisations to aggressively adopt new technologies and practices that can have a direct, positive impact on revenue, profits, employee productivity and the customer experience. Done right, security also helps CISOs open their own ‘Department of Yes,’ empowering them to deliver the strategic projects and innovative initiatives that drive businesses forward.”

Security is, and will continue to be, a paramount facet of any organization, though the implications which can be drawn from this survey suggest there is still some way before organizations would consider themselves secure. One encourage factor from the survey is 91% of respondents agreed if the security team was given more resources they could do a better job. What is unclear is whether CEOs and other board members will follow up on the promise security will receive more investment.

Infoblox bolsters off-premise security capabilities

Security CCTV camera in office buildingInfoblox has released its DNS Firewall as a service, extending its services to roaming devices off-premise, which will be available towards the end of 2016.

The new service will offer protection to customers roaming outside the corporate perimeter, as well as within, by offering a single pane of glass for protection from malware and cyberattacks. The cloud-service works through providing actionable network intelligence to customers to strengthen their operational and security postures. It also delivers unified reporting and single-policy configuration, which Infoblox claims are capabilities not available through purely cloud-based DNS services.

“Enterprise networks do not have the luxury of being walled gardens any more, not with employees bringing their own devices and accessing data from everywhere,” said Scott Fulton, EVP of Products at Infoblox. “Infoblox DNS Firewall as a service helps our customers by providing the same industry leading protection for on- and off-premise devices, helping organisations to build enterprise networks that are more available, secure, and smart.”

The offerings capitalize on the threat intelligence technology which Infoblox acquired through buying IID in February 2016. IID was acquired for approximately $45 million as a means for Infoblox to increase its threat detection capabilities, as a means to differentiate Infoblox from other DDI vendors.

IID’s cloud-based platform for threat intelligence federation allows customers to share threat intelligence, which has been highlighted as another potential growth area for Infoblox, though this is a competitive marketplace already. Companies such as iSight already have a healthy presence in the threat intelligence market segment, though Infoblox does have a number of partnerships with these vendors, inherited through recent acquisitions, which the team does not expect to change moving forward.

IBM Security targets incident response marketplace with Resilient acquisition

security monitoring roomIBM Security has completed the acquisition of Resilient, as part of the company’s expansion in the incident response marketplace. Financial terms of the agreement have not been released.

The company had announced its plans to acquire Resilient in February, alongside the launch of its X-Force Incident Response Services. Resilient’s incident response system allows customers to automate and orchestrate the many processes needed when dealing with cyber incidents. The new services include a remote incident response capability to help clients map how a breach occurred and take action to shut it down.

“The combination of Resilient’s people – top thought leaders in the incident response marketplace – and their technology is a differentiating addition to our security business,” said Marc van Zadelhoff, General Manager at IBM Security. “Our investments in threat detection and prevention have helped us move into a leadership position in the security market. With Resilient, we’re expanding the capabilities we bring to customers, helping them manage the complexities in resolving security incidents, including the coordination of teams, best practices, and reporting.”

The company have claimed by combining Resilient Systems’ Incident Response Platform with IBM’s QRadar Security Intelligence Incident Forensics, BigFix, X-Force Exchange and other Incident Response Services, it will be able to offer increased speed in dealing with threats.

IBM has been quietly building its security business over recent years through various acquisitions and company hires. In the last three years, the company has bought a number of security specific vendors including CrossIdeas, Lighthouse Security Group and Trusteer, the latter was rumoured to be around the $1 billion mark. The company now claims to be the largest cloud and cyber security vendor in the market, exceeding $2 billion in revenue and hiring more than 1000 security professionals in 2015, as well as holding than 3,000 security patents.

“The Resilient team is delighted to be joining IBM Security,” said John Bruce, Resilient’s CEO, “Together, we will be a powerful force helping organizations to manage the evolving security challenges that they face. With the scale of IBM research, development and investment behind us, we’re excited about the possibilities for innovation and to engage with new clients around the world.”

Employees are biggest security inhibitor – survey

Cybersecurity2A survey from Citrix and Censuswide has revealed employee negligence and indifference to IT policy is one of the most significant inhibitors to cloud security.

Polling around 2000 IT workers, the results showed respondents have a much more stringent approach to security at home than in work, while older younger employees are more likely to ignore company protocols when using devices and platforms.

“This research demonstrates that despite many individuals being well aware of basic precautions for handling their own personal data, too many are not so conscientious at work,” said Chris Mayers, Chief Security Architect at Citrix. “Employers have a responsibility to provide the tools and safeguards: employees need to use them.  Protecting a company’s digital assets is a two way street.”

The survey highlighted specifically that while 45% of workers are likely to use passwords to secure documents at home, this number drops to 35% at work. In terms of shredding and disposing of important documents, 68% would do this at home, whereas only 40% would do it in the work environment.

Despite security being consistently highlighted as a top concern for decision makers and the board, industry insiders have told BCN the company culture, as opposed to the technical challenges, should be more of a priority. The importance of security is underplayed by employees as they do not appreciate the threat of downloading unauthorized software or using public cloud platforms that are not approved by the IT department.

Our sources highlighted that board members in enterprise are focusing their attention on technology to address security challenges, when very little will change if the culture towards security is not altered, and education programmes are not launched.

The survey results also highlighted there is a much more relaxed approach to security from younger generations. Respondents aged over 55 are more likely to only use work devices with trusted company security software, 59%, compared to 47% of those aged between 25 and 34.

IT security still a barrier to public cloud and employee mobility – Dell survey

Dell office logoDell has released the findings from its Data Security Survey which revealed IT decision makers are still not confident enough to encourage mobility or use of public cloud platforms.

Although the pattern over the last few years has been to broaden employee boundaries, increasing flexibility within the working environment, the survey demonstrated that a substantial number of businesses are resisting mobility due to security concerns.

The majority of businesses would claim cyber and cloud security sits at the top of the priority list, and whilst this might be the case, Dell’s survey has highlighted a number of deficiencies across the board.

Over the last 12 months the tech world has been lit up by numerous data breaches, hacks and leaks on both sides of the Atlantic. From TalkTalk to Ashley Madison to Kaspersky Labs, security has once more been highlighted as a major deficiency in the IT world.

Following a number of PR disasters for large scale enterprise throughout the world, 75% of decision makers agree that C-Suite recognises the importance of data security, though only 25% believe that the C-Suite is adequately educated about the issues to make informed decisions. The survey also highlighted that only 25% feel that their leadership has the ability to set suitable budget to tackle the challenges of data security over the next five years.

65% of mid-market companies are freezing plans to increase mobility within their workforce, with 67% resisting BYOD programmes, due to security concerns. The benefits of a mobility strategy, both from an employee satisfaction and productivity perspective, are well documented, though these statistics demonstrate security fears drastically outweigh the benefits. In fact, 82% of decision makers have made attempts to reduce mobility for employees, by decreasing data access points.

On the contrary, only 40% of respondents highlighted that they were actively interested in pursuing opportunities to increase employee mobility.

In terms of public cloud platforms, there does not appear to be a high level of confidence in offerings such as Google Drive. Almost 80% of decision makers said that they would not be confident in uploading critical data to the cloud, 58% highlighted that they believed the threat to be greater than 12 months ago, and 38% restricted access to public cloud sites within their organization.

Another area addressed by the survey is that of Shadow IT. Almost every business will have a strict IT policy in place, though there will still be a proportion of the workforce deems this to prohibit their working day. Despite the concerns of public cloud platforms, 83% of respondents acknowledge that their employees are using such platforms to store or share valuable data.

As these statistics demonstrate, most organizations have not identified the crossroads between security, assumed business risk and productivity, to most effectively enable the workforce.

“Security programs must enable employees to be both secure and productive, and this means enabling technology that helps them do their jobs,” said Brett Hansen, Executive Director, Data Security Solutions for Dell. “Companies can try to limit or prohibit public cloud use, but it’s more effective to use intelligent data encryption to protect corporate data wherever it may go, and reduce the risk of employees working around restrictive policies in order to be productive.”

While the survey demonstrates growth within the cyber and cloud security world, it also highlights a number of restrictions. On the positive side, security is now a priority throughout the business, as opposed to simply in the IT team. It also emphasises a slight overreaction from decision makers who have taken the move of reducing mobility and access to public cloud offerings; two areas which could increase an organization’s competitiveness in an already challenging market.

CSA survey finds trust in the cloud increasing

Secure cloudSuspicion of the cloud has lifted so much that trust in cloud services is on par with on-premises applications, according to a survey by the Cloud Security Alliance.

Around 200 IT executives were quizzed about the state of cloud adoption, the evolving role of IT, and how enterprises approach cloud security. The results suggest that while trust in the cloud may be on the rise companies are trying to replicate the same security controls they did for their on-premises systems.

Cloud professionals are now caught between dual responsibilities, says the study: they are obliged to enable the business while at the same time they must tighten security. Only 35% of IT leaders believe that cloud-based systems of record are less secure than their on-premises counterparts. The other 65% say that the cloud is either more secure than on-premises software or equally secure. However, even when enterprise-ready cloud services are more secure than their own data centres, the users present more danger, which is why the ability to enforce corporate security policies is the number one barrier to moving applications to the cloud, said 68% of IT leaders. Another blockage was the need to comply with regulatory requirements (61%) and lack of budget to replace legacy systems (32%).

The top barrier to securing data is a lack of skilled security professionals as businesses are hiring IT security professionals faster than the market can train and develop experienced security professionals. In August, it was reported that JP Morgan expected to spend $500 million on cyber security in 2015, double its 2014 budget of $250 million. Rapid hiring is leading to a shortage of people to fill open positions. A 2015 report from labour analytics firm Burning Glass shows that cyber security job postings grew 91% from 2010 to 2014, more than three times the rate of growth in all IT jobs.

The most important new job is a chief IT security officer (CISO) the report found. Just 19% of companies without a CISO have a complete incident response plan while 54% of companies with a CISO have a complete incident response plan and those with a CISO are also more likely to have cyber insurance to protect against the cost of a data breach.

Kii and KDDI say their joint platform will make IoT safe on cloud

Secure cloudJapanese telco KDDI is working with Internet of Things (IoT) cloud platform provider Kii to create a risk averse system in which enterprises can develop mobile apps.

The KDDI cloud platform service (KCPS) is described as a mobile back end as a service (mBaaS) offering that uses Kii’s software to create mobile and IoT apps on a private network. The two companies have worked together on ways to apply cloud disciplines for efficient sharing of resources, contained within the confines on an Intranet environment. The object of the collaboration is to allow companies to develop machine to machine systems, without exposing them to the public cloud while they are in development.

According to KDDI, the KCPS uses the telco’s Wide Area Virtual Switch to integrate a number of different virtual network layers with Kii’s software. Together they create a new level of fast connections across the Intranet. KCPS also provides a service environment for intranet-conscious customers who need high standards of security and enterprise functions without resorting to the public Internet, according to the vendor.

KDDI claims this is the first instance in which both Intranet and Internet services can work seamlessly with any mobile application developed on the KCPS platform.

KDDI’s application development support will allow developers to build better quality, lower priced applications in a short period of time, it claims. The platform is designed to help developers manage application development, devices and data, while providing essential features like push notifications and geo-location information. KCPS should be compatible with mobile apps on Android and iOS, according to KDDI.

“As the IoT gains mass acceptance, we see tremendous value helping mobile app developers get more IoT devices into the hands of consumers,” said Kii CEO Masanari Arai, “our collaboration will use the cloud to build the backend support of these apps in Japan.”

Gemalto’s cloud-based encryption now available in Microsoft Azure marketplace

Mobile securitySecurity vendor Gemalto is to sell its SafeNet ProtectV encryption system on the Azure Marketplace. This means Microsoft’s Azure users will find it easier to encrypt and protect data and applications in the cloud and meet compliance regulations, it claims.

Gemalto says SafeNet ProtectV simplifies the protection of data. It encrypts each virtual machine created in the cloud in its entirety and extends this protection to attached storage volumes. By automating this process it saves users from the aggregated admin burden of configuring each virtual machine individually. Though the process is automated, SafeNet ProtectV allows customers to separate security administration duties. This means security enforcers can exert ‘granular’ levels of control and establish clear accountability with audit trails and detailed compliance reporting, it claims.

Maryland-based SafeNet was bought by Gemalto in August 2014 for US$890 million. SafeNet technology protects 80 per cent of the world’s intra-bank fund transfers and it employs 550 cryptographic engineers. Gemalto specialises in the protection of data, digital identities, payments, and transactions, at all points from the point of sale to the data centre.

The cloud infrastructure services market is on target to be a $42.7 billion industry in the next four years, said Gemalto’s encryption product VP Todd Moore. But, he said, that momentum will only be maintained if cloud services like Azure can meet the top levels of security and compliance.

“Easy implements of strong data protection and security in the cloud are a major consideration when moving sensitive workloads,” said Moore. Gemalto’s strategy is to make robust encryption frameworks simple so companies can move to the cloud with confidence – and ProtectV provides the audit controls, according to Moore.

Adding companies with cloud-based data encryption, like Gemalto, will convince more companies that it’s safe to use the cloud, according to Nicole Herskowitz, Senior Director of Product Marketing at Microsoft Azure. “Azure Marketplace provides customers with choice, flexibility and access,” said Herskowitz.

Okta raises $75m in funding as cloud identity management leader is valued as $1.2 bn

identity access managementCloud security vendor Okta has raised $75 million from existing shareholders, taking its market valuation at $1.2 billion.

A specialist in identity and mobility management, Okta raised the finance from lead investors Andreessen Horowitz, Greylock Partners and Sequoia Capital. New investment has been attracted from Khosla Ventures, Altimeter, Glynn Capital and others.

Since its founding in 2009, Okta has now raised a total of $230 million.

Okta has added to its management team with Michelle Wilson, former general counsel at Amazon, joining as the first independent director on its board. In addition, Okta has appointed Michael Guerchon, ex-Riversoft HR man, as its Chief People Officer and Jon Runyan as its General Counsel. Runyan, formerly a partner in Goodwin Proctor’s technology companies practice, will oversee the company’s legal affairs worldwide.

In September Okta announced a ‘substantial investment’ in private cloud infrastructure rented from Amazon Web Services in Germany. An additional disaster recovery facility has been established in Eire. The use of the AWS facilities was a move to manage all European data in a single facility within Europe.

“We’re at an important inflection point where IT leaders, product developers and industry analysts see the critical role identity plays in connecting people, apps, devices and organizations,” said Todd McKinnon, Okta CEO, “Okta pioneered cloud-based identity management, which set us up to become the foundation for secure connections.”

Okta stakeholder Ben Horowitz, co-founder of investment partner Andreessen Horowitz, described Okta as the ‘runaway market leader in identity management’.

“This new round of funding will expand their scope and bring that solution to the world,” said Horowitz.

Since its start-up in 2009, Okta has won 2,500 customers globally catering to demand for cloud security with its identity management service.

Meanwhile, Cybersecurity vendor Webroot announced new channel to market for its cloud based services, in a partnership with New Zealand-based distributor exceed. The agreement gives retailers, IT resellers and managed service providers access to Webroot’s cloud-based big data analytics, automated machine learning and intelligent endpoint security.

Distributors, resellers and service providers are revising their business model to focus on cloud services, giving security vendors the scope for rapid expansion, according to Justin Tye, Exeed’s managing director. “We selected Webroot for its flexible, fast, and effective solutions, as well as its business model that clearly supports a multifaceted sales strategy,” said Tye.