Governance, risk, and compliance (GRC) management presents some unique challenges for organizations that deploy a myriad of cloud resources, services, and accounts. Simple misconfigurations in any of these assets can lead to a serious data breach, and compliance issues become even more prevalent as organizations try to inventory and manage assets across multiple cloud platforms and security and auditing tools.

If you work in networking or security, you have probably gotten used to the acronym stew that makes up the technology industry at times. By now you have surely heard the latest buzzword and what industry analysts have coined as security service edge (SSE). SSE is essentially the consolidation of Firewall-as-a-Service (FWaaS), secure web gateway (SWG), cloud access security broker, and Zero Trust Network Access (ZTNA) delivered as a cloud service.

In January 2022, Microsoft announced that Excel 4.0 macros will be restricted by default, as a measure to protect customers against malware based on XLM 4.0 macros. As a more aggressive measure, on February 07, 2022, Microsoft announced that they will start blocking VBA macros for files downloaded from the internet.

Continuing with our security-first approach to Kubernetes data protection, in addition to Kubernetes Security Posture Reviews to scan your environment for vulnerabilities and misconfigurations, CloudCasa also added Cloud Security Posture Management for Amazon Web Services (AWS). Most attacks on cloud are the result of misconfigurations and mistakes, per industry analyst, Gartner. The research firm went on to forecast that through 2025, 99% of such attacks would be the customer’s fault.

Migrating to the cloud has allowed many organizations to reduce costs, innovate faster and deliver business results more effectively. However, as businesses expand their cloud investments, they must adapt their security strategies to stay one step ahead of threats that target their expanded environment. Managing, securing and having visibility across endpoints, networks and workloads is not an easy feat. It requires a unified defense-in-depth approach.

The “agents or no agents” debate is ancient and eternal. Every decade or so, we go through another round of “agents are terrible, let’s end them” and “we need more visibility and control to secure the system, maybe we’ll call it a ‘sensor’ this time.” We ultimately always land on the same conclusion. There are no silver bullets. Today, the debate is alive and well because cloud is the new frontier, so surely agents are dead this time?

S3 buckets without encryption can leave sensitive data exposed and at risk. As a best practice and to meet a number of industry and governmental regulations, it’s important to ensure that S3 server side bucket encryption has been properly applied at all times. To do this, many security teams rely on their Cloud Posture Security Management (CSPM) platform and/or AWS GuardDuty to monitor their AWS resources and provide alerts when an S3 bucket is found unencrypted.

Online privacy is no laughing matter, until it is. Now, we’re very serious about fundamental human digital rights and we work day and night to make sure our users' data is wrapped up safe and sound. But that said, sometimes you need to take a step back and relax. Yes, how corporations and governments track us online is horrifying. Of course, the erosion of personal privacy and individual freedoms is worrying. And yeah, the world and the internet are in rough shape right now.

I am excited to share that Lookout has been named a Visionary in the 2022 Gartner Magic Quadrant for Security Service Edge (SSE). We believe our strong position in the “Completeness of Vision” axis demonstrates the alignment of the Lookout Platform with the market direction. This achievement would not have been possible without the hard work and passion of the entire Lookout family who have embraced the opportunity to support our customers on their digital transformation journey.

As security operations leaders, we are burdened with a large responsibility. The expectation is that we can respond to alerts as soon as possible and be able to investigate immediately. It sounds simple, but in today’s cyber threat landscape we are faced with growing threat vectors and a sheer volume increase in overall alerts or notifications. Failure to respond quickly enough or investigate the right areas could result in huge impacts to the organizations we are responsible for.

During the pandemic, collaboration apps such as Microsoft Teams and Zoom have played an important role in connecting the distributed workforce and helping organizations to cope with the so-called “new normal.” Even if we are finally starting to see the light at the end of the tunnel (and this time it’s a real light), the world won’t be exactly the same as it was before.

As organizations deploy more and more cloud native workloads, the ability to protect them in a secure and cost-effective manner is becoming increasingly important. Data access is also more widely spread, making it even more critical to meet this protection need with a secure, logically air-gapped copy of that data.

It is rare nowadays to hear of a business strategy that doesn’t entail a cloud strategy. So it comes as no surprise that 85% of organizations are expected to embrace a cloud-first principle by 2025, as estimated by Gartner. But migrating all your organization’s data, applications, and business processes to a new environment can be daunting.

It is rare nowadays to hear of a business strategy that doesn’t entail a cloud strategy. So it comes as no surprise that 85% of organizations are expected to embrace a cloud-first principle by 2025, as estimated by Gartner. But migrating all your organization’s data, applications, and business processes to a new environment can be daunting.

Google adopted its cloud infrastructure, Google Cloud Platform (GCP), to be compliant with FedRAMP. GCP earned a FedRAMP High authorization to operate (ATO) for several cloud products in a handful of locations and has uplifted the current FedRAMP Moderate services to more products and locations. Government agencies can now work with the highest level of classified information using GCP.

Today we are very excited to share that Netskope has been named a Leader in the 2022 Gartner ® Magic Quadrant ™ for Security Service Edge (SSE). This Magic Quadrant for SSE* is the first such SSE analysis of its kind, and I invite you to read the full SSE report (available here) to learn how Netskope was recognized for its completeness of vision and ability to execute.

Today, I am excited to announce Snyk’s acquisition of Fugue and welcome their team to the Snyk family. The addition of Fugue to Snyk’s platform will allow us to continue our mission to help developers find and fix security issues in the applications they create, by providing visibility into the security of applications and the cloud services they use. But it’s about more than just visibility of the cloud posture.

Digital transformation has forever changed the way healthcare organizations deliver care. By pivoting to cloud based platforms, health systems can liberate data from silos and connect it in ways that enable them to gain insights, take action and collaborate across a patient’s care journey.

A recent survey conducted in 2021, states that approximately 64 percent of respondents listed data leakage or data loss as the most crucial cloud security concern. This makes selecting a cloud security solution an important decision that drives the scalability of the organization. As this may be a tricky business, we have brought to you a few considerations every CTO should take into account while selecting the cloud security solution.

For the past 20 years, I’ve served as CISO for companies across different sectors. In this role, I have shouldered responsibility for protecting each organization from a wide swath of rapidly developing cybersecurity threats. I have also learned firsthand how much stress security leaders face day-to-day. Recent conversations with my peers have shown stress in cybersecurity is an industry-wide problem. The CISO role is one of the most stressful in any organization.

Despite the growing interest in cloud accounts by opportunistic and state-sponsored actors, too many organizations fail to implement basic security measures to protect their cloud apps, such as multi-factor authentication (MFA) for administrators and users. This is the concerning finding of a report recently released by Microsoft, according to which just 22% of Azure Active Directory customers implement strong authentication mechanisms such as MFA or passwordless authentication.

Microsoft released a valuable new Azure feature in December of 2021: custom security attributes. This feature is still in preview. Custom security attributes enable organizations to define new attributes to meet their needs. These attributes can be used to store information or, more notably, implement access controls with Azure attribute-based access control (ABAC). Azure ABAC, which is also in preview, enables an organization to define access rules based on the value of an object’s attribute.

Protecting cloud workloads from zero-day vulnerabilities like Log4Shell is a challenge that every organization faces. When a vulnerability is published, organizations can try to identify impacted artifacts through software composition analysis, but even if they’re able to identify all impacted areas, the patching process can be cumbersome and time-consuming. As we saw with Log4Shell, this can become even more complicated when the vulnerability is nearly ubiquitous.

Enterprises continue to embrace cloud technology, some driven by the desire to offload rising hardware costs and operational overhead, others enticed by the promise of scalable, on-demand, practically infinite capacity and capability only a few clicks away.

In the latter part of December 2021, WhiteSource Diffend detected the new release of a package called @maui-mf/app-auth. This package used a vector of attack that was similar to the server side request forgery (SSRF) attack against Capital One in 2019, in which a server was tricked into executing commands on behalf of a remote user, thereby enabling the user to treat the server as a proxy for requests and gain access to non-public endpoints.

Just over three years ago, Joe DePalo joined Netskope as Senior Vice President of Platform Engineering. He had most recently led the infrastructure design and build-out at AWS, the world’s largest public cloud, and prior to that, engineering and operations for one of the largest content delivery networks (CDNs) at Limelight Networks.

State-sponsored threat actors continue to exploit legitimate cloud services. In their latest campaign, uncovered by Malwarebytes during January 2022, the North Korean group Lazarus (AKA HIDDEN COBRA) has been carrying out spear phishing attacks, delivering a malicious document masquerading as a job opportunity from Lockheed Martin (37% of malware is now delivered via Office documents).

The benefits of cloud computing are causing the adoption of cloud services by companies of all sizes to increase each year. The reduction of operating costs, time to market, ease of use, and reliability are some of the most significant benefits. However, the shared responsibility model must be taken into consideration. Cloud breaches are already everywhere and it doesn’t look like they’re going to slow down anytime soon.

Cloud computing is a highly convenient and cost-effective way of storing data, but it also comes with risks. Businesses often use this technology without understanding how vulnerable they are to security breaches. With the rise in cybercrimes, businesses need to be more vigilant about their data security than ever before. This article will discuss some of the most common cyber security risks associated with cloud computing and provide information on how they can be managed.

Netskope is a leading provider of cloud security with its security service edge, single-pass architecture. Using clients to steer traffic to the Internet through the Netskope Security Cloud means that customers can securely enable data moving into and out of the distributed corporate environment. But this traffic has to originate from an endpoint—and endpoints can be compromised. How do organizations know whether SaaS traffic originating from an endpoint is potentially compromised or at risk?

Predicting the future is tricky business. However, when you’re privileged enough to frequently speak with the technology leadership at Fortune 500 companies, looking forward is less about gazing into a crystal ball and more of an extrapolation of trends that you're seeing. I’m honored that Fast Mode published my article detailing what I think is in store for cloud computing in 2022.

Since organizations around the globe began investing more aggressively in their digital transformation by migrating and modernizing applications within the cloud, the value of audit logging has shifted. It has expanded from industries like finance and healthcare to nearly any company with a digital strategy.