When it comes to cloud security and compliance, it’s easy to feel like you’re drowning in a sea of regulations and requirements. But don’t worry; we’re all in the same boat! That’s why we’re thrilled to share our latest point-of-view (POV) paper, “Practical Cloud Security in the Era of Cybersecurity Regulation,” which is crafted with our deep industry expertise and experience.

Severless is excellent, right? Faster development and less infrastructure hassle – but those AWS Lambda costs can sneak up on you. Over 70% of AWS customers are using serverless now. Seems like everyone’s jumping on the serverless bandwagon – and for good reason. It speeds up development and cuts down on the nitty-gritty infrastructure stuff. All this is a developer’s dream in a lot of ways.

Every organization relies on technological systems to generate value. These systems work according to company policies that dictate their use. System management solutions allow IT leaders and their teams to enforce those policies in a consistent way across the organization.

The recent data loss incident involving UniSuper, a major financial player and Google Cloud serves as a reminder of the importance of implementing robust backup and disaster recovery solutions. Let’s delve into the details of the incident and explore why backups are essential for safeguarding against data disasters.

CVE-2021-30476 affects HashiCorp's Terraform Vault Provider and involves incorrect configuration of bound labels for GCP (Google Cloud Platform) authentication. This issue permits unauthorized users to potentially bypass authentication mechanisms. The vulnerability stems from the Vault provider not correctly configuring the bound labels within the GCP authentication method, which could lead to improper access control.

Law firms are in a precarious position when it comes to cyber risk. These organizations are tasked with storing large amounts of sensitive information — from corporate finances to client data to intellectual property (IP) — and, as such, are finding themselves in the crosshairs of threat actors.

According to Gartner, the global market for cloud infrastructure services increased by 30% in 2022, exceeding $100 billion for the first time. AWS and Azure account for almost two-thirds of this figure. While many organizations benefit from these platforms, the popularity of the cloud can also present significant security challenges.

Privilege escalation in AWS refers to the unauthorized elevation of user privileges within the AWS environment, allowing users to access resources and perform actions beyond their intended level of permissions. This security risk would arise in case the attackers utilize the vulnerabilities or misconfigurations in AWS services, IAM policies, or access controls to take up privileges above the current level.

The Rolling Stones wanted to protect their space; we, as security practitioners, need to protect ours. Data 'castles' in the cloud are out there, and they're constantly under siege. By drawing inspiration from a band that embodied personal freedom, we can draw some – okay, very stretched - parallels to modern cloud security. Nonetheless, they work. And we all knew this blog was coming. And if you read the blog backward you can hear the name of the latest malware family... Maybe.