For those only just tuning into this conversation, the EU Commission negotiated and finalized the text of what is called the “General Data Protection Regulation” (GDPR) in December of 2015. This was officially approved as law in April 2016 and comes into effect on May 25, 2018. And, if you’re an organization that does business in the EU or even has customers from those geographies, this could significantly change the way you do business.

As we reach the end of our five-part series on “Secure Cloud Adoption in the Enterprise”, we thought it would be useful to summarize the discussion and also leave with you a few important things to consider when you make the decision to use the public cloud. Clichéd as it may sound, Security and Privacy are probably two of your most important security concerns in cloud computing as an IT executive.

The security space has evolved in complexity and scale, especially since 2020’s forced digital transformation hit virtually every industry. Day to day tasks for IT and security teams extend beyond the scope of people and their devices.

Security and privacy often get conflated even though they are quite different things. When it comes to digital assets, security is often associated with organizations, while privacy is associated with individuals. The truth though is that both are important elements in any digital strategy and can impact both individuals and organizations.

I thought it would be a good idea to revisit GDPR, just as a reminder to all of us to take stock and see how ready we are. For the uninitiated, the EU Commission, Parliament, and Commission negotiated and finalized the text of what is called the “General Data Protection Regulation” (GDPR) in December of 2015. This was officially approved as Law in April 2016 and goes into effect on May 25, 2018.

A product is only as secure as its weakest link. That is why many talented security engineers and researchers recommend embedding security as early in the software development life cycle (SDLC) as possible, even from the very first line of code. Or better yet, even before the very first line of code, during the threat modeling and architecture phase. Smart people have been saying this for a very long time. So, why does product security still remain difficult?

CrowdStrike’s mission is to stop breaches. We continuously research and develop technologies to outpace new and sophisticated threats and stop adversaries from pursuing attacks. We also recognize that security is best when it’s a team sport. In today’s threat landscape, technology collaboration is essential to deploy novel methods of analysis and defense.

The deadline for achieving complaince with the Digital Operational Resilience Act (DORA) will be here before you know it, with enforcement beginning in January 2025. With Third-Party Risk Management being the central focus of the EU regulation, it’s imperative to cater your TPRM program to the DORA regulation to achieve sustainable compliance. In this post, we outline the DORA requirements related to third-party risk management and explain how to comply with them.

The nature of cybersecurity risk has evolved dramatically over time, challenging traditional approaches to security. Historically, organizations have concentrated their efforts on fortifying assets they directly own, assuming that this strategy provides sufficient protection. Unfortunately, this narrow focus fails to acknowledge a fundamental truth: attackers operate without regard for ownership boundaries.

Zero-day vulnerabilities are the surprise no developer wants to get. Because these security flaws are unknown to developers, they have zero days to prepare or mitigate the vulnerability before an exploit can occur. 62% of vulnerabilities were first exploited as zero-day vulnerabilities, so they are far more prevalent than we think. Even Google Chrome can attest to that after discovering a series of zero-day vulnerabilities that left its billions of users at risk in 2023.