Despite the growing interest in cloud accounts by opportunistic and state-sponsored actors, too many organizations fail to implement basic security measures to protect their cloud apps, such as multi-factor authentication (MFA) for administrators and users. This is the concerning finding of a report recently released by Microsoft, according to which just 22% of Azure Active Directory customers implement strong authentication mechanisms such as MFA or passwordless authentication.

Often referred to as AuthN (authentication) and AuthZ (authorization) in the modern access control paradigm, both authentication and authorization are a method to control access to resources. These resources can be files, programs, web applications, mobile applications, operating systems, network devices, etc. Let’s explore three common scenarios on how authentication and authorization are involved. These are the few sample cases of authentication vs. authorization.

A data exfiltration attack involves the unauthorized transfer of sensitive data, such as personal data and intellectual property, out of a target system and into a separate location. These transfers could either occur internally, through insider threats, or externally, through remote Command and Control servers. Every cyberattack with a data theft objective could be classified as a data exfiltration attack.

The migration to cloud provides faster time to deployment and elasticity, but often at some cost and complexity to infrastructure control and visibility. A concrete example we can use is a deployment of web servers with rational security group configuration, in light of the recent Log4Shell vulnerability. While limitations are similar in all IaaS environments, consider the following AWS architecture with focus on the web servers running on EC2 instances.

Microsoft released a valuable new Azure feature in December of 2021: custom security attributes. This feature is still in preview. Custom security attributes enable organizations to define new attributes to meet their needs. These attributes can be used to store information or, more notably, implement access controls with Azure attribute-based access control (ABAC). Azure ABAC, which is also in preview, enables an organization to define access rules based on the value of an object’s attribute.

First-generation security solutions for cloud-native applications have been failing because they apply a legacy mindset where the focus is on vulnerability scanning instead of a holistic approach to threat detection, threat prevention, and remediation. Given that the attack surface of modern applications is much larger than in traditional apps, security teams are struggling to keep up and we’ve seen a spike in breaches.

Data exfiltration, quite simply, is the risk of your data ending up somewhere it doesn’t belong. Though this definition might seem simple, understanding this risk is quite complicated — especially as companies migrate their data into the cloud. Companies that work remotely using cloud platforms like Google Drive, AWS, or Jira often struggle to maintain the visibility needed to ensure their data remains secure.

In virtually every industry, as well as in life in general, there is information presented as fact that very often is not based on actual truth or science. Some myths need to be dispelled not just because they are erroneous, but because, in the case of cybersecurity, can pose serious threats to the security of an organization, its people and its data.

For the fifth consecutive year, CRN has honored several WatchGuard leaders in its annual Channel Chiefs list. This exclusive awards program shines a spotlight on the top IT channel vendor executives who continually demonstrate a high level of expertise, influence and innovation in the channel.

Brute force attacks are nothing new in cybersecurity. As far back as 2015 (eons ago, in technology terms) the global coffee chain Dunkin’ Donuts suffered a brute force attack that targeted nearly 20,000 of its customers. In this attack, cyber attackers used brute force to get unauthorized access to the accounts of more than 19,000 users and steal their money. Following the incident, Dunkin’ Donuts was slapped with a lawsuit, where it ended up paying more than $500,000 dollars in a settlement.