The CrowdStrike eBook, “Protectors of the Cloud: Combating the Rise in Threats to Cloud Environments,” reveals how adversaries target and infiltrate cloud environments and recommends best practices for defense. As organizations move critical applications and data to the cloud, these resources have come under increasing attack.
AWS offers a large spectrum of services and compute. The “shared responsibility” model in cloud presents a simplified structure of organization responsibilities and cloud provider responsibilities. Generally, identity and access management (IAM), applications, and data form the dividing line, but lines blur depending on the given cloud service the organization is consuming. This is true of all cloud providers, including the AWS Shared Responsibility Model.
In the present age, when data has become a significant aspect of every business application, more pieces of information have been stored and processed. The security and quality of that information are vital to protect the health of the data throughout its lifecycle. Implementing measures that preserve the integrity of the data is increasingly vital for organisations around the world.
SCITT in the information security context stands for “Supply Chain Integrity, Transparency, and Trust”. It’s a relatively young discipline and the dust is still settling over its scope and definition but the core is very simple: risk vests in the operator of equipment, but it originates at every point in the supply chain.
A medical lab scientist landed in Johannesburg on Saturday, February 5th, for his two-week assignment. Soon after landing, family and friends called him to say that some people were calling and texting them, looking for him. Those people were hackers, who had got hold of his contacts. The scientist didn’t pay much attention to it, but two days later he received a message from his telecom company that they had received a SIM card swap request from him, which he, of course, never made.
It is not hard to set application security goals. Security teams want to reduce risk. Developers want to quickly meet the requirements of security policy and hit deadlines. Executives want growth within their risk tolerance. What is hard is defining an appropriate level of risk and measuring whether your AppSec program is efficient, effective, and returning expected outcomes based on your investments.
