IT leaders have historically managed all infrastructure decisions across storage, network, compute and other aspects of the cloud. But this isn’t necessarily the case today. As organizations move away from on-premise cloud infrastructure and adopt cloud-native technologies, modern developers are playing a larger role in decision-making — especially when it comes to policy decisions like the control of cloud-based tools and the code that runs on them.

As developers, we need maximum visibility of what’s actually running in our cloud environments, in order to keep them secure. Infrastructure as code (IaC) helps developers automate their cloud infrastructures, so what’s deployed to the cloud is under control and can easily be audited. But achieving and maintaining 100% IaC coverage of your infrastructure has many challenges.

Our modern digital world has proven that global tensions between countries are not contained to the battlefield. As international cyberattacks and protestware proliferate, the Biden-Harris administration (White House) instructed US institutions, large and small, to be more vigilant about malicious cyber activity.

As you have probably heard, 3G is phasing out. On February 22, AT&T shut down its 3G network. T-Mobile Sprint will retire its 3G network next week on March 31, 2022. Verizon, the last of the pack, will retire 3G by the end of 2022. What does this mean for your business and your security? The obvious answer is that older phones should be replaced as soon as possible, but the 3G shutdown’s impact will reach beyond phones, and that reach may affect your organization’s security.

Do you feel like every other cybersecurity news story mentioned ransomware in 2021? Does it feel like you can’t turn on a cybersecurity podcast and not hear the “R” word? We feel the same way, and as a cybersecurity vendor, we felt that we should also contribute to the noise. :-) But we did want to try and do something different.

“In its current CWS offering, the vendor has great CSPM capabilities for Azure, including detecting overprivileged admins and enforcing storage least privilege and encryption, virtual machine, and network policy controls.” – The Forrester Wave™: Cloud Workload Security, Q1 2022 CrowdStrike is excited to announce we have been named a “Strong Performer” in The Forrester Wave:™ Cloud Workload Security, Q1 2022.

In an effort to stay ahead of improvements in automated detections and preventions, adversary groups continually look to new tactics, techniques and procedures (TTPs), and new tooling to progress their mission objectives. One group — known as BlackCat/ALPHV — has taken the sophisticated approach of developing their tooling from the ground up, using newer, more secure languages like Rust and highly customized configuration options per victim.

Our VP for Data Ethics & Governance, Sophie Chase-Borthwick, was recently part of a panel – the PICCASO Special Interest Group. Sophie joined William Malcolm (Privacy Legal Director at Google), Radha Gohil (Data Ethics Strategy Lead at Shell), and Anne Woodley (Security Specialist at Microsoft) in untangling what data ethics actually means and how best to support it. Here we look at this in more detail.