Cloud-native threats have multiple implications. We are used to seeing legitimate cloud applications exploited within sophisticated kill chains, and we forget the basics: such as the risks posed by Shadow IT, like when personal email accounts are used to improperly handle corporate data. This is a very real risk right now, when users are working almost completely from home and the line between the professional and personal use of work devices is blurred.

Organizations are migrating an increasing amount of their infrastructure into the cloud. The cloud provides organizations with a number of benefits like greater scalability, improved reliability and faster time to value. However, these potential benefits can be offset if security is an afterthought.

As we address a number of anniversaries related to the COVID-19 pandemic, you’re likely reminded of a lot of the uncertainty you were feeling coming into an indefinite work from home scenario. I know I certainly am.

Do you remember all the apprehension about cloud migration in the early days of cloud computing? Some of the concerns ran the full paranoia gamut from unreliability to massive overcharging for cloud services. Some concerns, such as the lack of security of the entire cloud infrastructure, rose to the level of conspiracy theories. It is nice to know that those myths are all behind us. Or are they? It seems that many of the earlier misconceptions have been replaced with new notions about the cloud.

In the last several years, companies have accelerated their cloud adoption and have invested time and resources to lift and shift their content, development and applications to public and private clouds. The onset of the global health crisis has further accelerated even the more traditional brick-and-mortar companies to invest in cloud technologies. Yet, we still see customers hosting content on on-premises repositories in spite of inexpensive per-GB cloud storage. Why is that?

One of the major concerns when moving to the cloud is how to approach AWS S3 security. Companies may have moved their workflows to Amazon, but are still cautious about moving their data warehouse. And that is totally understandable. We have all heard about data breaches in companies like Facebook, GoDaddy, and Pocket. It’s important that access to information is done properly, in a limited and controlled fashion, to avoid such breaches.

It’s easy to get overwhelmed with the number of cloud security resources available. How do you know which sources to trust? Which ones should inform your security strategies? Which reports will actually improve your cloud security posture? Let’s first look at six cloud security guides that you should be using. These resources provide action items that you can take back to your team and use immediately.

Not even seven days after its public release, the American Rescue Plan Act has already been exploited by cybercriminals. This is the latest example of using a relief measure as bait for phishing or malware delivery.