Data lifecycle management (DLM) is the process of safeguarding data appropriately throughout its existence. The basic data lifecycle stages are creation, storage, data usage, sharing and destruction: Figure 1. The 6 basic data lifecycle management stages The goal of DLM is to ensure data security and regulatory compliance during all stages without throttling business productivity. Achieving this goal requires different processes and policies at various times during the data lifecycle.

In February 2021, UpGuard researchers discovered that 51% of analyzed Fortune 500 companies were leaking information in the metadata of public documents hosted on their websites. This discovery is a window into a broader overlooked cyber threat category, increasing the risk of data breaches in the tech industry - data leaks. Data leaks (often confused with data breaches) help hackers compress the data breach attack pathway, increasing the speed, severity, and frequency of these events.

The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL, that resulted in stolen proprietary data. The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary software and credentials. They also attempted to pivot using a Terraform state file to other connected AWS accounts to spread their reach throughout the organization.

Last month, we hosted a webinar with our CISO, Karim Beldjilali, who was formerly the CISO of Rightway a healthcare startup. Karim shared important security lessons for healthcare organizations leveraging cloud applications across their workforce. We briefly share the highlights below.

Since ChatGPT was released by OpenAI last year, large language models like it have gone viral. Cheerleaders extol these AI models as the future of work, maybe the best thing to happen since the invention of the internet, or as the invention that changes everything. Detractors point to their gaffs, failures, and “hallucinations.” Both Google and Microsoft have been embarrassed in the last several days by the outputs of their respective chatbots.

Welcome to our first ever The State of Secrets Security in SaaS Apps, an in-depth look at what security risks are posed by the data stored in organizations' SaaS applications. As companies have adopted a remote-first approach to work, these solutions have increasingly been used to send and store passwords, secrets, and API keys.

Many security professionals feel like broken records at this point when we say, “the threat landscape is constantly evolving”, and especially when we talk about how security operations centers (SOCs) are always trying to do more with less. But over the last couple of years, what we think of as standard security issues have evolved into several new, daunting challenges.