Beefing Up Security Services Online

Cloud Security Protection

The necessity and development of Cloud security evolves with the consistent growth of the Cloud and its many features. Just as Amazon is currently taking steps to improve their Cloud security in the hopes of attracting more customers, other shrewd Cloud organizations need to ensure they’re providing their clients not only with in-demand products but safeguarding those products against cyber threats.

Amazon Web Services: Security Upgrades

Already dominating the cloud market space, Amazon Web Services (AWS) recently announced two new products designed to encourage and assist companies in maintaining and securing their data in the AWS cloud. Amazon Inspector is a bot-type service that searches for Vulnerabilities and security threats, thereafter generating a security status report and suggesting a course of action. This service will also help companies avoid introducing problems into their apps when launching new features. The Database Migration Services announced will allow users to migrate their MySQL, SQL Server, PostgreSQL, and Oracle databases to AWS as quickly and simply as possible. The AWS Config Rules service will then enable organizations to configure a set of rules and decide how instances will be constructed.

Amazon Inspector

Cloud Security Ventures

Startup Zscaler is an IT security company valued at over $1 billion, and it’s focusing its attention on banking. Scrubbing Malware and other digital threats from over 100 global data centers, Zscaler has named a former banking exec, Andy Brown, to its board of directors, with the aim of winning customers from the financial services sector. Says Brown of discussions with Zscaler’s CEO Jay Chaudhry, “We agreed that if the future was going to be the cloud, then security and policy management would have to move to the cloud. I’ve been convinced of that since the Salesforce implementation, but there were no vendors around to make that easy.”

And WinMagic has launched their own tool for enterprise Cloud security, SecureDoc CloudSync. This security software encrypts files before synchronization to enterprise file sync and share services (EFSS) and is available across a range of platforms including Android, iOS, Mac, and Windows. Furthermore, management of encryption keys is simplified, and when sharing files within an enterprise, SecureDoc CloudSync doesn’t require additional end-user passwords. Mark Hickman, COO of WinMagic, notes, “The undeniable convenience of EFSS solutions runs head on into the desires of IT staff and compliance officers to closely control sensitive data in an auditable way, and SecureDoc CloudSync removes risks inherent to EFSS. With the solution, companies can encrypt files so that the encryption stays with the file in the cloud. By managing the keys, the IT teams are the final authority as to the security of their corporate data.

Narrow the Focus

The European Network Information Security Agency identified 35 Cloud security risk categories, and narrowed those down to the eight most relevant:

  • Loss of Governance
  • Lock-in
  • Isolation Failure
  • Compliance Risks
  • Management Interface Compromise
  • Data Protection
  • Insecure of Incomplete Data Deletion
  • Malicious Insider

Trends

David Howorth, VP EMEA at Alert Logic, discussed a recently released Cloud Security Report and pointed out three key findings:

  • Application Attack, Suspicious Activity, and Brute Force Attack, the primary cyber attack methods targeting cloud deployments, grew 45%, 35%, and 27% respectively over the last year, while increases in top attacks aimed at On-Premises deployments were insignificant. Howorth remarks, “Cyber criminals are logically attempting to break into a growing number of applications being deployed in the cloud.”
  • Cyber-attack methods used are being determined by how organizations interact with their customers, the size of their online presence, and where their IT infrastructure is housed.
  • Discerning the Cyber Kill Chain® can provide insight into where cyber criminals are likely to breach organization environments and how they can be stopped. This can help organizations create defense strategies based on the way attackers are approaching and infiltrating their businesses.

Organizations implementing or evaluating Cloud security solutions should understand top threats, as well as drill down into risks specific to their own environments and setups. While many Cloud providers are implementing necessary security features, it’s always best to analyze documentation and reports to ensure adequate protection.

By Jennifer Klostermann

Mitigation Security
Data scraping solutions When people hear the term data scraping, their first thought is often about how companies use this technology for competitive reasons – specifically to pull publicly-available data from millions of websites in ...
Gary Bernstein
Secure Remote Authentication When employees are working remotely, they need to be able to access company resources and applications just as if they were in the office. This means that remote authentication needs to be ...
Kelly Dyer
Achieving Data Security Compliance As individuals, we go through life sharing information about ourselves in every aspect of our daily existence. From credit checks for securing a loan, through to entire personal and family medical ...
Cloudtweaks Comic Ai
How AI Is Important for Businesses Shifting to Remote Work The Coronavirus Pandemic has taught us that organizations must have remote work choices. It is no longer possible to work in a digital environment. The ...
Crozdesk Business Software
B2B SaaS Comparison Platforms B2B SaaS Comparison Platforms are designed for buyers looking for additional information on a particular vendor and service. These sites help ease the complexities for buyers by providing a detailed breakdown ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.