AWS Cloud: Proactive Security and Forensic Readiness – Part 4

Part 4: Detective Controls in AWS By Neha Thethi, Information Security Analyst, BH Consulting Security controls can be either technical or administrative. A layered security approach to protecting an organization’s information assets and infrastructure should include preventative controls, detective controls and corrective controls. Preventative controls exist to prevent the threat from coming in contact with the weakness. […]

Read more...

Data Breaches on the Rise in Financial Services

Financial World: Breach Kingdom report cover

By Jacob Serpa, Product Marketing Manager, Bitglass Financial services organizations are a prime target for hackers looking to steal and sell valuable data. This is because these firms handle sensitive information known as PII, personally identifiable information, as well as other financial data. In Financial World: Breach Kingdom, Bitglass’ latest financial breach report, the Next-Gen CASB reveals information about […]

Read more...

Cloud Security Alliance Releases Minor Update to CCM v3.0.1

CCM logo

By the CSA Research Team The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Working Group has released a minor update for the CCM v3.0.1. This update incorporates mappings to IEC 62443-3-3 and BSI Compliance Controls Catalogue (C5). The CCM is specifically designed to provide fundamental security principles to guide cloud vendors and to assist […]

Read more...

Cloud Security Alliance Announces the Release of the Spanish Translation of Guidance 4.0

Guidance 4.0 Spanish version cover

By JR Santos, Executive Vice President of Research, Cloud Security Alliance. The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the release of Guidance for Critical Areas of Focus in Cloud Computing 4.0 in Spanish. This is the […]

Read more...

Seven Reasons Why Proxy-based CASBs Are Required for Office 365

O365 logo

By Rich Campagna, Chief Marketing Officer, Bitglass A competing CASB vendor blogged recently on why proxy-based Cloud Access Security Brokers (CASBs) shouldn’t be used for Office 365. The post cites “7 reasons,” all of which are variations of just one reason: their CASB breaks each time Microsoft makes changes to Office 365.  What they call “application breakages” due to […]

Read more...

Bitglass Security Spotlight: Uber, Apollo, & Chegg

man reading cybersecurity stories in newspaper

By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity stories of recent weeks: —Uber fined $148 million over cover-up —Apollo database of 200 million contacts breached —Chegg hack exposes 40 million users’ credentials —Port of San Diego faces cyberattack Uber fined $148 million over cover-up In late 2016, Uber suffered a breach at […]

Read more...

Bitglass Security Spotlight: Veeam, Mongo Lock, Password Theft, Atlas Quantum & the 2020 Census

man reading cybersecurity stories in newspaper

By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity headlines of recent weeks: —440 million email addresses exposed by Veeam —Unprotected MongoDB databases being targeted —42 million emails, passwords, and more leaked —Cold-boot attacks steal passwords and encryption keys —2 billion devices still vulnerable to Bluetooth attack —Atlas Quantum, cryptocurrency platform, breached —Security […]

Read more...

POC the CASB

rock the CASB

By Rich Campagna, Chief Marketing Officer, Bitglass The Cloud Access Security Broker, or CASB, space has quickly made its way to the mainstream, with organizations of every size and every industry deploying CASBs whenever their data moves beyond the firewall. While ready for primetime and widely deployed, some enterprises are taking the risky step of skipping the […]

Read more...

Bitglass Security Spotlight: Yale, LifeLock, SingHealth, Malware Evolving & Reddit Breached

man reading cybersecurity stories in newspaper

By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity headlines of recent months: —Future malware to recognize victims’ faces —Reddit suffers breach —6 million records of Georgian voters exposed —RASPITE Group attacks US infrastructure —Decade-old breach at Yale uncovered —Bug exposes LifeLock customer data —Patient data of 1.5 million exposed in SingHealth breach […]

Read more...

In Europe, Cloud Is the New Default

Raiders of EMEA Cloud Adoption

By Salim Hafid, Senior Product Marketing Manager, Bitglass If you keep up with the blog, you’ll remember our 2018 global cloud adoption report, wherein thousands of organizations deployed cloud apps since we last conducted our automated analysis of over 100,000 firms. Many in EMEA wanted to know how Europe stacked up against the rest of […]

Read more...

Office 365 Security: It Takes Two to Tango

cloud

Many cloud apps – including Office 365 – operate under a shared responsibility model. Here’s what that means for your company By Beth Stackpole, Feature Writer, Symantec Security concerns, once a long-standing hurdle to cloud deployment, may be on the wane, but the issue is still very much alive when it comes to cloud-based applications […]

Read more...

Guideline on Effectively Managing Security Service in the Cloud

cover of report on effectively managing cloud service security

By Dr. Kai Chen, Director of Cybersecurity Technology, Huawei Technologies Co. Ltd. The cloud computing market is growing ever so rapidly. Affordable, efficient, and scalable, cloud computing remains the best solution for most businesses, and it is heartening to see the number of customers deploying cloud services continue to grow. From the beginning of cloud’s […]

Read more...

How Can the Financial Industry Innovate Faster?

financial services stock chart

By Peter HJ van Eijk, Head Coach and Cloud Architect, ClubCloudComputing.com How can the financial industry innovate faster? Why do non-technical people need to have a basic understanding of cloud technology? Imagine this scenario. Davinci is a company providing a SaaS solution to banks to process loans and mortgage applications. Davinci runs its own software […]

Read more...

CCSK in the Wild: Survey of 2018 Certificate Holders

man investing in Certificate of Cloud Security Knowledge (CCSK) course

Even as more organizations migrate to the cloud, there’s still a concern as to how well those cloud services are being secured. According to an article by Forbes “66% of IT professionals say security is their greatest concern in adopting a cloud computing strategy.” As you embark on your quest to fill this skills gap, […]

Read more...

Software-Defined Perimeter Architecture Guide Preview: Part 4

cyber security, lock

Part 4 of a four-part series By Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc. Over the past three blog posts on this topic, we’ve provided an overview of the Software-Defined Perimeter (SDP) Architecture Guide, including its outline, core SDP concepts, and a summary of SDP benefits. In this, our final preview blog on the […]

Read more...

Recommendations for IoT Firmware Update Processes: Addressing complexities in a vast ecosystem of connected devices

IoT Firmware Update Processes report cover

By Sabri Khemissa, IT-OT-Cloud Cybersecurity Strategist,Thales Traditionally, updating software for IT assets involves three stages: analysis, staging, and distribution of the update—a process that usually occurs during off-hours for the business. Typically, these updates apply cryptographic controls (digital signatures) to safeguard the integrity and authenticity of the software. However, the Internet of Things (IoT), with its […]

Read more...

PCI Compliance for Cloud Environments: Tackle FIM and Other Requirements with a Host-Based Approach

PCI compliance for cloud

By Patrick Flanders, Director of Marketing, Lacework Compliance frameworks and security standards are necessary, but they can be a burden on IT and security teams. They provide structure, process, and management guidelines that enable businesses to serve customers and interoperate with other organizations, all according to accepted guidelines that facilitate a better experience for end […]

Read more...

Software-Defined Perimeter Architecture Guide Preview: Part 3

cyber security, lock

Part 3 in a four-part series By Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc. Thanks for returning for our third blog posting, providing a preview of the forthcoming Software-Defined Perimeter (SDP) Architecture Guide. In this article, we’re focusing on the “Core SDP Concepts” section of the document, which introduces the underlying principles of SDP, […]

Read more...

Pwned Passwords – Have Your Credentials Been Stolen?

hacker in a hoodie staring at data screen

By Paul Sullivan, Software Engineer, Bitglass Data breaches now seem to be a daily occurrence. In recent months, Have I Been Pwned (HIBP) introduced  Pwned Passwords, which allows you to securely check your password against a database of breach data. There are over 280 breaches in the database, and that’s only the tip of the iceberg. Breaches aren’t just a problem for the users who lose their data, but for […]

Read more...