Cybersecurity Trends and Training Q and A

cybersecurity word montage

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Q: Why is it important for organizations and agencies to stay current in their cybersecurity training? A: Changes accelerate in technology. There’s an idea called Moore’s Law, named after Gordon Moore working with Intel, that the power of a micro-chip doubles every 18 months. When combined with the virtualization […]

Read more...

Cybersecurity Certifications That Make a Difference

cloud security symbol overlaying laptop

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC The security industry is understaffed. By a lot. Previous estimates by the Ponemon Institute suggest as much as 50 percent underemployment for cybersecurity positions. Seventy percent of existing IT security organizations are understaffed and 58 percent say it’s difficult to retain qualified candidates. ESG’s 2017 annual global survey of […]

Read more...

Microsoft Workplace Join Part 2: Defusing the Security Timebomb

timebomb countdown to Workplace Join infosecurity risk

By Chris Higgins, Technical Support Engineer, Bitglass In my last post, I introduced Microsoft Workplace Join. It’s a really convenient feature that can automatically log users in to corporate accounts from any devices of their choosing. However, this approach essentially eliminates all sense of security. So, if you’re a sane and rational security professional (or even […]

Read more...

Firmware Integrity in the Cloud Data Center

firmware integrity in the cloud data center cover

By John Yeoh, Research Director/Americas, Cloud Security Alliance As valued members, we wanted you to be among the first to hear about the newest report out from CSA—Firmware Integrity in the Cloud Data Center, in which key cloud providers and datacenter development stakeholders share their thoughts on building cloud infrastructure using secure servers that enable customers […]

Read more...

New Software-Defined Perimeter Glossary Sheds Light on Industry Terms

By Shamun Mahmud, Research Analyst, Cloud Security Alliance The Cloud Security Alliance’s Software Defined Perimeter Working Group set out to author a comprehensive resource on the terms and definitions within software defined perimeter (SDP) architectures. SDP has changed since the working group’s inception in 2014, so the Working Group went about creating a glossary to reflect this […]

Read more...

Continuous Monitoring in the Cloud

lock and key for cloud security

By Michael Pitcher, Vice President, Technical Cyber Services, Coalfire Federal I recently spoke at the Cloud Security Alliance’s Federal Summit on the topic “Continuous Monitoring / Continuous Diagnostics and Mitigation (CDM) Concepts in the Cloud.” As government has moved and will continue to move to the cloud, it is becoming increasingly important to ensure continuous monitoring […]

Read more...

Microsoft Workplace Join Part 1: The Security Timebomb

timebomb countdown to Workplace Join infosecurity risk

By Chris Higgins, Technical Support Engineer, Bitglass It’s no secret that enterprise users wish to access work data and applications from a mix of both corporate and personal devices. In order to help facilitate this mix of devices, Microsoft has introduced a new feature called Workplace Join into Azure Active Directory, Microsoft’s cloud-based directory and identity service. While […]

Read more...

Cloud Security Trailing Cloud App Adoption in 2018

By Jacob Serpa, Product Marketing Manager, Bitglass In recent years, the cloud has attracted countless organizations with its promises of increased productivity, improved collaboration, and decreased IT overhead. As more and more companies migrate, more and more cloud-based tools arise. In its fourth cloud adoption report, Bitglass reveals the state of cloud in 2018. Unsurprisingly, […]

Read more...

Five Cloud Migration Mistakes That Will Sink a Business

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Today, with the growing popularity of cloud computing, there exists a wealth of resources for companies that are considering—or are in the process of—migrating their data to the cloud. From checklists to best practices, the Internet teems with advice. But what about the things you shouldn’t be doing? The […]

Read more...

Cybersecurity and Privacy Certification from the Ground Up

By Daniele Catteddu, CTO, Cloud Security Alliance The European Cybersecurity Act, proposed in 2017 by the European Commission, is the most recent of several policy documents adopted and/or proposed by governments around the world, each with the intent (among other objectives) to bring clarity to cybersecurity certifications for various products and services. The reason why […]

Read more...

Prepare to Take (and Ace) the CCSK Exam at Infosecurity Europe

By Ryan Bergsma, Training Program Director, Cloud Security Alliance Here’s a riddle for you. It’s been called the “mother of all cloud computing security certifications” by CIO Magazine. Search Cloud Security said it’s “a good alternative cloud security certification for an entry-level to midrange security professional with an interest in cloud security.” And, Certification Magazine […]

Read more...

Bitglass Security Spotlight: Twitter, PyRoMine, & Stresspaint

By Jacob Serpa, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks: —Twitter exposes user credentials in plaintext —PyRoMine mines Monero and disables security —Stresspaint malware hunts Facebook credentials —MassMiner malware mines cryptocurrency —Access Group Education Lending breached Twitter exposes user credentials in plaintext Despite the fact that Twitter doesn’t store […]

Read more...

CCSK Certification vs AWS Certification – A Definitive Guide

By Graham Thompson, CCSK, CCSP, CISSP, Authorized Trainer, Intrinsec Security I was recently asked about CCSK certification vs AWS certification and which one should be pursued by someone looking to getting into cloud security. This post tries to address the question “which cloud certification is right for you.” I’ll give you a lay of the land […]

Read more...

How ChromeOS Dramatically Simplifies Enterprise Security

By Rich Campagna, Chief Marketing Officer, Bitglass Google’s Chromebooks have enjoyed significant adoption in education, but have seen very little interest in the enterprise until recently. According to Gartner’s Peter Firstbrook in Securing Chromebooks in the Enterprise (6 March 2018), a survey of more than 700 respondents showed that nearly half of organizations will definitely purchase or […]

Read more...

What If the Cryptography Underlying the Internet Fell Apart?

By Roberta Faux, Director of Research, Envieta Without the encryption used to secure passwords for logging in to services like Paypal, Gmail, or Facebook, a user is left vulnerable to attack. Online security is becoming fundamental to life in the 21st century. Once quantum computing is achieved, all the secret keys we use to secure […]

Read more...

Surprise Apps in Your CASB PoC

By Rich Campagna, Chief Marketing Officer, Bitglass Barely five years old, the Cloud Access Security Broker (CASB) market is undergoing its second major shift in primary usage. The first CASBs to hit the market way back in 2013-2014 primarily provided visibility into Shadow IT. Interest in that visibility use case quickly waned in favor of data protection (and […]

Read more...

Majority of Australian Data Breaches Caused by Human Error

By Rich Campagna, Chief Marketing Officer, Bitglass It wasn’t long ago that the first breach under the Office of the Australian Information Commissioner’s (OAIC) Privacy Amendment Bill was made public. Now, OAIC is back with their first Quarterly Statistics Report of Notifiable Data Breaches. While the report doesn’t offer much in the way of detail, it does highlight a couple of […]

Read more...

Bitglass Security Spotlight: LinkedIn, Vector, and AWS

By Jacob Serpa, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks: —LinkedIn security gap exposes users’ data —Vector app reveals customers’ information —AWS misconfiguration makes LocalBlox user information public —New malware steals data via power lines —Banking apps deemed the most unsecured LinkedIn security gap exposes users’ data LinkedIn’s AutoFill […]

Read more...

Orbitz: Why You Can’t Secure Data in the Dark

By Jacob Serpa, Product Marketing Manager, Bitglass On March 1, 2018, Orbitz discovered that a malicious party may have stolen information from one of its legacy platforms. The compromised platform housed Orbitz customer information such as mailing addresses, phone numbers, email addresses, and full names, as well as details about nearly 900,000 payment cards. This breach highlights the […]

Read more...

baseStriker: Office 365 Security Fails To Secure 100 Million Email Users

By Yoav Nathaniel, Customer Success Manager, Avanan We recently uncovered what may be the largest security flaw in Office 365 since the service was created. Unlike similar attacks that could be learned and blocked, using this vulnerability hackers can completely bypass all of Microsoft’s security, including its advanced services – ATP, Safelinks, etc. The name baseStriker […]

Read more...