We have all heard the castle-and-moat analogy to describe traditional centralized approaches to cybersecurity. As cloud security becomes increasingly important in the modern landscape, I think we should add one more component to the analogies we use to think about security: fog. Sometimes the fog is so thick that you can barely see what is…

RSA CONFERENCE 2020 – San Francisco – A recently spotted targeted attack employed a rootkit to sneak malicious traffic through the victim organization’s AWS firewall and drop a remote access Trojan onto its cloud-based servers. Researchers at Sophos discovered the attack while inspecting infected Linux and Windows EC2-based cloud infrastructure servers running in Amazon Web…

In the age of cloud computing where infrastructure needs to be extended or deployed rapidly to meet ever-changing organizational needs, the configuration of new servers and nodes is completely automated. This is done using machine-readable definition files, or templates, as part of a process known as infrastructure as code (IaC) or continuous configuration automation (CCA)….

Public cloud infrastructure presents security teams with a new invisible management layer, creating new security challenges that demand better understanding. Many organizations don’t properly understand the cloud identity and access management layer and often fail to secure it. Such misunderstandings usually lead to dangerous misconfigurations that can drive customer risk; for example, in the case…

Worldwide spending on public cloud services and infrastructure will more than double over the 2019-2023 forecast period, according to IDC. With a five-year compound annual growth rate (CAGR) of 22.3%, public cloud spending will grow from $229 billion in 2019 to nearly $500 billion in 2023. “Adoption of public (shared) cloud services continues to grow…

How Cloud Security Can Drive Innovation and Transform Your Business

I joined a number of security professionals at the IBM Security Summit in London last month during the “Innovating With Cloud Security” breakout session, which was hosted by Martin Borrett, chief technology officer (CTO) of IBM Security Europe. The audience took part in discussions about typical cloud transformation journeys, security for and from the cloud,…