Juggling security in the cloud can seem like an insurmountable task, especially when hybrid cloud and multicloud environments come into play. While your cloud service provider (CSP) can help manage some layers of cloud security, you’ll still be left with management of at least your users and data, if not your application layer.
One way to help keep track of all the security vectors within your organization is to divide them into these ten zones of enterprise cloud security. Any cloud security policy should cover each of these areas. You can also assign a single engineer or administrator to have ownership over each zone.
While many organizations combine Security and Compliance under a single banner, and there is nothing inherently wrong with having a Chief Security and Compliance Officer or managing risk mitigation under a single umbrella, the fact is that compliance and security measures are two overlapping but inherently different practices of information security.
Compliance standards often change quickly and require quite a bit of work to ensure enforcement across an entire organization. Audit trails, regulator inspections, minimum mandates…they have to be tracked and adhered to 24/7. But meeting compliance standards often puts blinders on a security administrator.
Simply meeting a compliance measure — or even four or five — does not mean that your infrastructure is up to snuff with security best practices. Nor does following industry standards of security guarantee that you’ll meet your next compliance audit.
Have you ever received an email from Amazon, PayPal, Blizzard, or another trusted organization saying they need you to verify your information? What about emails from a Nigerian Prince? Or maybe you’ve been the lucky winner of an iPad and you just have to send them your name, date of birth, Credit Card number, social security number, mother’s maiden name, and the blood of your firstborn child.
These phishing scams are an ever increasing and (to those who know what they are looking for) blatantly obvious attempt to steal your Personally Identifiable information (PII). The scary part is that according to Google, they are effective 45% of the time.
Read on to learn how to avoid phishing scams.
In the past decade, alongside the increased importance of digital tools for business, a new category of insurance has sprung up to cover digital data breaches and liability. With the average total cost of data breaches reaching $4 million dollars and the average cost of each lost or stolen digital record increasing to $158, it is clear that experiencing a data breach is an expensive affair.
While dedicated security response teams and encryption do decrease these costs, and IPS/IDS systems and other security measures can help reduce the risk, many organizations will still experience a data breach at some point.
Cyberinsurance can help mitigate the cost of a data breach by reimbursing your company for legal fees, helping with the cost of crisis management and investigation, notification costs, extortion liability fees, and third party damages relating to network or system outages. But does every organization need cyberinsurance?
We've posted quite a bit about best user practices to maintain the integrity of your IT infrastructure, especially strong password hygiene, the use of antivirus/antimalware, and the importance of backups in the case something goes awry. With user negligence causing up to 68% of breaches, according to a Ponemon Research study, these practices are essential. But how can you make sure your employees adhere to them?
But a recent article covering the Clinton presidential campaign staff methods to encourage information security reveals one secret to IT security: being kind of annoying.
Placing data in the cloud comes with a set of concerns — accessibility (will my information always be available if the cloud has technical problems?) and security (how safe is my data when I can’t control the security measures?) chief among them. Of these, security has long been the primary concern for technology decision makers considering the cloud.
Recent surveys reveal that while security remains top of mind, the location of data is rising in prominence as a barrier or concern for cloud adoption. These concerns stem in part from the difficulty of visibility into data transit and storage. Customers might want to know where exactly their data is residing so they can retrieve it quickly — and also for legal implications.
Two recent court cases between Google, Microsoft, and the Federal Government highlight the legal entanglements that could come with storing information in the cloud. Read on to learn why the location of your cloud data is vital.
You’re probably familiar with the kind of performance issues inherent in antivirus/antimalware tools. Anyone who has used a PC when the antivirus scan boots up can attest to sluggish performance. The same issues rear their head when using antivirus in a virtual environment – but virtual machines come with their own set of wrinkles.
Antivirus software can be installed either on the VM itself or on the host. Depending on your approach, you’ll want to consider these key factors to maximize performance.
Many cloud discussions center around data security. When infrastructure is out of corporate control, it’s natural to be concerned about the precautions taken to protect vital information assets. Ultimately, cloud security is not any weaker than on-premise data centers, but it turns out that corporate IT departments aren’t really concerned about losing data, anyway.
They’re worried about what everyone else will think if they lose that data.
With only 25% of companies are equipped to handle data breaches, corporations still cite damage to reputation as the biggest risk of being hacked. A recent study from the International Association of Privacy Professionals found that 83% of public companies in the United States cite the impact to corporate reputation as the number one risk of a data breach.
Passwords – we love to hate them. Despite scribbled pages of notes and password keepers, we always forget them at the most inconvenient time. (By the way, written notes are a very insecure way to remember your password). They expire before we remember to reset them, as the IT department sets required password change rules. These days it feels like they have to be one hundred letters long, including hieroglyphics, roman numerals, and emojis.
And despite all that, they still aren’t very secure. Every few months we hear about another massive breach. One of the biggest, and most recent, was Yahoo. The company only just reported a 2014 breach that compromised 500 million users’ names, e-mail address, and other personally identifying information. If the password information could be decrypted and used along with this other PII, user accounts across other services – even bank logins – could be accessed. According the 2016 Verizon Data Breach Investigations Report, compromised passwords were used as a means of access for many attacks as well.
Is it time to ditch passwords all together? What might replace them? The technology, it turns out, is just around the corner.
Private vs. public cloud is a battle many thought was over years ago, and some recent think pieces seem to confirm that notion, claiming no one can match the economies of scale delivered by hyperscale cloud providers.
But private cloud, or on-premise virtualization, can still be a less expensive option — if you have the staff and capabilities to support it. A recent study from 451 Research describes when the tipping point is in the favor of private cloud and when public cloud has a lower total cost of ownership (TCO), based on utilization of hardware and efficiency of your staff.