Cloud News, Articles and Updates

Private vs. public cloud and the compliance conundrum

Businesses may feel more comfortable with their data stored within their own walls, but private clouds will generally be slower to patch security gaps, leaving them exposed to potential data breaches and compliance holes.

Increasingly sophisticated cyber-attacks make security integral to success

It's not enough to see cloud adoption as an addition to existing security technologies and practices - businesses must adapt their entire security solution to become cloud-centric, and businesses must prepare for future threats.

Protecting your 'digital jewels' from new public cloud threats

The problem with placing your organisation's digital crown jewels in the public cloud is that you must rely on the CSP's own security controls to identify and stop attackers.

Cybersecurity needs to move into cloud faster

As DevOps is becoming DevSecOps, cloud is being put at the heart of cyber-security by some; a cloud-first approach to cyber-security puts you at a starting point of natively operationalising security so it can scale with demand.

Google adds VPC Service Controls to its cloud

Google has launched a new cloud-based service - called VPC Service Controls - aimed at helping organisations secure data I transit and at rest.

Rush to the cloud pits speed of adoption against ensuring security

The widespread drive to adopt cloud services is exposing a growing rift in UK enterprises between speed of adoption and cyber-security, according to a new study.

Decoding DevOps security - implementing a coherent & compliant programme

It is crucial to devise a programme early on that enables the curation, and distribution via automation, of consistent security policies for access to cloud keys and credentials—in a compliant way.

Staying safe in the cloud: tips for businesses

While using the cloud may involve online data security risks, there are several tools and practices that IT departments can implement to stay safe when moving to the cloud.

Despite poor IT visibility, HR apps are the most highly used cloud services

Despite a lack of appropriate visibility and control measures in place, cloud-based HR applications are now the most highly used cloud applications across organisations, with 139 such apps being used by organisations on average.

Who will be your organisation's data protection superhero?

The Data Protection Officers required by the new European General Data Protection Regulation can be very difficult to find. But there is a rare breed of cloud providers whose data management skills make them ideal.

The cloud is a strategic priority requiring skills that few providers possess

Starting a cloud strategy? Ask, fundamentally, how can the cloud and its capabilities be aligned to the requirements of the business over the next five or more years?

Lack of encryption in cloud applications rendering enterprises vulnerable

Enterprises are developing and using enterprise applications on a large scale for various purposes, but a lack of encryption, coupled with serious security flaws in such applications, is also rendering enterprises vulnerable.

Securing the future of IoT; poor implementation will weaken security

IoT is part of a fundamental shift forward in enterprise networking - towards a cloud-enabled 'consume' approach - and yet most companies plan to implement IoT in a way that parallels an outdated way of 'DIY' networking.

The cloud is more available than ever but are you making sure it's secure?

Most cloud providers are only responsible for protecting the infrastructure that runs these services, while the customer is responsible for security inside the cloud, creating a shared responsibility of both the cloud provider and customer.

Vulnerabilities including remote execution spotted in WDMyCloud products

A GulfTech researcher spotted multiple vulnerabilities In Western Digital's MyCloud products, some of which could lead to remote code execution and unauthorised access.

Cloud-based docs the new frontier for phishing attacks

Ever on the lookout for a new avenue of attack, cyber-criminals have figured out a method of using Google App Scripts to automatically download malware hosted in Google drive to any computer.

Rémy Cointreau Case Study - connecting a global workforce to the cloud

Rémy Cointreau faced a challenge to create a more agile organisation through its IT infrastructure, providing employees with the ability to securely access applications from any device at any time and from anywhere.

Security implications of moving Disaster Recovery (DR) to Azure

Azure is very easy to deploy but if ISO27001 processes get overlooked because you get the functionality without doing your homework then the business becomes vulnerable to threats warns Ian Daly.

Misconfigured Amazon S3 Buckets allowing man-in-the-middle attacks

Misconfigured Amazon Web Service (AWS) S3 buckets that allow public writes are enabling man-in-the-middle (MITM) attacks on servers containing data from leading news media, retail and well-known cloud services.

With cyber-crime at its peak, is the cloud really secure?

The underlying principles of blockchains are perfect for creating data integrity across an enterprise's value chain, and, says Ian Smith, there are firms developing these 'enterprise blockchains': private, permission-based ledgers.

Cloud providers must protect personally identifiable information

Protecting this data goes beyond your internal data governance processes says Jim Kaskade, it tests how well the business governs customer data beyond the firewall.

Protecting the cloud - a GDPR issue that can't simply be outsourced

With increasing reliance on cloud applications, businesses must start taking the issue of security in the cloud seriously. They must start asking the right questions about the service providers they are looking at says Joe Pindar

Ransomware rumblings in the cloud: stormy weather predicted

A ransomware encrypted desktop computer is enough to make you Wannacry, but the techniques and tools hackers need to make hostages of cloud services and data are already in the wild argues Mimecast CTO Neil Murray.

Protecting your network hive: 4 security trends you need to know about

In our connected society, securing the network "hive" is very much a team effort. Only by assessing and defining the landscape in the first instance can a successful security strategy be put in place says Russell Crampin

Balancing digital good / bad - ensure visibility, take responsibility

Cloud gives certain tools. We need to understand as organisations where our core competence is and for many companies, it's not infrastructure." But he added that you do need visibility about what is going on.

Fuze fixes portal security lapses that could expose sensitive data

Cloud-based unified communications services provider Fuze earlier this year repaired three vulnerabilities in a customer web portal.

Catching the pickpockets in VoIP fraud

Carl Boraman looks at the analytics available from cloud-based services and what customers can do to detect fraud in VoIP services.

As CISOs look for more clarity in the noise, is the cloud the answer?

Despite its security issues, security vendors appear to be migrating security tools to the cloud to provide the answer to CISOs wanting a clearer approach to quicker threat detection and prevention.

Majority of businesses have not inspected cloud services for malware

According to new research from the Ponemon Institute and Netskope, as cloud services usage - and risk - increases, businesses still lack visibility into data breaches.

Security and business continuity are top concerns when moving to cloud

Sixty-two percent of organisations leave data protection and availability of in-cloud data to third-party cloud providers.