Businesses may feel more comfortable with their data stored within their own walls, but private clouds will generally be slower to patch security gaps, leaving them exposed to potential data breaches and compliance holes.
It's not enough to see cloud adoption as an addition to existing security technologies and practices - businesses must adapt their entire security solution to become cloud-centric, and businesses must prepare for future threats.
The problem with placing your organisation's digital crown jewels in the public cloud is that you must rely on the CSP's own security controls to identify and stop attackers.
As DevOps is becoming DevSecOps, cloud is being put at the heart of cyber-security by some; a cloud-first approach to cyber-security puts you at a starting point of natively operationalising security so it can scale with demand.
Google has launched a new cloud-based service - called VPC Service Controls - aimed at helping organisations secure data I transit and at rest.
The widespread drive to adopt cloud services is exposing a growing rift in UK enterprises between speed of adoption and cyber-security, according to a new study.
It is crucial to devise a programme early on that enables the curation, and distribution via automation, of consistent security policies for access to cloud keys and credentials—in a compliant way.
While using the cloud may involve online data security risks, there are several tools and practices that IT departments can implement to stay safe when moving to the cloud.
Despite a lack of appropriate visibility and control measures in place, cloud-based HR applications are now the most highly used cloud applications across organisations, with 139 such apps being used by organisations on average.
The Data Protection Officers required by the new European General Data Protection Regulation can be very difficult to find. But there is a rare breed of cloud providers whose data management skills make them ideal.
Starting a cloud strategy? Ask, fundamentally, how can the cloud and its capabilities be aligned to the requirements of the business over the next five or more years?
Enterprises are developing and using enterprise applications on a large scale for various purposes, but a lack of encryption, coupled with serious security flaws in such applications, is also rendering enterprises vulnerable.
IoT is part of a fundamental shift forward in enterprise networking - towards a cloud-enabled 'consume' approach - and yet most companies plan to implement IoT in a way that parallels an outdated way of 'DIY' networking.
Most cloud providers are only responsible for protecting the infrastructure that runs these services, while the customer is responsible for security inside the cloud, creating a shared responsibility of both the cloud provider and customer.
A GulfTech researcher spotted multiple vulnerabilities In Western Digital's MyCloud products, some of which could lead to remote code execution and unauthorised access.
Ever on the lookout for a new avenue of attack, cyber-criminals have figured out a method of using Google App Scripts to automatically download malware hosted in Google drive to any computer.
Rémy Cointreau faced a challenge to create a more agile organisation through its IT infrastructure, providing employees with the ability to securely access applications from any device at any time and from anywhere.
Azure is very easy to deploy but if ISO27001 processes get overlooked because you get the functionality without doing your homework then the business becomes vulnerable to threats warns Ian Daly.
Misconfigured Amazon Web Service (AWS) S3 buckets that allow public writes are enabling man-in-the-middle (MITM) attacks on servers containing data from leading news media, retail and well-known cloud services.
The underlying principles of blockchains are perfect for creating data integrity across an enterprise's value chain, and, says Ian Smith, there are firms developing these 'enterprise blockchains': private, permission-based ledgers.
Protecting this data goes beyond your internal data governance processes says Jim Kaskade, it tests how well the business governs customer data beyond the firewall.
With increasing reliance on cloud applications, businesses must start taking the issue of security in the cloud seriously. They must start asking the right questions about the service providers they are looking at says Joe Pindar
A ransomware encrypted desktop computer is enough to make you Wannacry, but the techniques and tools hackers need to make hostages of cloud services and data are already in the wild argues Mimecast CTO Neil Murray.
In our connected society, securing the network "hive" is very much a team effort. Only by assessing and defining the landscape in the first instance can a successful security strategy be put in place says Russell Crampin
Cloud gives certain tools. We need to understand as organisations where our core competence is and for many companies, it's not infrastructure." But he added that you do need visibility about what is going on.
Cloud-based unified communications services provider Fuze earlier this year repaired three vulnerabilities in a customer web portal.
Carl Boraman looks at the analytics available from cloud-based services and what customers can do to detect fraud in VoIP services.
Despite its security issues, security vendors appear to be migrating security tools to the cloud to provide the answer to CISOs wanting a clearer approach to quicker threat detection and prevention.
According to new research from the Ponemon Institute and Netskope, as cloud services usage - and risk - increases, businesses still lack visibility into data breaches.
Sixty-two percent of organisations leave data protection and availability of in-cloud data to third-party cloud providers.