Google Cloud Launches Security Command Center Enterprise
Security Command Center Enterprise integrates Mandiant expertise and Generative AI for proactive and simplified cloud security.
The solution bridges the gap between cloud security and enterprise security operations, enabling organizations to manage and prioritize cloud risk effectively. [ more ]
Attack (or Penetrate Test) Cloud Native the Easy Way
Weak cloud native infrastructure security defenses leave distributed networks vulnerable to attacks via simple tools or unpatched security holes, including easy access through dark web purchases. [ more ]
Azure DevOps' First Consensus Assessment Initiative Questionnaire (CAIQ) Now Available - Azure DevOps Blog
Microsoft has published a Consensus Assessment Initiative Questionnaire (CAIQ) specific to Azure DevOps.
The CAIQ is a comprehensive checklist that covers a wide range of security topics relevant to cloud computing.
The CAIQ for Azure DevOps is published on Microsoft's Service Trust Portal and addresses various areas such as data governance, data center security, identity and access management, and incident response. [ more ]
Illumio Delivers the Most Complete Zero-Trust Segmentation Platform With the Addition of CloudSecure
Illumio has expanded its Zero Trust Segmentation Platform with Illumio CloudSecure to provide comprehensive segmentation for hybrid and multi-cloud environments.
Illumio CloudSecure helps organizations address the challenges of public cloud security by providing visibility and control of connections between dynamic applications and workloads.
Illumio CloudSecure enables organizations to contain attacks efficiently and cost effectively on applications and workloads in public cloud environments. [ more ]
The Role of DevOps in Orchestrating Enterprise-Wide Cloud Security - DevOps.com
Moving to the cloud poses security challenges - data breaches, misconfigurations, compliance, and unauthorized access. Robust security measures and employee training are crucial for data protection. [ more ]
New Cloud Governance Guidance in the Microsoft Cloud Adoption Framework for Azure
Microsoft updated its Cloud Adoption Framework (CAF) Govern section for Azure to enhance cloud governance guidance and provide support for organizations in their cloud journey. [ more ]
Google Cloud Next 2024: Everything announced so far | TechCrunch
Google's Cloud Next 2024 event features new cloud updates focusing on AI, devops, and security tools.
Gemini introduces AI-powered tools for simplifying database management for Google Cloud customers.
Google emphasizes partnerships and AI integration in their security tools with new Threat Intelligence, Chronicle, and Security Command Center products. [ more ]
Law firms are adopting a cloud-first mentality, but often overlook the importance of securing their cloud environment, leaving room for vulnerabilities. [ more ]
How Apple's Advanced Data Protection Works, and How to Enable It on Your iPhone
Enabling Apple's Advanced Data Protection (ADP) enhances security for iCloud backups, iCloud Drive, Photos, Notes, and Reminders.
End-to-end encryption provided by ADP ensures data safety even in cases of rogue employees or data breaches, but it also limits Apple's ability to access or help recover encrypted files. [ more ]
UK's NCSC Issues Warning as SVR Hackers Target Cloud Services
Russian state hackers are targeting organizations moving to the cloud, focusing on weaknesses in cloud services for initial access.
APT29, linked to Russia's Foreign Intelligence Service, is expanding its cyberattacks to various sectors and adapting techniques for cloud-based environments. [ more ]
Russia's Cozy Bear spotted diving into cloud environments
Cozy Bear, responsible for the SolarWinds attack, has expanded to target cloud environments and diversified victim categories.
Five Eyes governments issue a joint advisory warning of Cozy Bear expanding targets and methods, including targeting organizations via cloud services. [ more ]
Menlo Security Inc. announced new cloud-delivered enterprise browser solution for safe hybrid work with zero-trust access.
The solution offers end-to-end visibility, dynamic policy enforcement, and protection against advanced threats, managing local browser security policies and enabling access to applications. [ more ]
The Code Caveat: When Developer Credentials Become the Hacker's Pickaxe - DevOps.com
Developers are often the weakest link in cloud security.
Common ways developers can compromise cloud security include exposing credentials, falling victim to phishing campaigns, and using weak passwords. [ more ]
SAP's attempt to migrate security tools to cloud failed
SAP abandoned its attempt to create an Endpoint Detection and Response (EDR) tool for its cloud after a year and a half as a failure.
Legacy security tooling lifted from datacenters may not be effective in the cloud, as it may leave organizations vulnerable to common cloud threats that legacy tools cannot detect. [ more ]