Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Enterprises Are Leaving Cloud Security Policies To Chance
Newest First  |  Oldest First  |  Threaded View
UlfM645
UlfM645,
User Rank: Apprentice
10/20/2015 | 3:42:41 PM
A growing issue
I find it concerning that "fewer than a third of organizations have a strategy in place to tailor security requirements to the mix of environments they use," and I agree that "Security teams need to do a lot of thinking to keep up with the rapid diversification
 of enterprise computing into a variety of private, public, cloud and traditional environments." I think it is critical to be able to manage the security policy from a single, central command, to secure big data, databases, cloud applications, file servers, applications and more.

Cloud is a particular concern and the Ponemon study "The State of Data Security Intelligence," reported that "Data that is outsourced to cloud is the biggest worry." Another Ponemon study reported that "Less than four in 10 leverage security tools to protect enterprise applications and data in the cloud."

Gartner released the report "Simplify Operations and Compliance in the Cloud by Protecting Sensitive Data" in June 2015 that highlighted key challenges as "cloud increases the risks of noncompliance through unapproved access and data breach." The report recommended CIOs and CISOs to address data residency and compliance issues by "applying encryption or tokenization," and to also "understand when data appears in clear text, where keys are made available and stored, and who has access to the keys." Example of solutions can be found in another Gartner report that concluded that "Cloud Data Protection Gateways" provides a "High Benefit Rating" and "offer a way to secure sensitive enterprise data and files stores of data and use cases.

Ulf Mattsson, CTO Protegrity


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0673
PUBLISHED: 2023-02-04
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The asso...
CVE-2023-0674
PUBLISHED: 2023-02-04
A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Th...
CVE-2023-0675
PUBLISHED: 2023-02-04
A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation of the argument start/end leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and ma...
CVE-2018-25080
PUBLISHED: 2023-02-04
A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The atta...
CVE-2019-25101
PUBLISHED: 2023-02-04
A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading...