Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
How Cloud Security Drives Business Agility
Newest First  |  Oldest First  |  Threaded View
Ulf Mattsson
Ulf Mattsson,
 User Rank: Moderator
1/7/2014 | 1:57:04 PM
New interesting data security method for Cloud data
I agree that "Looking at today's security problems, the landscape is littered with methods that are largely manual and disconnected".

I agree that "Business systems are launched and retired faster than security teams can identify, analyze, and track", but I think that data is more constant.

I agree that "Risks are implicitly accepted by business sponsors during design, development, and operation, but mitigated only when pressed by security and risk management", but I think that security should be built into the data values.

I agree that "Security policies are enforced primarily by manually executed audits and processes", but I think that they should instead be automated.

I agree that "Scaling today's information security and risk management problems to cloud velocity is untenable, but I found interesting new in a report from the Aberdeen Group that "saw a big advantage in performance" and also scalability over traditional security methods.

The report also revealed that "Over the last 12 months, tokenization users had 50% fewer security-related incidents(e.g., unauthorized access, data loss or data exposure than tokenization non-users". Nearly half of the respondents (47%) are currently using tokenization for something other than credit card data. The name of the study, released a few months ago, is "Tokenization Gets Traction". 

I think that the Aberdeen approach based on data tokenization is an interesting data security method for Cloud data.

Ulf Mattsson, CTO Protegrity.
cbabcock
cbabcock,
 User Rank: Apprentice
1/7/2014 | 1:35:16 PM
Continuous protection is a good idea
Bankim Tejani has come up with an excellent idea. Scanning cloud applications as they start or restart is continuous protection, instead of occasional, manual protection. If there's any suspicion of intrustion, shut it down and restart. And the central idea of automating the task is a core idea of cloud operations. With such a scanning procedure in place, the public clolud would become a more secure scene of operations than most enterprise data centers.
Stratustician
Stratustician,
 User Rank: Moderator
1/7/2014 | 1:34:53 PM
Secure begins in VM infancy
A great article, with some really great advice on how to properly secure these environments.  Another point to perhaps bring up is to create a secure VM image that is used to create additional VMs.  This way you can almost guarantee the right security controls are in place as long as they exist in the master image.  This means spinning off new VMs are quicker, more secure and have the right policies in place right from the start.
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
1/7/2014 | 1:07:34 PM
Re: Cloud security -- FedRAMP
Thanks for the heads up about FedRAMP, Wyatt. I notice they have a cloud best practices document with a section devoted to cloud security. To access the link, click here
WKash
WKash,
 User Rank: Apprentice
1/7/2014 | 11:31:40 AM
Cloud security
Any enterprise that wants a glimpse of what industrial strength cloud security controls look like should take a closer look at the FedRAMP protocols and controls establshed by the federal government and gaining wider adoption by leading cloud service providers.

Not familiar with FedRAMP? Read more at http://www.informationweek.com/security/risk-management/qanda-fedramp-director-discusses-cloud-security-innovation/d/d-id/1112142 or visit www.fedramp.gov.

 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1172
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
CVE-2023-1469
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2023-1466
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
CVE-2023-1467
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
CVE-2023-1468
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...