Cloud Cybersecurity

Ninety-nine percent of IaaS misconfigurations remain unnoticed by businesses: McAfee

Infrastructure as a Service (IaaS) has become a must-have asset for businesses of all sizes. It is being used in IT environments to build and host internal and customer applications. However, in the rush of adopting IaaS, the businesses are not paying enough attention to security.

According to a new report by McAfee, 99% of the misconfigurations in IaaS remain unnoticed. This shows that the businesses aren’t aware of the new Cloud-Native Breaches (CNB). They are expecting only the cloud provider to handle the security. However, IaaS is a cloud shared-responsibility model. Not having security practices in place can put the cloud and sensitive data at risk.

IaaS security: Key findings of McAfee IaaS Adoption and Risk Report

McAfee’s IaaS Adoption and Risk Report covers the IaaS security incidents in the cloud. Here are highlights of the report:

  • Rise of Cloud-Native Breaches

IaaS environments experience several security incidents, but these incidents are different from the typical malware-based attacks. Mostly, there are Cloud-Native Breaches (CNBs), which capitalizes on the misconfigured, native features of the cloud.

McAfee defines CNB as an opportunistic attack on the data left open by errors in the way cloud environments are configured.

Also read: Organizations have 14 misconfigured public cloud services running at any given time: McAfee study
  • Only 1% of misconfigured IaaS incidents are known

Businesses are aware of only 1% of IaaS security incidents. Respondents said that they witness average 37 such incidents every month. However, the reality is they experience 3,500 incidents per month.

This shows that 99% of misconfigurations are remaining unnoticed by companies.

  • Enterprises taking plenty of time to correct IaaS misconfigurations

When asked about the time taken to fix the IaaS misconfigurations, around a quarter of businesses take more than a day to fix it. This means that the attackers have a lot of time to scan for open ports and carry out the attack.

Only 18% of businesses correct the misconfigurations within minutes.

  • Only 26% of companies able to audit IaaS misconfigurations

McAfee finds that only 26% of businesses are able to audit the IaaS misconfigurations using existing security tools.

The reason behind most of the businesses not having the right tools in place is that there is a disconnect between CXOs and IT practitioners. 90% of businesses reported some sort of IaaS security issues. However, most of the IT managers believed that they never experienced such issues.

Related reading: Legacy tools put organizations to survival mode rather than digital transformation: Forrester
  • 92% of businesses use multiple IaaS providers

When asked about the number of IaaS service providers being used, 76% of respondents said that the multiple IaaS providers. However, the real-world data by McAfee shows that 92% of businesses are actually using multiple providers.

This reveals that security incidents are going to occur if the businesses aren’t even aware of where their infrastructure lives.

  • Azure and AWS—most used IaaS providers

Microsoft Azure (67%) and Amazon Web Services (AWS) (57%) are used by most of the businesses for IaaS services. Google Cloud Platform (GCP) and IBM Cloud are used almost equally, followed by Oracle Cloud and Alibaba Cloud.

Suggested reading:  48 million social media records exposed publicly in misconfigured cloud instance

Best practices to mitigate IaaS security incidents:

The leading IaaS providers including AWS, Microsoft, Google, and others are continuously upgrading and making things easier for businesses to deploy infrastructure. But to reduce the overall risks, the businesses will need to follow some best practices, as follows:

  1. Develop IaaS configuration auditing into the CI/CD processes
  2. Evaluate the IaaS security practices using a framework
  3. Invest in cloud-native security tools
  4. Train the security teams

For detailed insights, download the full Cloud-Native: The Infrastructure-as-a-Service (IaaS) Adoption and Risk Report.

Images source: McAfee

Articles Cloud

Managed Services are bringing new business opportunities for Microsoft 365 partners: Forrester

The importance of managed services is continuously increasing for the Microsoft 365 partners. According to the recent Forrester Total Economic Impact Study, commissioned by Microsoft, the managed services will become all the more important in the financial year 2020 (FY20).

Providing managed services helps the partners to improve their overall engagement rate and profitability. As per Forrester, the demand for managed services has increased for the teamwork and security and compliance services.

Partners prefer managed services to develop more strategic partnerships with their customers. Using these services, they are also able to create more accurate long-term planning, budgeting, and investing. The partners have been able to convince their customers that to digitally transform the organizations, they will need to use services like Microsoft Azure and Microsoft 365.

What are managed services?

A Managed Service Provider (MSP) bears the responsibility for the functionality of an organization’s IT services and infrastructure, so the business can focus on its core competencies.

Thus, in the managed model, the MSP partner takes on, runs and transforms an organization’s business operations and processes to increase its productivity and operational efficiency.

The demand for managed services is largely driven by various factors, some of which include:

  • Volatile, unpredictable macroeconomic environment.
  • Increased pressure to innovate while keeping pace with technological advancements.
  • Need to meet the demands of regulatory compliance.
  • Lack of internal and deep technical expertise.

Managed Services Market trends that are driving opportunities for partners

What’s driving the opportunities for managed service providers?

Let’s have a deep dive into the current market trends and opportunities:

  • Need for building out security capabilities

Businesses of all sizes (both SMBs and large enterprises) are realizing the need for developing their security capabilities. The aim is to achieve security readiness and empower their in-house teams to transform the company digitally.

One of the biggest pain points for businesses is that most of them don’t have a dedicated IT team to take care of security capabilities. Partners address this pain point by providing security expertise integrated with managed services.

Microsoft 365 partners are helping businesses to decrease the number of agents on endpoints by making them adopt Microsoft 365 security stack. It also helps customers to simplify the monitoring and remediation of vulnerabilities.

  • Management of unified collaboration

Managed services are also being used to support and manage the unified collaboration transformation. While collaboration services like Microsoft Teams are easy to use, partners found that the businesses are finding it difficult to apply security and governance components required to make the most of the collaboration services.

Additionally, the businesses are realizing that they have to interact with partners to leverage the full potential of Microsoft Teams. What partners do is configure the crucial components which improve the user experiences.

According to Forrester, “this has created new opportunities to deploy new solutions, add service wrappers, and layer on custom-IP business solutions.”

Most of the partners said that they see Teams as the new starting for selling Microsoft 365.

  • Maximum utilization of licenses

Businesses want to make the most of their licenses. They do this by leveraging more of their Microsoft licenses to meet the existing demands, or by consolidating their existing application stack.

Managed service provider industry has invested the last year to show the businesses that the Microsoft security and communication stacks are stronger. These stacks can take care of the changing requirements of businesses of all sizes.

  • Management of conference rooms and telephony systems

Businesses are looking to replace their existing legacy PBX solutions and transfer the dedicated meeting room systems to a single platform based on Microsoft 365. They want to be effective by using transformational initiatives.

Microsoft 365 partners here have the opportunity to win these deals by providing businesses management offerings.

Full Forrester report is available here.

Wrapping up:

These managed services trends in 2019 indicate advanced teamwork, including meeting and calling for enterprises. Also, the security, compliance, and modern desktop services are also driving the demand for managed services among SMBs as well as large enterprises.

What according to you is the future of managed service providers?

Cloud Cloud News Datacenter

Cloud and service providers to drive growth in datacenter capacity: 451 Research

The growth of global datacenter installed-base is expected to experience a decline of 0.1% CAGR during the forecast period (2019 to 2024), finds the leading tech analyst firm 451 Research.

The new research, titled Datacenter Services and Infrastructure Market Monitor report, reveals that more than 50% of the utilized racks will be at off-premises facilities by 2024. The utilized racks don’t include server rooms, closets, micro datacenters, and telco hubs. The off-premised facilities include the cloud and colocation sites.

Despite the slight decline in growth of datacenter installed-base, the overall capacity (in terms of space, power, and racks) will rapidly rise. This is because more and more businesses are moving towards larger datacenters.

The research highlights that cloud and service providers are expected to drive the growth in datacenter capacity.

Related read: Interconnection and managed services necessary for datacenter providers to stay alive in cloud era: 451 research

“Across all owner types and geographic locations, cloud and service providers are driving expansion, with the hyperscalers representing the tip of the spear,” said Greg Zwakman, Vice President of Market and Competitive Intelligence at 451 Research.

“We expect to see a decline in utilized racks across the enterprise, with a mid-single-digit CAGR increase in non-cloud colocation, and cloud and service providers expanding their utilized footprint over 13%,” he added.

Server rooms and closets together hold a share of around 95% of the total datacenters. However, only the 23% of the racks has been utilized in 2019.

451 Research further indicates that 60% of the enterprise datacenter space is held by the datacenters that are smaller than 10,000 sq. ft.

The demand for datacenter racks will be significantly driven by IoT workloads and IoT data storage. As per the report, the growth will be around 46% during the forecast period. By the end of 2024, the IoT workloads and data storage will hold nearly 15% of the total datacenter racks worldwide.

The average size of a multi-tenant datacenter (MTDC) is around 9x larger as compared to an enterprise datacenter (not including the rooms/closets and micro DCs/telco hubs) in 2019.

451 Research also found that the top 6 hyperscalers around the world hold 42% of the total racks utilized by cloud and service providers in 2019. This will grow with a CAGR of 18% to reach 50.4% by 2024.

Also read: Legacy tools put organizations to survival mode rather than digital transformation: Forrester

Articles Cloud

Cloud Hosting – The Best Option for Small Business?

So . . . You have a website, now you need to decide on the type of web hosting you need to pay for each month.

It’s complicated: Not least by all the less than truthful reviews you read when you try to check out your options.

Read on.

Web Hosting 101

Your website needs to be on a computer that is accessible to everyone. You could host your site on your office PC, but don’t go there because there are all sorts of technical and security issues if you do that.

Image source

Web hosting companies specialize in holding website code on their computers. They have the technical expertise to protect your website against hackers and to advise site owners. The best hosting companies also invest in replacing hard disks before they fail, ultra-fast data connections to the internet, and in training their support engineers. All this costs money, so don’t expect good web hosting to be free.

Hosting Technical Terms

Web hosting sites attempt to bamboozle readers with statistics and technical terms. They also omit the crucial data you need to make a rational decision on the hosting your company needs.

Unlimited Bandwidth – Bandwidth is used whenever someone visits your website. Unlimited bandwidth sounds great because it means an infinite number of people can visit your company site 24/7. That’s the theory anyway. Sadly it doesn’t work like that. There are “Fair usage” restrictions hidden away in the small print, and there are other factors such as demands on the computer CPU that limit the number of users on your web pages.

Bandwidth is cheap, so “unlimited bandwidth” makes a good headline, but it is meaningless.

Unlimited Disk Space – Every word of text, every image or video on your site requires disk space: Unlimited disk space sounds essential. However, “fair usage” restrictions often apply.

Disk storage space gets cheaper every month, so unlimited storage makes a great headline to distract customers from the real limitations on their hosting accounts.

Unlimited URLs – If you pay more you can host an unlimited number of websites on the one account.

But you only have one, so why would you need the ability to host one hundred sites? You don’t.

CPU Usage – This is the limiting factor on almost every web hosting account. Your website needs more computer CPU usage when it has more pages, videos, and photos. More visitors accessing your web pages also means you will need more CPU time.

Hosting companies rarely mention CPU usage restrictions, but these are the true bottlenecks, the true limiting factors on any website.

Different Hosting Types

Shared hosting – Your site is on a hard drive along with hundreds of others. It’s cheap because your share of the CPU is extremely limited. Your management of the site is simplicity.

VPS hosting – Your site is still on a hard drive along with many others, but you get a higher share of the available CPU. Managing your site is a bit more complex, but is not difficult

Dedicated hosting – You get your own hard drive and the CPU is all yours. Managing your website is much harder.

WordPress Hosting – If you have built your website using WordPress this might be worth considering. It is usually shared hosting that is optimized for WordPress websites, sometimes with the hosting company looking after updates, installing extra security, and using specialist support staff.

Cloud Hosting Explained

Cloud hosting is the most flexible hosting you can buy.

Why do you need flexibility? If you have a traffic spike on a traditional hosting account you will run into your CPU restriction and your web host will limit access to your website. When would-be customers find your site unavailable, they might assume it is your fault, so they think poorly of you and move on to your competitor’s site to buy what they wanted to buy from you.

Cloud hosting does not boast of unlimited bandwidth and disk space for one flat fee per month: Rather, you pay for what you use. Paying for bandwidth used might well cost you less than a good quality shared hosting account.

You can find cloud hosting accounts that automatically allocate more CPU and bandwidth resources if you get a sudden traffic spike. You have to pay for the extras, but your site remains available and your users remain happy.

Some cloud hosting accounts host your website data on multiple computers, so if one hard drive fails (as they do), your web pages are still available.

Cloud Hosting Vs. Shared Hosting

Shared hosting is perfect for bloggers and personal websites. It works as a start-up option for businesses, but as your user numbers increase your shared hosting will crash your website more often as you exceed your CPU allowance on the shared server.

Cloud hosting is perfect for small businesses because your website stays up and you can always increase server resources to meet any increase in demand.

Avoiding Poor Web Hosts

Not all hosting companies are the same. If you pay less, you get less.

Some of the most-advertised web hosts have very low customer satisfaction ratings.

Hosting companies pay large commissions to people who send them leads, so reviews are often biased. Never believe a blogger’s review of a particular host: Instead look for independent review sites that compile reports from thousands of hosting users.

If you are looking for the best cloud hosting, pay special attention to user reviews because different cloud hosts offer different levels of service.

Screenshot source

Executive Summary

Cloud hosting is the best option for small business websites: It is simple to manage, secure and flexible.

Find an independent review website that bases its ratings on hundreds of reviews from actual users of the different hosting companies.

READ NEXT: Different Types of SSL Certificates: How to Choose the Suitable One?

Cloud Cloud News

Atlassian revamps cloud products plans, improving choice and security for customers

Atlassian is making a major update to its cloud platform to improve choice and security for the customers.

Having more than 150k customers globally, Atlassian is a leading provider of enterprise productivity software. The main products of Atlassian include Jira, Confluence, Trello, HipChat, to name a few.

The company is now unveiling new premium plans for its cloud products which will come with advanced features and support. New free plans are also coming for Jira Software, Confluence, Jira Service Desk, and Jira Core.

“It’s clear that our customers see their future in the cloud. And they continue to choose Atlassian as their trusted partner. In fact, more than 90 percent of our new customers start with one of our cloud products,” wrote Scott Farquhar, co-founder and co-CEO of Atlassian, in a blog post.

The new plans for Atlassian cloud products include Cloud Premium for Jira Software and Confluence, free plans for Jira Software, Confluence, Jira Service Desk, and Jira Core, as well as discounted cloud pricing for academic and non-profit customers.

Cloud Premium was launched last month which is now available for Jira Software and Confluence. It will soon come to Jira Service Desk as well. This plan will provide scalability, advanced features, unlimited storage, premium support, and high uptime SLA.

Also read: Top 5 collaboration tools for DevOps teams

Free plans for Jira Software, Confluence, Jira Service Desk, and Jira Core will be available in the coming months. These plans are aimed to provide a set of key capabilities for team collaboration to small businesses.

For eligible academic organizations, Atlassian will offer its services at a 50% discount, while non-profits get a 75% discount.

Along with these, Atlassian is also rolling out security and data privacy upgrades. The cloud products will now have data residency for customers demanding greater control over the location of their data. Enterprises will be able to customize product access with custom domains, and encrypt data at rest and in transit. This will help in protecting unauthorized access.

Furthermore, the new Atlassian Trust Center will provide enterprises latest security, privacy and compliance roadmap for their products and services.

“For more than a decade we have been providing world-class cloud software, and this major platform update reaffirms our focus on the cloud and our future strategy,” concluded Scott.

“The changes will also improve the transition to cloud, and provide better data control and security.”

Cloud Cloud News Datacenter Event

Join the leaders in data center and cloud at Datacloud Africa Leadership Summit 2019

The data center market in Africa is expected to grow at a CAGR of nearly 14% from 2018 to 2024. –

The demand for data center colocation services in Africa has significantly grown in recent time. This growth in demand is because of the improvement in connectivity levels and an increase in data traffic volumes. The digital transformation in Africa has got accelerated and the market requires servers, power, connectivity, and server space.

Researches show that the Africa data center market is experiencing most of the investments from telecom and enterprises. Big public cloud players like Amazon Web Services (AWS) and Microsoft Azure are entering the Africa market.

Talking about the cloud market in Africa, it will double in size over the next five years. By the end of 2019, the market will be worth $1.7 billion.

To focus on investing, powering, connecting, and deploying data centers across Africa and discuss the challenges for Africa’s digital economy and growth, the Datacloud Africa Leadership Summit 2019 is returning on 26th September at Movenpick Ambassador Hotel, Ghana.

Datacloud Africa Leadership Summit 2019: Overview

Datacloud Africa is a premium forum for data center and cloud leaders in Africa. The event will host more than 40 leading speakers from across the continent and attract delegates from over 50 countries.

The one-day summit is a foremost networking and business deal-making platform for data center and cloud players, their customers, investors, as well as suppliers.

There will be more than 250 attendees from nearly 140 companies, including Vertiv, Starline, Legrand, Schneider Electric, Africa Data Centres, Rack Centre, Data Economy, to name a few.

Leading speakers at DataCloud Africa

  1. Mulang Mika, Internet Affordability Activist & Cloud Architect, Microsoft
  2. Dr Olufemi Oyenuga, Chief Customer Architect, Oracle
  3. Selorm Adadevoh, Chief Executive Officer, MTN Ghana
  4. Ayotunde Coker, Managing Director, Rack Centre
  5. Stephane Duproz, Chief Executive Officer, Africa Data Centres
  6. Ezekiel Egboye, Chief Operating Officer, Rack Centre
  7. Pierre Havenga, Managing Director MEA, Vertiv
  8. Wouter van Hulten, Chief Executive Officer, PAIX Data Centres
  9. Eben Owen, Sales Director, Africa, Uptime Institute

Find the full list of speakers here.

Main topics to be discussed at Datacloud Africa

  • Market Analysis – Africa’s Digital Journeys
  • Power Security and Development for DC Infrastructure
  • Building World-Class Infrastructure to meet growing Local needs
  • Building the Digital Factory
  • Africa’s Digital Highways – Advances in Subsea, Terrestrial and Wireless Connectivity
  • Cloud Provider and Enterprise Customer Engagement Strategies
  • Workforce Development and Retention for Africa’s Digital Economies
  • Internet Affordability: A key driver for digital transformation in Africa

The complete agenda is available here.


The summit will also feature an award ceremony where the judges will choose the winners from all the nominees. There are seven categories:

  1. Africa Data Centre Service Provider of the Year Award
  2. Africa Cloud Service Provider of the Year Award
  3. Excellence in Data Centre Award: Africa
  4. New Data Centre of the Year Award: Africa
  5. Global Connectivity for Africa Innovator of the Year
  6. Africa Data Centre Location of the Year Award
  7. Africa Data Centre Energy Innovator of the Year

Eligible companies can nominate themselves for the award here.

Register now!

Register today to save 20% on your tickets by using our discount code- DHNDCA19.

DHN is the official media partner of the event. Stay tuned with us for updates.
Cloud Cloud News Datacenter Event

Datacloud Ireland: Join the leaders in cloud and datacenter to discuss innovation, trends & more

Cloud computing is shaking up almost every industry today, and generating billions of dollars in revenue. It’s not showing any sign of slowing down. According to Gartner, the global cloud services industry will grow 17.5% this year and reach $214.3 billion. This growth will be exponential through 2022.

Further, the cloud services market is projected to experience nearly 3x the growth of overall IT services market.

Here are some quick cloud market statistics:

  • 28% of spending in key IT segments will shift to cloud by 2022— Gartner
  • 94% of enterprises around the world are using cloud— RightScale
  • In Europe, 26% of businesses used cloud computing in 2018, mostly for email and storage—Eurostat
  • Cloud services market revenue in Europe will reach $43.22 billion by 2021, up from $29.74 billion in 2016—Statista
  • More than third of businesses see cloud investments among the top 3 investing priority. By the end of 2019, over 30% of the new software investments will shift from cloud-first to cloud-only—Gartner

To help businesses discuss innovation in the cloud and datacenter, collaborate, do business deals, and know future trends, the Datacloud Ireland conference is returning for the 3rd year on 18th September at Conrad, Dublin.

Datacloud Ireland—At a glance

Datacloud Ireland is an ideal meeting place for the datacenter and cloud ecosystem in Dublin. With the theme—Opening Minds. Closing Deals, the one-day conference will bring together senior executives from the industry to discuss, collaborate, learn the latest trends in cloud and datacenter, and more.

The event will explore the way Ireland is evolving as an international hyperscale hub and highlight colocation opportunities available. Over 140 companies and 250 attendees from 15 countries will be there at the event.

The experts will also share insights on the development of Dublin as a smart city and the recently announced Nordic-Irish partnership for smart and sustainable city development, connectivity, the role of Artificial Intelligence (AI), edge computing, power situation in Ireland, etc.

Conrad, Dublin

Expert speakers at Datacloud Ireland 2019

John Halligan TD, Minister of State for Training, Skills, Innovation, Research and Development, Government of Ireland will open the Datacloud Ireland. He will talk about the challenges and opportunities in the datacenter sector, skills gap and the role of regulation.

The main speakers at the event will include:

  1. Stephen Brennan, Chief Digital Advisor, Irish Government
  2. Stephen Byrne, Datacentre Lead, Mercury
  3. Garry Connolly, President and Founder, Host in Ireland
  4. Seamus Dunne, Managing Director, Interxion, Ireland
  5. Rod Evans, Director EMEA, High Performance Computing & AI, Nvidia
  6. Peter Marin, Chief Executive Officer, T5 Data Centres
  7. Fabien Vieau, Principal, Data Centers Energy & Location Strategy, EMEA, Google

The full list of speakers is available here.

Main topics to be discussed at Datacloud Ireland

  • Challenges and opportunities for a world-leading data centre sector
  • Key trends and new technologies shaping the data centre landscape
  • Diversity of market requirements in the US vs European Edge deployments
  • Setting a new pace in transatlantic fibre
  • The power situation in Ireland
  • Ireland’s connectivity status
  • What makes a good investment in a data centre
  • Accelerating the digitalisation of the Irish Economy
  • Truth-busting the 5G myth
  • Disruption within the data centre
  • Shedding light on Artificial Intelligence

Register now

Register today to save 20% on your tickets by using our discount code- DHNDCI19.

DHN is the official media partner of the Datacloud Ireland 2019. Stay tuned with us for updates.
Cloud Newss

New Forbes Insights Report shows CISOs believe capabilities of attackers are outpacing their ability to defend their organizations

Survey reveals how CISOs are shifting priorities and security strategies to manage increasingly advanced threats with limited resources

Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, today announced a new report by Forbes Insights it commissioned titled “Making Tough Choices: How CISOs Manage Escalating Threats and Limited Resources.”

The global survey polled CISOs across various industries about the biggest challenges they’re facing and strategies they’re putting in place to address these obstacles.

The survey found that 84 percent of CISOs believe the risks of cyber attacks will increase and almost a quarter believe the capabilities of attackers are outpacing their ability to defend their organization. This issue is compounded with limited resources, including lack of sufficient budget and skilled professionals as well as a threat attack surface that is quickly expanding and becoming more sophisticated.

Because of this, security leaders understand it is critical to have the right strategies in place as they face an arms race between the capabilities of attackers and their own defense postures.

“The Forbes Insights survey echoes the primary challenges we hear directly from Fortinet customers and prospects. Today’s CISOs are tasked with the challenge of allocating limited funds and resources to the highest-return cybersecurity projects which can range from breach detection to response. These C-level security leaders must maximize security with finite resources, all while balancing strategic leadership responsibilities and tactical issues. Through the Fortinet Security Fabric, Fortinet is providing end-to-end security so that CISOs can navigate a rapidly changing cyber threat landscape day in and day out,” said John Maddison, EVP of products at Fortinet.

Related read: Customer credentials, API keys, SSL exposed in Imperva security incident

Other key takeaways from the Forbes Insights report include:

  • CISOs are increasingly implementing AI technologies to cybersecurity. Forty-eight percent of security leaders are focused on seamlessly integrating security into their network operations and 45 percent are shifting and changing their cybersecurity strategy toward advanced analytics for greater visibility into their environments. AI, like machine learning, and analytics relieves IT teams time away from monotonous tasks, so they can focus on business-critical tasks such as identifying anomalous behavior in their networks and responding to threats quickly.
  • CISOs would like to allocate more of their budget to detection and response. According to the survey, security leaders are currently allocating an average of 36 percent of their security budget on response. However, in an ideal world, they would shift their resources from prevention to bolster detection and response. The survey found they’d increase response to be 40 percent of their budget.
  • Cybersecurity training and education for employees is key. The Forbes Insights survey found that CISOs believe talent and training constraints have a significant impact on their organizations. As a result, CISOs are paying more attention to educating their own employees on best practices and building cybersecurity awareness in order to prevent and reduce internal threats.
  • CISO are constrained by the lack of an adequate budget. While threats are expanding, CISOs find that their resources, including budget, remain limited. A third of CISOs surveyed in the report felt that the lack of an adequate budget is having a significant impact on their cybersecurity program.
  • A top priority for CISOs is safeguarding customer data and intellectual property. More than a third of respondents said protecting their organization’s brand is top of mind. More than 36 percent of CISOs selected customer data as the highest priority for protection. A majority of respondents also shared they are focusing on protecting intellectual property as one of the most important assets in their care, which they believe is another core target of most malicious actors.
Cloud Cloud News Newss

Customer credentials, API keys, SSL exposed in Imperva security incident

The leading cybersecurity software company Imperva has revealed a security incident that impacted its Cloud Web Application Firewall (WAF) product, formerly called Incapsula. Because of the incident, the data of customers got exposed.

Imperva learnt about the data exposure from a third party on Aug 20, 2019. The data of the customers who are using Incapsula for the last two years was exposed.

The exposed data included email addresses, hashed and salted passwords. Along with this, the API keys and customer-provided SSL certificates of some of the customers were also impacted.

Imperva provides data security and app security solutions to enterprises, which includes WAF, DDoS Protection, Data Protection, API Security and more. The recent security incident is only impacting the Cloud WAF solution.

In a blog post, Imperva CEO Chris Hylen mentioned that the company has activated an internal data security response team to find how the exposure occurred. The cybersecurity firm is also working with global regulatory agencies and forensic experts.

For the product in question, Imperva has applied forced password rotations and 90-day expirations.

Also read: Microsoft finds two new wormable vulnerabilities in Remote Desktop Devices

To protect against the Imperva security incident, customers need to follow a number of security measures, such as changing user account passwords, implement Single Sign-on (SSO), enable two-factor authentication, upload new SSL certificate, and reset API keys.

“We profoundly regret that this incident occurred and will continue to share updates going forward,” wrote Chris Hylen.

“In addition, we will share learnings and new best practices that may come from our investigation and enhanced security measures with the broader industry. Imperva will not let up on our efforts to provide the very best tools and services to keep our customers and their customers safe.”

Cloud Cloud News

VMworld US 2019: VMware transforms vSphere into Kubernetes native platform

At VMworld US 2019, VMware revealed its vision to develop a software architecture that can enable “any app, on any cloud, to any device.”

Pat Gelsinger, the CEO of VMware, took the stage at VMworld and talked about the way VMware is redefining the things possible from cloud and Kubernetes to networking, security, and digital workspace, using modern technologies like artificial intelligence (AI) and 5G.

“VMware is committed to providing software solutions to enable customers to build, run, manage, connect and protect any app, on any cloud and any device,” said Pat Gelsinger. “We are passionate about our ability to drive positive global impact across our people, products and the planet.”

The company made a raft of announcements related to its entire portfolio of services. One of the biggest announcements at VMworld US 2019 is the tech preview of Project Pacific that will transform VMware vSphere into a Kubernetes native platform.

Another new set of products and services coming for the enterprises is VMware Tanzu. It will help customers to develop modern apps and run Kubernetes consistently. Furthermore, customers will also be able to manage Kubernetes clusters from a new single place—VMware Tanzu Mission Control.

The Mission Control is currently available for tech preview. It allows management of Kubernetes clusters whether they are running on vSphere, cloud, managed services, or packed distributions.

Recently, VMware had acquired Pivotal Software and the company is now well-positioned to provide enterprise-level Kubernetes services for modern apps.

“Organizations are seeking a partner to meet them where they are today and guide them as they move to modern applications,” said Raghu Raghuram, chief operating officer, Products and Cloud Services, VMware.

“We’re positioned to help customers succeed along each step of their journey—building their applications with the addition of Pivotal’s developer platform, tools and services; running their applications with the groundbreaking Project Pacific which will transform vSphere into a Kubernetes native platform; and managing their growing Kubernetes footprint across environments from a single control point with VMware Tanzu Mission Control.”

Apart from these, the software virtualization giant has formed a strategic partnership with NVIDIA to speed up machine learning, data science, and AI workloads on VMware Cloud on AWS. It will help customers in migrating, modernizing and deploying the next-generation apps.

Page 2 of 28
1 2 3 4 28