When it comes to securing a public cloud infrastructure, many organizations are under the impression that the workloads they run are secured by their cloud services provider. This just isn’t so, and the lackadaisical attitude has resulted in a number of high-profile breaches, including the exposure of 1.8 million records pertaining to U.S. voters.
Despite regulatory mandates and years of costly data breaches in the healthcare industry, a recent survey found that less than one-third of healthcare organizations say they have a comprehensive cybersecurity program in place.
First the good news: according to a published report there were more than 16,000 software vulnerabilities disclosed during the first nine months of this year. Now, that’s quite a few vulnerabilities that could enable attackers, exploits, and malware to scurry onto an enterprise environment. However, it is 7 percent fewer vulnerabilities than 2017.
If your organization has a healthy cybersecurity culture, consider yourself lucky — less than five percent of organizations do.
DevOps has come a long way since it got underway in full force nearly ten years ago. As was recently made clear at this year’s DevOps Enterprise Summit (DOES) in Las Vegas, DevOps organizations have been successful when it comes to knocking down organizational silos, optimizing the delivery of software services and functionality, and shortening the time it takes to deliver digital value to customers. DevOps organizations are delivering better business outcomes.
While many had hoped that along with the rise of cloud computing would come a more simple era of enterprise computing. In some ways, it has. With software as a service enterprise no longer have to contend with managing the infrastructure to support so many applications. With infrastructure as a service enterprises can cut the amount of infrastructure they must manage. It’s reduced the amount of infrastructure and applications that must be directly protected, patched, and maintained. But the era of more simple computing never arose.
The Center for Medicare and Medicaid Services (CMS) announced that it has detected anomalous activity in its Federally Facilitated Exchanges (FFEs) Direct Enrollment pathway for agents and brokers. This is the system that enables agents and brokers to help consumers with their coverage applications to the FFEs. One can imagine the type and quantity of sensitive information shared on these systems.
It was late September when the news broke that the personal data of 1.5 million citizens had been stolen from a government health database in Singapore, SingHealth. While authorities called the attack targeted and well-planned, the evidence coming out points to potential mismanagement of the server as being the likely culprit.
Much like the early days of virtualization, containers got a bum rap when it came to data security. I say this because just like virtualization, securing containers is more about securing what is happening inside, rather than the security of the wrapper.
We’ve been writing for a few years now about the dangers of connected medical devices and how the U.S. F.D.A. has sought to increase the security of these devices. Previously, in St. Jude Takes Steps to Secure Vulnerable Medical Implants we covered the security surrounding St. Jude medical devices. We covered how the FDA Seeks Secure Medical Device Development Lifecycle and the FDA Prescribes Safer Path for Connected Medical Devices.
As business-technology systems grow more complex, so does the need to automate essential management and security processes. With hybrid cloud architectures, DevOps management approaches, and continuous software delivery pipelines, organizations need to automate as many processes as they can automate. For those tasks that require little or no deviation, many enterprises are turning to Robotic Process Automation (RPA).
Despite it being considered an essential practice, most organizations still find it difficult implementing security into their DevOps efforts. It’s not that they don’t want to, they say they do, it’s that they just haven’t provided their developers the tools, processes, or even training to get it done. These are the findings of a report recently released by application security vendor Checkmarx.
