Subscribe to Email Updates


All about Virtualization and Cloud Security | Recent Articles:

The Growing Importance of Cloud Workload Security

Jul 22 by Bob Violino
  • A growing number of organizations are increasing their use of the cloud.

  • These workloads, including databases, transactions, and analytics, are vital to business operations.

  • Cloud workloads are different from regular endpoints which is why security teams need to deploy platforms specifically designed to protect these resources.

It’s no surprise that the cloud now dominates the modern IT infrastructure landscape. More and more workloads are shifting to cloud services, as organizations look to reap the benefits of the cloud computing model. The flip-side of this trend is that cyber criminals also see opportunity and are constantly looking for and finding new ways to exploit weaknesses in the cloud. That means cyber security leaders and teams need to focus on bolstering cloud workload security.

Businesses See the Cloud as Vital to Growth

The results of a survey by professional services firm PwC highlight that business leaders across the C-suite are seeing the cloud’s vital role in both defining and achieving their organization’s growth and operational ambitions, and they have high expectations for what the cloud can deliver for their organizations. A majority of executives in the survey (92%), say their companies are “all-in” on the cloud or have adopted it in many parts of the business.

Spending on Cloud Services Continues to Rise

Perhaps the best proof of cloud acceptance among organizations is that they are spending more on cloud services. An April 2021 report by research firm Gartner shows that worldwide end-user spending on public cloud services is forecast to grow 23% in 2021, totaling $332.3 billion. That’s up from $270 billion in 2020.

The events of 2020, namely the Covid-19 pandemic, allowed CIOs to overcome any reluctance to moving critical workloads from on-premises to the cloud, according to the report. In addition, emerging technologies such as virtualization, containerization, and edge computing are becoming more mainstream and driving additional cloud spending.

A number of key business workloads are suitable for cloud environments. These include database workloads to support a number of business processes; transactional workloads such as billing and order processing; batch workloads to support back-office operations; and analytic workloads to analyze data for business insights.

As more companies become aware of the economics of using the cloud, it’s likely that the workload shift away from on-premises systems will continue. Unfortunately, this also creates a growing number of targets for cyber criminals.

New Security Issues with Cloud Adoption

The security issues involved with the cloud are different from those associated with on-premises systems and endpoints. The cloud encompasses a more diverse and highly connected architecture, and much about it is out of an organization’s control. It’s also more dynamic, with machines being created, moved across servers and clouds, and deleted dynamically—sometimes existing just for a few seconds.

Many of the typical endpoint security tools available are not necessarily suited for cloud environments and some of the point solutions that evolved specifically for some of these environments are narrow in scope.

Importance of Cloud Workload Security Platforms

This is why adopting a dedicated cloud workload security platform is important. Such a platform should offer integration between on-premises and cloud services and provide the scalability, visibility, as well as advanced security designed to work within a dynamic cloud environment.

Vendors that can provide cloud and on-premises-based cloud workload security platforms can deliver comprehensive cloud workload protection and posture management to their customers, according to a Forrester Wave report from Forrester Research.

The report, which includes a detailed evaluation of cloud workload security providers, notes that “customer needs in securing workloads are changing. Old-school, on-premises security tooling [for example, security analytics/security information and event management, endpoint detection and response] no longer cut it.”

Organizations today have to monitor and control the proliferation of cloud workloads comprehensively across multiple tiers, Forrester says. When addressing cloud workload security, they should look for platforms that offer features for guest operating system native protection. “Many of the threats in workloads are still traditional changes to configuration files and network intrusions,” the report says.

Security teams need tools that offer memory integrity monitoring, host-based firewalls, and intrusion detection/prevention, and allow for scalable deployment of protection to a large number of workloads without interruption, the study says.

Learn more about how Bitdefender Gravityzone can help improve your security posture and protect mission-critical assets.

Read More

Technical Advisory: SeriousSAM – Windows 10 Flaw Can Be Used by Malicious Actors to Obtain Administrator Rights

Jul 21 by Martin Zugec

Newer versions of Windows 10 (build 1809 - 2018-present) may be vulnerable to a local privilege escalation enabled by misconfiguration on the Security Account Manager (SAM) database file. SAM is a database file that stores password hashes for all local user accounts. (This file can be found in folder %SystemRoot%\System32\Config\SAM and it is mounted in registry under HLKM\SAM.)

Read More

Effective Healthcare Security Is Much More Than Compliance

Jul 21 by George V. Hulme

When it comes to managing the security of their data and business-technology systems, many healthcare enterprises focus heavily on regulatory compliance efforts, such as their HIPAA security and patient privacy mandates. This is for an excellent reason — noncompliance can lead to costly fines and the ire of regulators. While it’s likely that focusing on regulatory compliance can incrementally improve security, that shift alone won’t take the organization to the level of security maturity it needs to have to protect against today’s threats such as ransomwar.

Read More

Cloud Breaches to Become Faster and Bigger, Research Suggests

Aug 10 by Alina Bizga

Cloud breaches continue to riddle organizations’ threat landscape, with misconfigured cloud storage services and poor security practices leading to more than 200 breaches in the past two years, according to the latest Accurics report.

Read More

Cybercrime to Cost $5.2 Trillion over Next 5 Years; High-Tech Industry Most at Risk

Jan 23 by Luana Pascu

Businesses are struggling to develop cyber resilience to fend off attacks as they seek to create flawless operations and to scale systems. Efficient cybersecurity in an advancing digital economy is no easy goal, as many factors are at play, including third-party risks and increased attack surface, as a result of extensive interest in IoT deployments. This is why corporates and governments need to work together to set up priorities to help enable digital transformation and build trust through proper safeguards on consumer data privacy.

Read More

Anthem Agrees to $16 Million Settlement Following Compromise of 80 Million Health Records

Oct 17 by Luana Pascu

Anthem, the second-largest health insurer in the US, will pay $16 million to the US Department of Health and Human Services, Office for Civil Rights following a data breach that exposed the electronic protected health information (ePHI) of almost 80 million people. Anthem will also initiate a corrective action plan to include thorough risk analysis and regular reporting.

Read More

Amazon Hit from Within, Employees Leak Proprietary Data for Profit

Sep 20 by Luana Pascu

Insider threats are nothing to joke about -- they are a real danger to companies worldwide, who often neglect them. In fact, they rank among the top six threats of 2018, according to statistics. A company will spend at least $8 million yearly on insider threats, the Ponemon Institute has found.

Read More

Your Business Should Be More Afraid of Phishing than Malware

Sep 19 by Graham Cluley

The headlines love to talk about sophisticated hacking gangs, exploiting zero-day vulnerabilities to break their way into businesses and steal corporate data.

Read More

Critical National Infrastructures on the Radar; British MPs Say Attack Is Imminent

Aug 24 by Luana Pascu

Critical national infrastructures such as the energy sector, public transportation, commercial facilities, government and defense, and medical services, among others, have been under attack in recent years, following a large volume of security vulnerabilities and a lack of encryption.

Read More

146 Billion Records Leaked by 2023, Small Businesses Left Most Vulnerable, Study Says

Aug 15 by Luana Pascu

Enterprises are at risk now more than ever because it seems they keep falling behind on infrastructure security, while hackers are more vigilant and sophisticated in their schemes. Researchers can’t really put their finger on what it is exactly that causes more damage –insider threats, targeted attacks or plain old outdated software, but one thing is certain: by 2023, more than 146 billion records will be leaked following security breaches, according to Juniper Research.

Read More

Enterprises and Governments Trust Hacker-Powered Security to Identify Unique Critical Vulnerabilities

Jul 27 by Luana Pascu

Data breaches not only cost companies millions, but they also inflict reputational damage, customer turnover and operational costs. The average cost of a data breach has risen 6.4% to a global average of $3.86 million this year, according to research from the Ponemon Institute.

Read More

UK Enterprises Concerned Voice-Activated Devices Could Easily Leak Data, Affecting GDPR Compliance

Jul 25 by Luana Pascu

With speech recognition and voice-activated personal assistants slowly making their move into the corporate world, companies will have to adjust their security and digital strategies, infrastructure and customer interactions.

Read More

Cloud Security

Subscribe to Blog Updates

Latest Tweets

Posts by Month