With RSA Conference, “where the world talks security,” taking place this month, cloud and network security were top of mind for us and many others in the industry.
Our May must-reads broach the cloud security discussion from several fresh perspectives – from thought-provoking expert analysis to real-world breaches and incidents.
InfoWorld
Does cloud security have a bad reputation?
If your first reaction to cloud is that it’s a security risk, you aren’t alone. However, expert analyst David Linthicum questions that assumption in this piece, pointing out that data is likely safer in the cloud than on-prem. He wonders if organizations are oversimplifying the complexities of cloud security and overlooking the broader context of cybersecurity – and if that attitude has become more mainstream as challenges around cloud cost and lock-in have reared their heads.
Dark Reading
5 Hard Truths About the State of Cloud Security 2024
The conversation around cloud security continues with Ericka Chickowski’s interview with “the godfather of zero trust security,” John Kindervag. Among the “hard truths” that John shares, is the challenge of managing native security controls out in the real world, beyond the isolation of a single provider's environment. "It takes a lot of people to do it, and they're different in every single cloud. I think every company that I've talked to in the past five years has a multicloud and a hybrid model, both happening at the same time," he says. "...The only way that you can solve this problem is to have a security control that can be managed across all the multiple clouds."
Futuriom
RSAC: Networking and Security Convergence Redux
Did you miss the RSA Conference this year? If so, Scott Raynovich summed up that the show once again revealed the theme of networking and security convergence. However, he also wonders if the vendors are doing enough to aid in this arena – or if they’re just “moving the food around the plate.”
Google Cloud Blog
Sharing details on a recent incident impacting one of our customers
A mistake by Google Cloud this month accidentally deleted the account of UniSuper, an Australian pension fund that manages $135 billion worth of funds and is a giant customer account for GCP. The wipeout included all of its backups that were stored on the service. Though the company thankfully had some backups with a different provider and was able to recover its data, the incident led to downtime spanning from May 2 until May 15. The takeaway? Mistakes happen – what a powerful testament to the necessity of multicloud infrastructure!
Ars Technica
Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach
In a breach uncovered this month, researchers from security firm ESET found that infrastructure used to maintain and distribute the Linux operating system kernel was infected by sophisticated malware for two years, starting in 2009. Dan Goodin summarized the story, saying that unknown attackers managed to get a hold of one of the developers’ most closely guarded resources: the /etc/shadow files that stored encrypted password data for more than 550 system users. Will the convergence of networking and security help cut down on the frequency and severity of breaches like this? We remain optimistic!
What do you think of these stories - any articles you loved that we missed? Are you seeing these trends play out in your organization?