Ta kontakt med oss

TEKNOLOGI

Hur man hanterar molnsäkerhet och efterlevnad

Publicerad

Erez Baum, Seagate

[ad_1]

Could you tell us a little bit about your company? What type of products and services do you offer?

We craft the datasphere, helping to maximise humanity’s potential by innovating world-class, precision-engineered data storage and management solutions with a focus on sustainable partnerships. A global technology leader for more than 40 years, the company has shipped over three billion terabytes of data capacity.

Have there been any particularly interesting developments at Seagate?

Last year we introduced Lyve Cloud, a simple, trusted, and efficient object storage cloud service for mass data. It provides cost competitive object storage designed to tear down the barriers between clouds.

With no egress or API fees, you can move your data seamlessly across private, public, and compute clouds – accessing it wherever and whenever you need it.

Lyve Cloud is designed to provide unparalleled multicloud freedom – no egress fees, no API fees, and no vendor lock-ins; storage designed for multicloud freedom; simple, predictable, capacity-based pricing; and best-in-class security and availability.

What do you think will be the most problematic future cloud-based threat vectors? And what advice would you give to companies regarding how they can deal with this?

We continue to see a credential thief as a top threat agent against cloud environments. Adversaries apply different tactics to harvest legitimate authentication credentials, (e.g., targeted victim-tailored phishing attacks). 

We suggest companies consider, number one, fully deploying and enabling MFA (Multi-Factor Authentication), not only to important accounts but also across the enterprise to prevent lateral movement. Secondly, disabling legacy (weak) authentication protocols. And thirdly, implementing access controls and applying the least-privilege principle for users and cloud services throughout the enterprise.

To what extent do you think the consequences of a data breach are worse than ever before?

Data privacy controls are critical for protecting the variety and value of today’s digital transformation data. A data breach is not just about losing intellectual property or competitive business information, it can be weaponized to impact a variety of things, from human safety to a country’s economy, quickly. For example, a data breach could prevent a doctor from performing a time sensitive medical procedure, allow an imposter to impersonate a victim, disrupt city water or electricity supplies, or manipulate a financial market.

What are the main pitfalls when it comes to configuring cloud storage?

When it comes to configuring cloud environments including cloud storage, inconsistency, human error, and not following security best practices are the main pitfalls. A common misconfiguration that can easily be prevented is allowing unauthenticated public access to cloud storage buckets.

What advice would you give to companies that are attempting to prevent compliance violations?

Select prioritised Information Security control metrics and share weekly metric data vs. control metric requirements to drive the right personnel compliance behaviours every day. Ensure that Information Security threats and vulnerabilities are discovered, contained, mitigated with appropriate controls, and then permanently remediated in a timely manner.

Conduct internal independent audits to ensure that the Information Security controls are operating properly. From these audits, implement cross-functional improvement actions. Then, conduct independent external audits to audit Information Security controls for compliance with national and international standards. From these audits, implement cross-functional improvement actions.

How can the risk of a data breach be reduced with a comprehensive policy?

An organisation’s risk appetite should be defined in a comprehensive security policy and then translated into a security requirement, i.e., constructing a secure environment based on industry standard security frameworks. To effectively reduce risks, the security policy must be enforceable, sustainable, and adopted by the entire organisation. The security policy needs to be periodically reviewed and updated.  

What plans does Seagate have for the year ahead?

We’ll continue to innovate on all fronts, from providing best of class object storage as a service, to providing a wide variety of features, tools and compatible partner solutions, allowing our customers to safely store and activate their mass-capacity data lakes.

Cyber Security & Cloud Congress on October 5 in Santa Clara, USA, Seagate Technology will take part in a panel discussion titled ‘Addressing Cloud Computing Vulnerabilities’.

Taggar:

[ad_2]

Källlänk

TEKNOLOGI

Om e-postsäkerhet i hybridarbetets tid

Publicerad

Cloud Computing News

[ad_1]

With remote working the future for so many global workforces – or at least some kind of hybrid arrangement – is there an impact on email security we are all missing? Oliver Paterson, director of product management at VIPRE Security, believes so.

“The timeframe that people expect now for you to reply to things is shortened massively,” says Paterson. “This puts additional stress and pressure on individuals, which can then also lead to further mistakes. [Employees] are not as aware if they get an email with a link coming in – and they’re actually more susceptible to clicking on it.”

The cybercriminal’s greatest friend is human error, and distraction makes for a perfect bedfellow. The remote working calendar means that meetings are now held in virtual rooms, instead of face-to-face. A great opportunity for a quick catch up on a few emails during a spot of downtime, perhaps? It’s also a great opportunity for an attacker to make you fall for a phishing attack.

“It’s really about putting in the forefront there that email is the major first factor when we talk about data breaches, and anything around cyberattacks and ransomware being deployed on people’s machines,” Paterson says around education. “We just need to be very aware that even though we think these things are changing, [you] need to add a lot more security, methods and the tactics that people are using to get into your business is still very similar.

“The attacks may be more sophisticated, but the actual attack vector is the same as it was 10-15 years ago.”

This bears true in the statistics. The Anti-Phishing Working Group (APWG) found in its Phishing Activity Trends Report (pdf) in February that attacks hit an all-time high in 2021. Attacks had tripled since early 2020 – in other words, since the pandemic began. 

VIPRE has many solutions to this age-old problem, and the email security product side of the business comes primarily under Paterson’s remit. One such product is VIPRE SafeSend, which focuses on misaddressed emails and prevents data leakage. “Everyone’s sent an email to the wrong person at some point in their life,” says Paterson. “It just depends how serious that’s been.”

Paterson notes one large FMCG brand, where a very senior C-level executive had the same name as someone else in the business much lower down. Naturally, plenty of emails went to the wrong place. “You try and get people to be uber-careful, but we’ve got technology solutions to help with those elements as well now,” says Paterson. “It’s making sure that businesses are aware of that, then also having it in one place.”

Another part of the product portfolio is with EDR (endpoint detection and response). The goal for VIPRE is to ‘take the complexities out of EDR management for small to medium-sized businesses and IT teams.’ Part of this is understanding what organisations really want. 

The basic knowledge is there, as many organisational surveys will show. Take a study from the Enterprise Security Group (ESG) released in October in terms of ransomware preparedness. Respondents cited network security (43%), backup infrastructure security (40%), endpoint (39%), email (36%) and data encryption (36%) as key prevention areas. Many security vendors offer this and much more – but how difficult is it to filter out the noise?

“People understand they need an endpoint solution, and an email security solution. There’s a lot of competitors out there and they’re all shouting about different things,” says Paterson. “So it’s really getting down to the nitty gritty of what they actually need as a business. That’s where we at VIPRE try to make it as easy as possible for clients. 

“A lot of companies do EDR at the moment, but what we’ve tried to do is get it down to the raw elements that every business will need, and maybe not all the bells and whistles that probably 99% of organisations aren’t going to need,” Paterson adds.

“We’re very much a company that puts a lot of emphasis on our clients and partners, where we treat everyone as an individual business. We get a lot of comments [from customers] that some of the biggest vendors in there just treat them as a number.”

Paterson is speaking at the Cyber Security & Cloud Expo Global, in London on December 1-2 around the rising threat of ransomware, and how the security industry evolves alongside this threat. Having a multi-layered approach will be a cornerstone of Paterson’s message, and his advice to businesses is sound.

“Take a closer look at those areas, those threat vectors, the way that they are coming into the business, and make sure that you are putting those industry-level systems in place,” he says. “A lot of businesses can get complacent and just continue renewing the same thing over and over again, without realising there are new features and additions. Misdelivery of email is a massive one – I would say the majority of businesses don’t have anything in place for it.

“Ask ‘where are the risk areas for your business?’ and understand those more, and then make sure to put those protection layers in place to help with things like ransomware attacks and other elements.”

(Photo by Cytonn Photography på Unsplash)

Want to learn more about cybersecurity and the cloud from industry leaders? Kolla upp Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge här.

[ad_2]

Källlänk

Fortsätt läsa

MISSA INTE NÅGRA VIKTIGA NYHETER!
Prenumerera på vårt nyhetsbrev
Vi lovar att inte spamma dig. Avsluta prenumerationen när som helst.
Ogiltig e-postadress

Trendigt

sv_SESvenska