Almost 15 years after Amazon launched AWS, public cloud platforms have become extraordinarily sophisticated and feature-rich, as well as wildly popular, creating a world of security and compliance challenges that gets more complex by the day, said Badri Raghunathan​, Qualys product management director, on Thursday during his QSC USA 2020 presentation “Securing Cloud and Container Workloads: A View From the Trenches.” As the foundation for the modern IT innovations that propel digital transformation, public cloud platforms have become fundamental for business agility and competitiveness, and th ..read more

With Black Hat USA 2019 now in progress, we wrap up this blog series with our final two session recommendations: Attacking and Defending the Microsoft Cloud and Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities at Scale. Attacking and Defending the Microsoft Cloud, which focuses on protecting Office 365 and Azure Active Directory, explores the most common attacks against the cloud and describes effective defenses and mitigation. While it focuses on Microsoft, some topics apply to other providers. The speakers — Trimarc CTO Sean Metcalf, and Ma ..read more

Black Hat USA 2019 offers a packed and impressive lineup of research briefings and hands-on training courses for the 19,000-plus security pros expected to attend this year’s event. The training sessions provide both offensive and defensive skills that security pros can use to tackle critical threats affecting applications, IoT systems, cloud services, and more. Meanwhile, the briefing sessions feature cutting-edge research on the latest infosec risks and trends. All sessions are led by expert trainers and researchers. To help attendees decide which sessions to choose, we’ve selected ten that w ..read more

Capital One prides itself on staying at the forefront of IT innovations to give its business a competitive edge. For example, it adopted Agile software-development methodologies years ago, and uses artificial intelligence and machine learning. It was the first bank to implement a mobile wallet with “contactless” NFC payments, and to offer voice-activated financial transactions using Amazon’s Alexa. When 2018 ends, Capital One expects 80% of its IT infrastructure to be cloud based, allowing it to go from seven to two data centers. Given its tech transformation track record, it’s not surprising ..read more

With organizations aggressively moving workloads to public cloud platforms, such as Amazon’s AWS, protecting these environments is critical for complying with the EU’s General Data Protection Regulation (GDPR). GDPR, which went into effect in May, imposes strict requirements on millions of businesses worldwide that control and process the personal data of EU residents. Public cloud platforms are being used to power digital transformation initiatives across many business functions where EU residents’ personal data is likely to be stored, processed and shared. Thus, organizations need complete v ..read more

As organizations increase their use of public cloud platforms, they encounter cloud-specific security and compliance threats, which can be challenging to address without the right tools and processes. Organizations’ cloud security difficulties lie in two main areas: Lack of visibility into their cloud assets and resources, and a misunderstanding of cloud providers’ shared security responsibility model. As a result, there have been a multitude of easily preventable security mishaps in public cloud deployments due to leaky storage buckets, misconfigured security groups, and erroneous user p ..read more

With organizations aggressively moving workloads to public cloud platforms, such as Amazon’s AWS, Google Cloud, and Microsoft’s Azure, protecting these environments is critical for compliance with the EU’s General Data Protection Regulation (GDPR). These public cloud platforms are being used to power digital transformation initiatives across a wide variety of business functions, including supply chain management, customer support, employee collaboration, sales and marketing. In all of these business tasks that are being digitally transformed in the cloud, customer personal data regulated by G ..read more

What does the “My Little Pony” television series and cyber security have in common? Ask Qualys Chief Product Officer Sumedh Thakar. Whenever his 7-year old daughter wanted to see an episode of this show, the process involved multiple steps: Turning on the smart TV, scrolling through the app menu, picking Netflix, searching for “My Little Pony,” navigating the seasons and list of episodes, and finally clicking on the one she wanted to watch. Sumedh Thakar, Qualys’ Chief Product Officer, speaks at the Cloud Security Alliance (CSA) Summit during RSA Conference 2018. But that process became a thin ..read more

As cloud computing adoption accelerates among businesses, InfoSec teams are struggling to fully protect cloud workloads due to a lack of visibility into these environments, and to hackers’ increasingly effective attacks. That’s the main finding from SANS Institute’s “Cloud Security: Defense in Detail if Not in Depth” report, which surveyed IT and security pros from organizations of all sizes representing many industries. “We’re seeing more organizations moving to the cloud. They’re definitely moving quickly. And security teams aren’t wholly comfortable with the way cloud providers are giving u ..read more

It’s happening all over the business world. Organizations of all sizes and in all industries are aggressively deploying innovative products to new online consumer channels, digitizing their core services and transitioning core business workloads to public clouds as part of digital transformation efforts aimed at increasing business efficiency and effectiveness. This trend represents both a challenge and an opportunity for InfoSec teams. The challenge: To ensure the security and compliance of these cloud instances, without interrupting their deployment. The opportunity: To become a partne ..read more