Get My Score

Blog

eBook = A Modern Approach to Securing Hybrid Workloads

 Did you know? 

  • Through 2020, 90% of cloud breaches will be due to customer misconfiguration, mismanaged credentials, or insider theft, and not cloud provider vulnerabilities
  • 89% of breached organizations had a firewall in place at the time of compromise
  • 70% of all healthcare data breaches were due to device theft or loss
  • In one case, a US health insurer experienced a data breach of millions of patient (PHI) records, with a direct cost of only 4% but a total exposure of $1.68B

Is there a way out?

We’re pleased to announce the availability of our eBook, ‘A Modern Approach to Securing Hybrid Workloads.’  It looks at how to build an architecture that is both continuous and agile for cloud infrastructure security, reducing the potential threat of a breach by providing a single, hybrid view, across private and public clouds.  We look at the following challenges facing CISOs, their IT staff, and DevSecOps, and outline solutions.

  • What are the challenges facing today’s CISO with regard to information overload and accountability?
  • Why continuous security is so critical in the cloud and for containers
  • The shared responsibility model and where enterprises trip up
  • Fundamentals of a cloud-native security architecture including micro-services and APIs
  • Operations including an AWS CloudFormation example
  • Container security and Functions as a Service
  • Ten Selection Criteria –
    • Flexibility
    • Extensibility
    • Responsiveness
    • Agility
    • Deep Discovery
    • Broad Policy Library
    • Real-Time Risk Scoring Across Infrastructure
    • Container (Docker) Support
    • Cloud-agile Pricing
    • Intelligence
  • Benchmark Development
  • Glossary and references for cloud security

Learn more - Pick up your copy today

 

 

0
0
0
s2sdefault
Control Your Container

I’m happy to announce the availability of the latest benchmark addressing the container ecosystem – the Kubernetes 1.7 Security Benchmark.  Kubernetes 1.7 brings tons of security improvements. We, at CIS Kubernetes community, have been busy to give you an updated benchmark quickly. Download your copy from the CIS website.   For an additional perspective on the release and enterprise-scale capabilities, please check out the google blog.

This version of the benchmark has undergone changes to reflect the above improvements. Below is a quick summary.

0
0
0
s2sdefault

 

Docker 17.06 CE was announced a few days back. We, at CIS Docker community, have been busy to give you an updated benchmark quickly.

Download your copy from the CIS website.

This version of the benchmark has undergone significant changes. Below is a quick summary and later I explain a few of these.

0
0
0
s2sdefault
Control Your Cloud

Petya'd?  Cavirin to the Rescue!

On the back of WannaCry, the latest ransomware of the week is GoldenEye, a variant of Petya.  First reported a few days back, it has already caused havoc within some very large organizations.  Maersk, for example, was impacted, and one of our engineers from Bangalore reported that 10 million containers at the port of Mumbai don't know where to go.  No, Docker isn't going to come to the rescue.  And you think an airline reservation system shutdown is bad!  What is disturbing to me is that four of the companies hit - Maersk, Me-Doc, Merck, and Mondelez - all start with 'M', and that it is mostly targeted against critical industries.  Today's ransomware attack is sponsored by the letter M.  Someone refining their attack vectors?

0
0
0
s2sdefault
Control Your Cloud

A few days back, a security researcher came upon what is potentially one of the largest exposures to-date of Personally Identifiable Information (PII), but one that was so easy to prevent using the tools available.  Deep Root, a data analytics firm, had posted almost 200 million voter records to their AWS S3 database. This is the distributed offering leveraged by the majority of businesses and SaaS offerings that use AWS.  Note that this is also the same S3 that experienced a wide-ranging failure earlier in the year.  In this case, Deep Root set permissions on their database that would expose it unencrypted and with no password required to the outside world.  Just think what would have happened under GDPR if this occurred in 2018 within the European Union.

0
0
0
s2sdefault
Control Your Cloud

This is the sixth blog in a series detailing workload best practices.

The first blog, 'Securing Modern Workloads', is available here

The second blog, 'Control Your Cloud', is available here

The third blog, 'Agility in Security', is available here

The fourth blog, 'Work Everywhere with Hybrid Solutions', is available here

The fifth blog, 'Security as you Go', is available here

-------------------

You have often heard about companies budgeting for compliance certifications. Each year, businesses budget for audits and achieving vertical specific compliance certification and authority to operate. These budgets are non-trivial and usually are spent in short-periods of time rather than throughout the year.

There is a confusion over agility and reality.


Businesses demand a rapid pace (agility) but at the same time must deal with compliance (reality).


A typical scenario is that during audits, the budgets are spent in a hurry to ensure that security controls are in place and not to miss the compliance certificate. This approach is potentially flawed. Compliance should be treated as a by-product of security. Good security measures and spending ensure that you have the necessary controls in place and those controls are functioning as intended. Such security measures help you get compliance certificates. Additionally, it ensures a uniform security posture throughout the year and not spikes at audit times to avoid fines and problems.

Your hybrid cloud strategy demands that you pay attention not only to on-premise workloads but also to your extended or shadowed datacenters.


You quickly tend to acquire cloud-specific tools (agility) and then invest in staff to maintain two set of tools (reality).


The applications and tools that you use for on-premise workloads may not deal with the realities of cloud. The flux and dynamicity of the cloud demands tools that can match the realities of hybrid workloads. Today your compute/storage/networking resources are fragmented between cloud and on-premise. This is your new reality. Your legacy as well as modern applications have security requirements and it is pointless to maintain footprint specific tools anymore. You benefit from streamlining your tools that work seamlessly on both the footprints.

You have convinced the management to transform your security tools and processes to match cloud and on-premise needs and you are ready to evaluate your options.

0
0
0
s2sdefault

© 2018 Cavirin Systems, Inc. All rights reserved.