Cloud Security

Cyber Threats to Healthcare on the Rise

Hospitals are set up to fight infections, but not necessarily the kind that has been plaguing healthcare institutions lately – malware. A new report estimates that cyber threats against healthcare targets increased 60% since January, surpassing the total number of threats identified in all of 2018. The most common threat targeting the healthcare industry is Trojan malware, which increased 82% in the third quarter from Q2, according to the report by Malwarebytes, Cybercrime Tactics and Techniques: The 2019 State of Healthcare. Most of the Trojan attacks involved Emotet and TrickBot, which are the two most dangerous Trojans around since 2018….

PCI Compliance in AWS – Simplified

by Adam M. Lechnos, CISSP Payment Card Industry Data Security Standards or PCI DSS, are a set of 12 requirements with over 300 controls which apply to any organization which stores, processes or transmits credit card data. Today, I will attempt to add some clarity around PCI compliance within AWS. Concepts and practices were sourced from the referenced document below and here I will break it down further. I do suggest you first read the Architecting for PCI DSS Scoping and Segmentation on AWS and come back to enhance your understanding of the methods being applied and its rationale. For…

VMware Acquisitions Highlight the Importance of DevSecOps

In the digital age, security can no longer be an afterthought. As organizations modernize their IT environments through digital transformation initiatives, it’s become more critical than ever to bake security into new applications from the start. Virtualization giant VMware recognizes this new reality, which explains why it has decided to acquire two companies that give the virtualization giant a stronger foothold in digital transformation and cybersecurity. One of the companies, Pivotal Software, brings to VMware a platform for developing applications in the cloud. The other, Carbon Black, has a cloud-native endpoint protection platform that ensures this is done securely. Together,…

CCSP and CCSK: Which Cloud Security Credential Is Right For You?

Two of the industry’s most highly regarded cloud security credentials are the CCSP from (ISC)² and the CCSK from Cloud Security Alliance (CSA). Both offer a comprehensive education on cloud security fundamentals, but there are important differences. Here’s a quick breakdown of each. CCSP (Certified Cloud Security Professional). The CCSP is for IT and information security leaders seeking to prove their understanding of cybersecurity and securing critical assets in the cloud. It shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud. Roles that typically require a CCSP include…

Why Certified Cloud Security Professionals are in Higher Demand Than Ever

A new report from Palo Alto Networks’ Unit 42 threat intelligence team titled “Cloudy With a Chance of Entropy” reports that there are at least 34 million vulnerabilities across some of the largest cloud platforms, including Amazon Web Services, Google Compute Engine and Microsoft Azure. Notably, the threats were not found to be the result of cloud providers themselves, but rather the applications customers deploy on cloud infrastructure. As the report states, “cloud service providers maintained their sterling reputation for platform security . . . however, consumers of infrastructure- and platform-as-a-service (IaaS and PaaS) cloud offerings continue to struggle with…