In AWS, security groups act as a virtual firewall that regulates inbound/outbound traffic for service instances. Unlike traditional firewalls, however, security groups only allow you to create permissive rules. Users are not provided the ability to deny traffic. This means that if no rules are set for an instance, then all inbound/outbound traffic will be [...]
The recent AWS data leaks from the Verizon (via Nice Systems), the RNC (via Deep Root Analytics), and Dow Jones have once again highlighted the lack of awareness organizations have displayed around the shared responsibility model for security that AWS operates under. Nobody can reasonably question Amazon’s commitment to the security of its IaaS, as evidenced by the myriad of services [...]
Companies today have to contend with cyberattackers who are using increasingly innovative ways to gain illicit access to corporate data. Since early 2017, Skyhigh has been tracking a brute force login attack on multiple enterprise customers. Using a set of corporate user names and passwords, as well as compromised hosted tenants, the attackers launched brute [...]
Voter registration data breaches have come and gone without the public batting an eye in the past, but tensions around foreign election intervention and political data analytics will stoke concerns around the latest incident. Nearly 200 million Americans fell victim to a data breach at a marketing firm called Deep Root Analytics contracted by the [...]
Amazon takes the security of its services and resources very seriously. One of the areas that Amazon has focused on is providing a robust access control service to its Amazon Web Services (AWS) customers. AWS’s identity and access management (IAM) service allows customers to manage users, groups, roles, and permissions. But it’s entirely up to [...]
Chief Information Officers used to be subjected to derisive comments about their relevance. Cynics expanded the CIO acronym to “Career Is Over.” With the mobile-cloud revolution known as Internet 3.0, the CIO role has become the critical position in guiding a company to digital success. This week we hear from five IT experts on the [...]
The last five days have been eventful in the cybersecurity space, with the ransomware WannaCry spreading like a ‘pandemic’ to infect 200,000 computers in over 150 countries. While reports first surfaced of Britain’s National Health Service organizations being infected, the attack spread across industries and geographies and hit large enterprises such as FedEx, Hitachi, and [...]
In 2014, an attacker compromised Code Spaces’ Amazon Web Services (AWS) account used to deploy Code Spaces’ commercial code-hosting service. The attacker gained access to their control panel and demanded money. When Code Spaces refused, the attacker began to systematically delete Code Spaces’ resources hosted on AWS, including all EBS snapshots, S3 buckets, AMIs, some [...]
The average enterprise has 464 custom applications deployed today. Across industries, even ones not associated with technology, companies of all sizes are developing applications that help them engage with customers, suppliers, and employees. However, as these applications move to cloud platforms such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform, new security concerns [...]
Over the past decade, the cloud has become a disruptive force affecting every function and initiative in the enterprise. Gartner defines a strategic technology trend as “one with substantial disruptive potential that is just beginning to break out of an emerging state into broader impact and use.” For six consecutive years starting in 2009, the [...]
