Cyber Defense eMagazine December Edition for 2021

More documents

Recommendations

Info

What’s the Difference Between the Cloud Platforms? Like supermarkets, all cloud providers have similar offerings, but each takes a slightly different approach. While by no means a full comparison, we have included a short summary of how each of the leading cloud provider platforms delivers value in different areas: • AWS offers the widest selection of services, including compute, storage, database, analytics, networking, mobile, developer tools, management tools, IoT, security, and enterprise applications. • Azure has the benefit of combining productivity and enterprise software (such as Office 365 and Teams) with flexible cloud computing resources for developers in one platform. • Google Cloud stands out for its technological advancement around open source technologies, especially containers, and played an instrumental role in the development of Kubernetes, a container orchestration platform that is now becoming an industry standard. What Are the Advantages of a Multi-cloud Strategy? It is not surprising that most companies are utilizing multiple cloud platforms, since this strategy allows companies to: • Optimize access to services: As described above, some cloud service providers are more specialized in providing certain services than other providers, so it makes sense to select the best cloud provider for each specific service that you require. • Spread risk and resilience: It’s always a good idea to avoid ‘putting all your eggs in one basket.’ For instance, if there is an outage or other issue with one cloud service provider, the other cloud platforms will likely not be affected. • Reduce cost and dependency: By adopting multiple cloud providers, enterprises can stay nimble and switch providers to optimize spending, rather than being locked into one provider and facing high operational costs to move services. Security and Compliance Challenges of Multi-cloud Environments Although it makes a lot of business sense to use multiple cloud providers, it can complicate security and compliance efforts tremendously since security controls and policies should be consistent across the board. With most native cloud provider security tools only covering their own platform, and not all thirdparty solutions supporting multiple cloud providers, security and compliance for multi-cloud environments can quickly become an operational nightmare. Cyber Defense eMagazine – December 2021 Edition 80 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
If security controls are not consolidated in one platform, this leads to the following issues: • Lack of central visibility: Using different solutions for each cloud platform - and often even multiple solutions per platform, such as cloud security posture managers (CSPM) and cloud workload protection platforms (CWPP) - makes it nearly impossible to get a centralized overview of risks. This means that you will not have a clear handle on your overall cloud security posture and which risks require the most immediate attention. • High operational costs: Duplicating security policies for different cloud security and compliance tools can quickly become an exhausting drain on your already understaffed cloud security team. Cloud workload protection platforms (CWPPs) also require the installation of an agent on every cloud resource to be monitored. The larger and more diversified your cloud estate, the more time consuming it is to install and maintain agents for every resource. • Lack of consistency: If you are forced to use several different cloud security tools with each having different configuration options, it is a complex task to ensure the same security and compliance checks are performed across all cloud estates. • Increased chance of errors: The more manual intervention and duplication security policies require, the more room for human error and wrongly configured security controls. Best Practices for Multi-cloud Security and Compliance To minimize the complexity and overhead of securing a multi-cloud environment, follow these five best practices: 1. Insist on multi-cloud support: This one is a no-brainer; make sure your cloud security vendor supports multiple cloud provider platforms. 2. Consolidate cloud security solutions: Leverage full stack cloud security solutions (CWPP and CSPM in one - also referred to as a cloud-native application protection platform -- CNAPP), so you can reduce the number of point solutions and replace them with a single tool for all your cloud environments. 3. Go agentless: Eliminate resource-heavy agent deployments that reduce nimbleness and hinder your ability to move applications to other cloud platforms when needed. 4. Get platform specific mitigation steps: Use a cloud security solution with contextual intelligence that prioritizes critical risks and provides platform specific mitigation instructions to make it easier for practitioners to work on multiple cloud platforms. 5. Identify cost saving strategies: Make your CISO love you by using a cloud security tool that allows you to view detailed information on each asset on every cloud platform, including how often it is used. This enables you to advise on further cost saving strategies, such as moving certain applications to other cloud platforms and consolidating or removing redundant services. Cyber Defense eMagazine – December 2021 Edition 81 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
9 Ways Social Media Sabotages Your
Page 3 and 4:
How Do You Secure the Modern Supply
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
Cyber Defense eMagazine - December
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30: Cyber Defense eMagazine - December
Page 39 and 40: With over 4 billion users, social m
Page 41 and 42: Unsecure Mobile Networks When using
Page 43 and 44: However, as concerning as these pra
Page 45 and 46: Danny Lopez, CEO, Glasswall “Duri
Page 47 and 48: estoring data. Modern organizations
Page 49 and 50: When Diplomacy, Finance and Tech Co
Page 51 and 52: Another way leaders can take initia
Page 53 and 54: How Covid-19 Changed Advertising Fo
Page 55 and 56: However, this shift might not be su
Page 57 and 58: Why MFA Alone Isn’t Enough for Tr
Page 59 and 60: just highlights how vulnerable most
Page 61 and 62: on channels like email. This starts
Page 63 and 64: 3 Best Practices to Avoid Inevitabl
Page 65 and 66: For example, an employee may become
Page 67 and 68: and outcomes is essential for proje
Page 69 and 70: Electric Vehicle Charging: The Next
Page 71 and 72: Going forward, EV dealers, charging
Page 73 and 74: How does this relate to MFA? Well,
Page 75 and 76: constant exposure of countries to a
Page 77 and 78: Why do you need a malware sandbox?
Page 79: Multi-Cloud Security and Compliance
Page 83 and 84: How Do You Secure the Modern Supply
Page 85 and 86: The case for isolation Supply chain
Page 87 and 88: Don’t Take Yourself Out of The Ga
Page 89 and 90: The U.S. Government Accountability
Page 91 and 92: assessment criteria for the tasks f
Page 93 and 94: the file. This was a great techniqu
Page 95 and 96: the wake of the pandemic where the
Page 97 and 98: Certain communications are protecte
Page 99 and 100: At Salt Communications we work with
Page 101 and 102: And it’s only getting worse. If y
Page 103 and 104: The benefits are great When HDOs ha
Page 105 and 106: 4 Pillars of Privacy-Preserving AI
Page 107 and 108: concern and a desire to be cautious
Page 109 and 110: and stay safe online. That’s why
Page 111 and 112: 2. Enabling over-the-horizon threat
Page 113 and 114: Techniques Used by Hackers to Bypas
Page 115 and 116: Phishing scams avoid email security
Page 117 and 118: ATO Detection Account takeover bene
Page 119 and 120: How To Protect Your Digital Legacy
Page 121 and 122: I worked with cybersecurity experts
Page 123 and 124: Sextortion Email Scams What to Do a
Page 125 and 126: Sextortion attacks are a type of cy
Page 127 and 128: How to respond to a sextortion emai
Page 129 and 130: Example 2:'You've been hacked' emai
Page 131 and 132:
How can this strategy be implemente
Page 133 and 134:
Surviving The New Era of Terabit-Cl
Page 135 and 136:
accompanying shift toward more digi
Page 137 and 138:
Survey results show businesses are
Page 139 and 140:
Enterprises Cannot Achieve Zero Tru
Page 141 and 142:
Capital One breach back in 2019. Ad
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
CyberDefense.TV now has 200 hotseat
Page 163 and 164:
Books by our Publisher: https://www
Page 165 and 166:
Page 167 and 168:
show all

Cyber Defense eMagazine December Edition for 2021

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?