In Nightfall’s Trends in Cloud Security Newsletter, we review the top stories and developments in cloud security. Some of this issue’s highlights include:
-
Join us this month for two 30 minute live webinars. Next week on Tuesday, March 10 we'll cover how to detect and secure sensitive information in Slack. On Wednesday, March 18 we'll cover how to detect secrets in GitHub repos with machine learning.
-
Learn about data leaks in the past month, including one at LabCorp.
-
Read some of the best cloud security strategies from Dark Reading and Security Intelligence.
Read these stories and other timely cloud security stories below.
|
|
|
Slack Security: How to Detect PII & Prevent Data Exfiltration in Slack
|
One of the most important steps necessary for securing Slack is to enforce policies about what cannot be shared in Slack channels and workspaces. While there are different types of business-critical data, personally identifiable information (PII), as well as personal information (PI) more broadly, represents one of the most critical risks given the compliance and regulatory standards surrounding this type of data.
|
[ READ MORE ]
|
|
|
California's Data Privacy Rules Get Clearer
|
This story was originally published in VentureBeat as a guest post On Friday, February 7, the California Office of the Attorney General (CAG) published a "notice of modifications" to the California Consumer Privacy Act (CCPA), followed by an update on Monday, February 10. Learn more about these changes. |
[ READ MORE ]
|
|
|
|
PhotoSquared data leak puts thousands of users at risk
|
Researchers have discovered that a popular photo app leaked the personal data and images of thousands of customers as a result of an unsecured Amazon Web Services (AWS) storage bucket. The discovery was made by vpnMentor whose researchers found that a misconfigured S3 database belonging to the company PhotoSquared, which creates printed photo boards from customers' digital images. |
[ READ MORE ]
|
|
|
Estee Lauder Data Leak, 440 Million Records Exposed
|
On January 30, security researcher Jeremiah Fowler discovered a database online that contained what he says was "a massive amount of records." That internet-facing database had no password protection in place, contained a total of 440,336,852 records, and was connected to the New York-based cosmetics giant, Estee Lauder. |
[ READ MORE ]
|
|
|
Strategies for Securing the Cloud |
|
Making Cloud Security a Team Sport
|
While most large enterprises are moving to the cloud in some form, the path is never as direct as chief information officers (CIOs) and chief information security officers (CISOs) might like it to be. Most come to terms with the fact that the cloud wont be a single offering, but rather a hybrid multicloud that aligns critical applications with cloud service offerings that best suit their needs. |
[ READ MORE ]
|
|
|
5 Strategies to Secure Cloud Operations Against Today's Cyber Threats
|
The cloud, once touted as an IT panacea, has a flip side that we see all too often in headlines when malicious actors take advantage of gaps in security. This cannot be repeated enough: Securing data and networks in a cloud environment is very different than doing so on-premises. Drawing from our experience with commercial and government cloud clients, here are five tips that re-emphasize and expand upon the fundamentals.
|
[ READ MORE ]
|
|
|
|