Category Archives: Cloud Security

When It Comes to Cloud Data Protection, Defend Your Information Like a Guard Dog

 

These days, enterprises are increasingly running their business from the cloud. But the portion of your business that’s running in this environment presents numerous security challenges. When it comes to cloud data protection, it’s not just credit card numbers and personally identifiable information (PII) that need protecting, but also the data that represents the majority of your company’s value: your intellectual property. This includes your product designs, marketing strategy, financial plans and more. To add to the complexity, much of that data is stored in disparate repositories.

How do you know if you’re doing enough to protect the cloud-stored data that’s most crucial to your business? To keep malicious actors away from your cloud-bound crown jewels, you need the cybersecurity equivalent of a guard dog — one that knows when to bark, when to bite and when to grant access to those within its circle of trust.

Let’s take a closer look at some challenges related to protecting data in the cloud and outline key considerations when selecting a cloud security provider.

What to Do When Data Is Out of Your Hands

Data that’s stored in the cloud is inherently accessible to other people, including cloud service providers, via numerous endpoints, such as mobile devices and social media applications. You can no longer protect your sensitive data by simply locking down network access.

You need security against outside threats, but you also need it on the inside, all the way down to where the data resides. To address this, look for a provider that offers strong data encryption and data activity monitoring, inside and out.

Data Is Here, There and Everywhere

With the growth of mobile and cloud storage, data is here, there, in the cloud, on premises, and everywhere in between. Some of it is even likely stored in locations you don’t know about. Not only does everyone want access to data, they expect access to it at the click of a mouse. A complete cloud data protection solution should have the following:

  • Mature, proven analytical tools that can analyze your environment to automatically discover data sources, analyze those data sources to discover the critical, sensitive, regulated data, and intelligently and automatically uncover risks and suspicious behavior.
  • Protection with monitoring across all activity, both network and local, especially the actions of privileged users with access to your most sensitive data. Of course, you should also protect data with strong encryption.
  • Adaptability to your changing and expanding environment, with a security solution that can support hybrid environments and seamlessly adjust to alterations in your IT landscape.

How to Gain Visibility Into Risks and Vulnerabilities

Detecting risks of both internal and external attacks is more challenging as data repositories become more virtualized. Common vulnerabilities include missing patches, misconfigurations and exploitable default system settings.

Best practices suggest authorizing both privileged and ordinary end users according to the principle of least privilege to minimize abuse and errors. A robust cloud data protection solution can help secure your cloud and hybrid cloud infrastructure with monitoring and assessment tools that reveal anomalies and vulnerabilities.

Choose the Right Data-Centric Methodology

A data-centric methodology should go hand in hand with the solutions outlined above to support cloud data protection. Make sure your data security solution can do the following:

  • Automatically and continuously discover data sources that you may not have realized existed. This means classifying the data in those databases to understand where you have sensitive, regulated and high-risk data.
  • Harden data sources and data. For data sources, that means understanding what vulnerabilities exist and who has access to data based on entitlement reports. For hardening data, your solution should enable you to set policies around who has access and when access needs to be blocked, quarantined or possibly allowed but masked before granting access.
  • Monitor all users, especially privileged users, to be able to prove to auditors that they are not jeopardizing the integrity of your data.
  • Proactively protect with blocking, quarantining and masking, as well as threat analytics that cover all data sources and use machine learning. Threat analytics can help you understand which activities represent normal, everyday business and which are suspect or anomalous — information that humans can’t possibly uncover on a large scale.

Find a Guard Dog for Your Cloud Data Protection

If your organization is just starting out with data protection, consider a software-as-a-service (SaaS) risk analysis solution that can enable you to quickly get started on the first two steps outlined above. By starting with a solution that supports discovery, classification and vulnerability assessments of both on-premises and cloud-based data sources, you can make demonstrable progress with minimal time and technology investment. Once you have that baseline, you can then start investigating more comprehensive data activity monitoring, protection and encryption technologies for your cloud-bound data.

The post When It Comes to Cloud Data Protection, Defend Your Information Like a Guard Dog appeared first on Security Intelligence.

AWS Cloud: Proactive Security and Forensic Readiness – part 4

Part 4: Detective Controls in AWS

Security controls can be either technical or administrative. A layered security approach to protecting an organisation’s information assets and infrastructure should include preventative controls, detective controls and corrective controls.

Preventative controls exist to prevent the threat from coming in contact with the weakness. Detective controls exist to identify that the threat has landed in our systems. Corrective controls exist to mitigate or lessen the effects of the threat being manifested.

This post relates to detective controls within AWS Cloud. It’s the fourth in a five-part series that provides a checklist for proactive security and forensic readiness in the AWS Cloud environment.

Detective controls in AWS Cloud

AWS detective controls include processing of logs and monitoring of events that allow for auditing, automated analysis, and alarming.

These controls can be implemented using AWS CloudTrail logs to record AWS API calls, Service-specific logs (for Amazon S3, Amazon CloudFront, CloudWatch logs, VPC flow logs, ELB logs, etc) and AWS Config to maintain a detailed inventory of AWS resources and configuration. Amazon CloudWatch is a monitoring service for AWS resources and can be used to trigger CloudWatch events to automate security responses. Another useful tool is Amazon GuardDuty which is a managed threat detection service in AWS and continuously monitors for malicious or unauthorised.

Event Logging

Security event logging is crucial for detecting security threats or incidents. Security teams should produce, keep and regularly review event logs that record user activities, exceptions, faults and information security events. They should collect logs centrally and automatically analysed to detect suspicious behaviour. Automated alerts can monitor key metrics and events related to security. It is critical to analyse logs in a timely manner to identify and respond to potential security incidents. In addition, logs are indispensable for forensic investigations.

The challenge of managing logs

However, managing logs can be a challenge. AWS makes log management easier to implement by providing the ability to define a data-retention lifecycle or define where data will be preserved, archived, or eventually deleted. This makes predictable and reliable data handling simpler and more cost-effective.

The following list recommends use of AWS Trusted Advisor for detecting security threats within the AWS environment. It covers collection, aggregation, analysis, monitoring and retention of logs, and, monitoring security events and billing to detect unusual activity.

The checklist provides best practice for the following:

  1. Are you using Trusted Advisor?
  2. How are you capturing and storing logs?
  3. How are you analysing logs?
  4. How are you retaining logs?
  5. How are you receiving notification and alerts?
  6. How are you monitoring billing in your AWS account(s)?

Best-practice checklist

1.    Are you using Trusted Advisor?
  • Use AWS Trusted Advisor to check for security compliance.
2.    How are you capturing and storing logs?
  • Activate AWS Cloud Trail.
  • Collect logs from various locations/services including AWS APIs and user-related logs (e.g. AWS CloudTrail), AWS service-specific logs (e.g. Amazon S3, Amazon CloudFront, CloudWatch logs, VPC flow logs, ELB logs, etc.), operating system-generated logs, IDS/IPS logs and third-party application-specific logs
  • Use services and features such as AWS CloudFormation, AWS OpsWorks, or Amazon Elastic Compute Cloud (EC2) user data, to ensure that instances have agents installed for log collection
  • Move logs periodically from the source either directly into a log processing system (e.g., CloudWatch Logs) or stored in an Amazon S3 bucket for later processing based on business needs.
3.    How are you analysing logs?
  • ​​Parse and analyse security data using solutions such as AWS Config, AWS CloudWatch, Amazon EMR, Amazon Elasticsearch Service, etc.
  • Perform analysis and visualisation with Kibana.
4.    How are you retaining logs?
  • Store data centrally using Amazon S3, and, for long-term archiving if required, using Amazon Glacier
  • Define data-retention lifecycle for logs. By default, CloudWatch logs are kept indefinitely and never expire. You can adjust the retention policy for each log group, keeping the indefinite retention, or choosing a retention period between 10 years and one day
  • Manage log retention automatically using AWS Lambda.
5.    How are you receiving notification and alerts?
  • ​​Use Amazon CloudWatch Events for routing events of interest and information reflecting potentially unwanted changes into a proper workflow
  • Use Amazon GuardDuty to continuously monitor for malicious or unauthorised behaviour
  • Send events to targets like an AWS Lambda function, Amazon SNS, or other targets for alerts and notifications.
6.    How are you monitoring billing in your AWS account(s)?
  • Use detailed billing to monitor your monthly usage regularly
  • Use consolidated billing for multiple accounts.

 

Refer to the following AWS resources for more details:

AWS Well-Architected Framework

What is Amazon CloudWatch Logs?

Definition of Preventative controls, Detective controls and Corrective controls – Fundamentals of Information Systems Security (David Kim, Michael G. Solomon)

 

Next up in the blog series, is Part 5 – Incident Response in AWS – best practice checklist. Stay tuned.

 

Let us know in the comments below if we have missed anything in our checklist!

DISCLAIMER: Please be mindful that this is not an exhaustive list. Given the pace of innovation and development within AWS, there may be features being rolled out as these blogs were being written ;). Please note that this checklist is for guidance purposes only. For more information, or to request an in-depth security review of your cloud environment, please contact us.

 

Author: Neha Thethi

Editor: Gordon Smith

 

The post AWS Cloud: Proactive Security and Forensic Readiness – part 4 appeared first on BH Consulting.

Moving to a Software-Defined Data Center and Its Impact on Security

For 57% of enterprise organizations in our latest survey on cloud adoption, IT infrastructure took the form of a hybrid cloud, i.e. a mix of public cloud infrastructure-as-a-service (IaaS) and some form of private cloud data center. At McAfee, we spend a lot of time speaking about the benefits of using public cloud infrastructure providers like AWS and Azure. We spend less time discussing private cloud, which today is increasingly software-defined, earning the name “software-defined data center” or SDDC.

Infrastructure designed to operate as an SDDC provides the flexibility of cloud with the most control possible over IT resources. That control enables well-defined security controls with the potential to rise above and beyond what many teams are used to having at their disposal in a traditional data center, particularly when it comes to micro-segmenting policy.

To start, the concept of software-defined data center describes an environment where compute, networking, and often storage are all virtualized and abstracted above the physical hardware they run on. VMware handles the largest share of these virtualized deployments, which is a natural extension of their long history of transforming single-purpose servers into far more cost-effective virtual server infrastructure. The big change here is adding network virtualization through their technology NSX, which frees the network from physical constraints and allows it to be software-defined.

In a physical network, your infrastructure has a perimeter which you allow traffic in/out of. This limits your control to the physical points where you can intercept that traffic. In a software-defined network (a critical part of a software-defined data center) your network can be controlled at every logical point in the virtual infrastructure. For a simple example, say you have 100 VMs running in 3 compliance-based groupings. Here is how your policy could be constructed at a high level in an SDDC:

  1. Group 1: PCI compliant storage. Every VM in this group is tagged for Group 1, and network traffic limited to internal IPs only.
  2. Group 2: GDPR compliant application with customer data. Again, each VM is tagged for its group to share the same policy, this time enforcing encryption and read-only access.
  3. Group 3: Mixed-use, general purpose VMs with varying compliance requirements. In this case, each VM needs its own policy. Some may be limited to single-IP access, others open to the internet. A per-VM policy effectively introduces micro-segmentation to your infrastructure.

The point of these basic examples is to clarify the opportunity that a software-defined data center has to fine-tune policy for your assets held on-premises. If you’re also running in AWS or Azure, then what you’ve kept on-premises likely consists of your most sensitive assets, which require the most stringent protection. Controlling policy down to the individual VM gives you this flexibility. Once you’re controlling policy at the VM-level, you can also monitor and control the communication between those VMs (i.e. east-west or intra-VM), stopping lateral threat movement from one VM to another within your data center.

If you’re in a state where certain assets simply can’t enter the public cloud, and you want to make improvements in your resource efficiency and protection strategy, you should consider building out a plan to completely virtualize your data center, including the network. To help you with that strategy, we partnered with VMware and research firm IDC to write a short paper on the security benefits of adopting a software-defined data center. You can read it here to dive deeper into this topic.

The post Moving to a Software-Defined Data Center and Its Impact on Security appeared first on McAfee Blogs.

College Bound? 7 Important Technology Habits for Students

You’ve loved, shaped, and equipped your child to succeed in college and move in day is finally here.  But there’s still one variable that can turn your child’s freshman year upside down, and that’s technology.

That’s right, that essential laptop and indispensable smartphone your child owns could also prove to be his or her biggest headache if not secured and used responsibly. College students can be targets of identity theft, malware, online scams, credit card fraud, property theft, and internet addiction.

The other part of this new equation? You, parent, are no longer in the picture. Your child is now 100% on his or her own. Equipping time is over. Weekly tech monitoring and family chats are in the rearview mirror. Will they succeed? Of course, they will. But one last parenting chat on safety sure can’t hurt. Here are a couple of reminders to share with your college-bound kids.

7  Technology Habits for Students

1. Minimize use of public computers. Campuses rely on shared computers. Because campus networks aren’t always secure, this can open you up to identity theft. If you have to log on to a public computer be it a cafe, library, or lab, be sure to change any passwords each time you return. If you are working with a study group, don’t share passwords. Public devices can be prone to hackers seeking to steal login credentials and credit card numbers. If you do use public devices, get in the habit of browsing in the privacy mode. Clear browser history, cookies, and quit all applications before logging off.

2. Beware when shopping online. Online shopping is often the easiest way for students to purchase essentials. Be sure to use a secure internet connection when hitting that “purchase” button. Reputable sites encrypt data during transactions by using SSL technologies. Look for the tiny padlock icon in the address bar or a URL that begins with “https” (the “s” stands for secure) instead of “http.” Examine the site and look for misspellings, inconsistencies. Go with your instincts if you think a website is bogus, don’t risk the purchase. Online credit card fraud is on the rise, so beware.

3. Guard your privacy. College is a tough place to learn that not all people are trustworthy — even those who appear to be friends. Sadly, many kids learn about online theft the hard way. Never share passwords, credit card numbers, or student ID numbers. Be aware of shoulder surfing which is when someone peers over your shoulder to see what’s on your computer screen. Avoid leaving computer screens open in dorm rooms or libraries where anyone can check your browsing history, use an open screen, or access financial information. Also, never lend your laptop or tablet to someone else since it houses personal information and make sure that all of your screens are password protected.

4.  Beware of campus crooks. Thieves troll college campuses looking for opportunities to steal smartphones, laptops, wearables, and tablets for personal use or resale. Don’t carry your tech around uncased or leave it unguarded. Conceal it in a backpack. Even if you feel comfortable in your new community, don’t leave your phone even for a few seconds to pick up your food or coffee at a nearby counter. If you are in the library or study lab and need a bathroom break, take your laptop with you. Thieves are swift, and you don’t want to lose a semester’s worth of work in a matter of seconds.

5. Use public Wi-Fi with caution. Everyone loves to meet at the coffee shop for study sessions — and that includes hackers. Yes, it’s convenient, but use public Wi-Fi with care. Consider using VPN software, which creates a secure private network and blocks people from accessing your laptop or activity. To protect yourself, be sure to change your passwords often. This is easy if you use a free password manager like True Key.

6. Social media = productivity killer. Be aware of your online time. Mindless surfing, internet games, and excessive video gaming with roommates can have an adverse effect on your grades as well as your mental health.  Use online website blockers to help protect your study time.

7. Social media = career killer. We can all agree: College is a blast. However, keep the party photos and inappropriate captions offline. Your career will thank you. Remember: Most everything you do today is being captured or recorded – even if you’re not the one with the camera. The internet is forever, and a long-forgotten photo can make it’s way back around when you least expect it.

8. Don’t get too comfortable too fast. Until you understand who you can trust in your new community, consider locking your social media accounts. Disable GPS on mobile apps for security, don’t share home and dorm addresses, email, or phone numbers. While it may be the farthest thing from your mind right now — campus stalking case are real.

toni page birdsong

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

The post College Bound? 7 Important Technology Habits for Students appeared first on McAfee Blogs.

Identifying Network Anomalies in Microsoft Azure – Cloud Workload Security and Azure Network Watcher

Monitoring the Microsoft Azure virtual network

Network Watcher is a native Azure service which provides performance monitoring and diagnostic services for Azure tenants. A plethora of logging and diagnostic data are available through Network Watcher which enable insights to your network performance and health. By combining the diagnostic and monitoring capabilities of Network Watcher with the automation and discovery and defense of elastic workloads provided by McAfee Cloud Workload Security (CWS), you now have a comprehensive toolset for end-to-end network visibility.

Network Topology 

Network Watcher enables you to visualize the complete network topology of your application in just a few clicks.

IP Flow Verify

A critical diagnostic tool is being able to check if a flow is allowed or denied to or from a virtual machine. With IP flow verify, you can easily validate whether the flow – ingress and egress – is allowed or denied. This includes combining data from source IP, destination IP, source port, destination port and protocol.

Security Group View

With Network Watcher, you can ensure proper security is present for audit and security measures with programmatic configuration of security groups. You also can increase security posture and more tightly configure firewall rules amongst resource groups by ensuring security groups are in place.

These are just a handful of diagnostic tools facilitated through Network Watcher, which are extensive and robust in data and can be utilized through Azure native APIs. While this context is rich and the logs are comprehensive, it’s critical to be able to quickly and efficiently identify threats and immediately enable actionable workflows that isolate root causes and diminish dwell time. Network Watcher and McAfee’s Cloud Workload Security (CWS) together form a firmly interlocked powerhouse that ensures tight audit controls, proper security control overlay, and effective remediation actions to provide an optimal threat mitigation solution.

McAfee Cloud Workload Security and Azure Network Watcher

As we have established a relative baseline understanding of Network Watcher, let’s peel back another layer to further analyze how Azure traffic flows into the mesh of interoperability with McAfee Cloud Workload Security (CWS).

How does Azure traffic work?

When Network Watcher and the Network Security Groups (NSG) Flow logs are properly enabled, Microsoft Network Watcher captures traffic flows in the Azure cloud. Once the flow logs are enabled for an NSG, Azure Connector collects traffic for successfully provisioned NSGs and VMs associated with them. The discovered traffic will be visible in the traffic visualization section of McAfee CWS.

How does CWS capture Azure Traffic?

  1. During every sync CWS verifies if there are any powered-on Azure instances in a region and if Network Watcher is enabled for that region. If the Network Watcher is not enabled for the region, CWS will enable the Network Watcher and configure that to a storage account.
  2. The next check is on the NSGs in that region. CWS verifies if NSG flow log is enabled for every NSG attached with powered-on instances. If the NSG flow logs are not enabled, CWS will enable NSG flow logs.
  3. Once the Network Watcher and the NSG flow logs are enabled, traffic flow logs are captured in the associated storage account. CWS reads these flow logs from the storage account and determines if there are any network anomalies associated with them.

NSG flow logs allow Network Watcher to view information about the traffic in the NSG. When Network Watcher is enabled, the retention period set by Cloud Workload Security for NSG flow logs is 15 days. You can reconfigure the retention period under Network Watcher in the Azure portal.

For more information on McAfee Cloud Workload Security, please visit the McAfee Cloud Workload Security page for feature and solution documentation.

To learn more about Azure Network Watcher and CWS integration check out the Azure Network Watcher blog post.

The post Identifying Network Anomalies in Microsoft Azure – Cloud Workload Security and Azure Network Watcher appeared first on McAfee Blogs.

Finals Week: Cloud Edition

It’s almost summertime—where the nights are longer and the water is warmer! Before we head to the beach it’s time to review all the things we learned about the cloud from the past two quarters.

For #CloudFinalsWeek we’re asking you to prove your knowledge on the current climate of cloud computing and security. Will you be valedictorian or be headed back to class for summer school? Share your cloud finals score on Twitter after completing the assessment to see if you outranked your peers.

Note: There is a widget embedded within this post, please visit the site to participate in this post's widget.

Not prepared? Lucky for you this is an “open-book” test. Find some cheat sheets and study guides below.

Report: Navigating a Cloudy Sky

Blog Post: Cloud is Ubiquitous and Untrusted

Good luck!

The post Finals Week: Cloud Edition appeared first on McAfee Blogs.

High-Tech & Hackable: How to Safeguard Your Smart Baby Devices

It’s just about as creepy as it gets: A hacker breaking into a smart device in your baby’s nursery. The Internet of Things (IoT) has wrapped our homes technology, which means any piece of technology you own — be it a smartphone, a thermostat, or even a baby toy or monitor — is fair game for hackers.

High tech products geared toward parents of newborns and kids are on the rise. Reports show that new parents are fueling this industry and purchasing everything from smart diapers, onesies, baby monitors, digital bassinets, soothers, high-tech swings, breathing monitors, play pads, and a string of smart toys. Parents purchasing baby tech and digital toys are counting on fresh tech ideas and products to increase efficiency and maintain a constant connection to their kids.

But these seemingly efficient products, some argue, could be increasing parent’s stress in some cases. Are these tech products, which are also highly hackable, worth the risk and worry?

The Pros

Peace of mind, safety. Smart baby devices give anxious parents added peace of mind when it comes to worries. Who doesn’t want to see their sweet baby deep in sleep and go to bed without worry? Given a chance, many parents welcome the opportunity to know their baby’s temperature, oxygen levels, heartbeat, and breathing are on track.

Remote monitoring, convenience. When you can be downstairs or working in the yard, or in your home gym, and still check on a sleeping baby, that’s an incredible convenience that many parents welcome as a productivity booster.

Learning and development. Many parents purchase smart devices for kids in an effort to help them stay on track developmentally and ensure they are prepared for the tech-driven world they are heading into.

The Cons

Hackable. Any device that is web-enabled or can connect to the cloud has the potential to be hacked, which can create a whole new set of issues for a family. If you are getting sleeping, breathing, and health data on your child, anyone else could be getting that same information.

False readings. Baby technology, as useful as it appears, can also have glitches that medical professionals argue can be more harmful than helpful. Can you imagine waking up at 2 a.m. to a monitor alarm that falsely says your baby isn’t breathing?

Complex, pricey. Some of the products can be complicated to program and set up and pricey to purchase or replace.

So why would a hacker even want to break into a baby monitor, you may ask? For some hackers, the motive is simply because they can. Being able to intercept data, crash a device, or prove his or her digital know-how is part of a hacker’s reward system. For others, the motives for stalking your family’s activities or talking to kids in the middle of the night can prove to be a far more nefarious activity.

Tips to safeguard baby tech:

Think before you purchase. According to the tech pros, think before buying baby tech and evaluate each item’s usefulness. Ask yourself: Do I need this piece of technology? Will this product potentially decrease or increase my stress? If a product connects to the wi-fi or the cloud, weight its convenience against any risk to your family’s data.

Change default passwords. Many products come with easy-to-guess default passwords that many consumers don’t take the time to change. This habit makes it easy for hackers to break in. Hackers can also gain access to entire wifi networks just by retrieving the password stored on one device. (Sometimes all a hacker does is google a specific brand to find the product’s password — yes, it’s as easy as that!)

Buy from known brands. Buy from reputable manufacturers and vendors. Google to see if that company’s products have ever been digitally compromised. And although it’s tempting to get your device used to save a little money, second-hand technology might have malware installed on it so beware.

Update software, use strong passwords. If there’s a software update alert connected to your baby tech, take the time to update immediately and be sure to choosing a password with a minimum of 16 characters and not using the same password for more than one device.

Turn off. When your devices are not on, there’s no vulnerability so, even with all the safeguards, remember to turn off devices not in use for that last layer of protection.

toni page birdsong

 

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post High-Tech & Hackable: How to Safeguard Your Smart Baby Devices appeared first on McAfee Blogs.

The Cloud: Crossroads or Fast Lane for Enterprise Databases?

As someone who has enjoyed spending time with many a DBA (database administrator) over the years, and for better or worse has spun up a fair few DBMS (Database Management System) himself, I’m excited and also just a little scared of the potential that the hybrid cloud holds.

It is exciting to think about all the possibilities hybrid cloud environments bring. Imagine, Database power at scale. Whenever, wherever, elastic with built-in failover and load balancing. No more long provisioning cycles, masses of approvals and justifications to get that new hardware. Everything is available at a moment’s notice and ready to help the business grow. In short, it’s any application developers dream come true and most DBA’s nightmare.

No matter which research, the trend is clear. Enterprise Databases are moving to the cloud, but what will end up lurking in the dark?

The management of DBMS instances in any organization is already challenging as it is. Not knowing exactly how many Databases exist at any given time is far too common, making it next to impossible to manage the risk appropriately. Making sure potential vulnerabilities are patched or at least can not be exploited (SQL Injections, misconfigured instances, weak account passwords etc) is the standard cat and mouse game of every DBA. On top of that, there is data protection. Monitoring and auditing access to the organization’s most valuable data has become one of the biggest challenges organizations face.

Location, Location, Location – Is not important!

Unlike in real estate, location really isn’t important. Monitoring the database workload and how many instances, databases, and servers are spun up must follow the same rigor in the cloud as it does within the on-premise datacenter.

The monitoring of suspicious requests that may indicate malicious behavior to the DBMS  needs to follow the same policies, rules, and possibilities in the cloud as on-premises. Intercepting and stopping malicious connections has to be possible across the whole infrastructure – from on-premises to cloud.

Last but by no means least, auditing and monitoring of sensitive information, whether that is PCI DSS, HIPAA, SOX or PII data must be seamless between on premise and any cloud instance.

Once these cross-locational policies and monitoring capabilities are in place, the hybrid database environment turns indeed into a fast lane, allowing businesses to scale much faster and much more seamlessly than ever before.

McAfee is helping to fill the need in this hybrid environment by offering a software-based Database Security solution that allows the monitoring of database instances across both on-premise and the cloud. Non-intrusive, lightweight and easy to deploy, McAfee’s Database Security allows customers to enjoy all the exciting benefits of moving to a hybrid cloud enterprise database environment, while retaining control over security, risk and data protection.

For more information, head over to the product information page here.

The post The Cloud: Crossroads or Fast Lane for Enterprise Databases? appeared first on McAfee Blogs.

Application Development GDPR Compliance Guidance

Last week IBM developerWorks released a three-part guidance series I have written to help 
Application Developers develop GDPR compliant applications.

Developing GDPR Compliant Applications Guidance

The GDPR
The General Data Protection Regulation (GDPR) was created by the European Commission and Council to strengthen and unify Europe's data protection law, replacing the 1995 European Data Protection Directive. Although the GDPR is a European Union (EU) regulation, it applies to any organizations outside of Europe that handle the personal data of EU citizens. This includes the development of applications that are intended to process the personal information of EU citizens. Therefore, organizations that provide web applications, mobile apps, or traditional desktop applications that can indirectly process EU citizen's personal data or allow EU citizens sign in are subject to the GDPR's privacy obligations. Organizations face the prospect of powerful sanctions should applications fail to comply with the GDPR.

Part 1: A Developer's Guide to the GDPR
Part 1 summarizes the GDPR and explains how the privacy regulation impacts and applies to developing and supporting applications that are intended to be used by European Union citizens.

Part 2: Application Privacy by Design
Part 2 provides guidance for developing applications that are compliant with the European Union’s General Data Protection Regulation. 

Part 3: Minimizing Application Privacy Risk

Part 3  provides practical application development techniques that can alleviate an application's privacy risk.

The Ramifications of the Skills Shortage on Cloud Security

Week over week, a new threat against valuable data emerges. Sometimes, adversaries in cybersecurity find ways to infiltrate systems through advanced malware strains. Other times, they’ll find holes in an organization’s infrastructure, which have been accidentally created by a well-intentioned employee. Both occur all too often, but the latter is actually tied to another threat facing the cybersecurity industry – the skills shortage.

Mind the gap

The skills shortage is a term those in the industry all are too familiar with. While agile and powerful threats are on the rise, the amount of talented cybersecurity professionals is not – leaving a gaping hole in security strategy that existing employees just can’t fill. In fact, according to McAfee’s recent study Winning the Game, IT leaders report needing to increase their security staff by 24% to adequately manage their organization’s cyberthreats. The absence of adequately trained professionals can leave holes in many aspects of modern-day security infrastructure, with one of the widest specifically involving cloud security.

A clouded education

The cloud is a nuanced area in technology and securely managing it requires specific knowledge – which is why it feels the effects of the skills shortage two-fold. In fact, according to our recent report Navigating a Cloudy Sky: Practical Guidance and the State of Cloud Security, more than 25% of organizations using infrastructure as a service (IaaS) or software as a service (SaaS) have experienced data theft from their hosted infrastructure or applications. Furthermore, one in five were infiltrated by advanced attackers targeting their public cloud infrastructures. All too often these attacks originate from user misconfigurations, a lack of updates, or a selection of the wrong technology.

Put two and two together, and these breaches make one thing apparent: organizations are not only lacking cybersecurity talent, but sufficient cloud security talent, which ultimately puts them more at risk of an attack. Mind you, this talent gap is also delaying enterprise migration to cloud computing.

Security skills vs. cloud security skills

However, it’s important to note that the list of skills required for successful cloud security isn’t precisely a carbon copy of what many expect from a cybersecurity professional. Plugging one gap will not always fill the other.

Of course, general security skills – such as incident response, data analysis, and threat hunting –are still crucial when it comes to securing the cloud. But they’re not entirely sufficient. For instance, cloud security professionals and architects need to come to the table with a deep knowledge of identity access management (IAM), deployment automation, and cloud regulatory compliance.

But just like cloud security is a shared responsibility between vendor and customer, so is the cloud security skills shortage between the cybersecurity industry and future professionals. While we must hope that professionals pursue the right training, the cybersecurity industry must also do its part in educating both future candidates and current employees on the ins and outs of modern-day cloud security. And this doesn’t just mean teaching the correct configurations for AWS either, but rather helping these professionals learn about the tenets of cloud adoption, including costs, monitoring, potential barriers, and more.

To plug your cloud security skills gap, the answer is not to hire quickly, but rather hire and train strategically. Evaluate what security issues your cloud infrastructure has faced and map those issues back to the applicable skills needed to address them. From there, securing IaaS and SaaS solutions shouldn’t seem so cloudy to your IT team.

To learn more about what McAfee is doing to help address the cybersecurity skills shortage, be sure to follow us at @McAfee and @McAfee_Business.

The post The Ramifications of the Skills Shortage on Cloud Security appeared first on McAfee Blogs.