In Nightfall’s Trends in Cloud Security Newsletter, we review the top stories and developments in cloud security. Some of this issue’s highlights include:
Join us this month for two 30 minute live webinars. Next week on Tuesday, March 10 we’ll cover how to detect and secure sensitive information in Slack. On Wednesday, March 18 we’ll cover how to detect secrets in GitHub repos with machine learning.
Learn about data leaks in the past month, including one at LabCorp.
Read these stories and other timely cloud security stories below.
Stories from Our Blog
Webinar: How to Discover & Protect Sensitive Data in Slack
Securing sensitive information in the cloud doesn’t have to be difficult. Join us on Tuesday, March 10th at 11 AM PST for a 30 minute live webinar about how to implement data loss prevention (DLP) on Slack.
[ READ MORE ]
Webinar: How to Detect Credentials & Secrets in Code Repositories with Machine Learning
Secrets leaks within code repositories like GitHub are a problem that can be difficult to address without the proper tools. Join us on Wednesday, March 18 at 11 AM PST for a 30 minute live webinar on how you can easily determine if your repositories are leaking credentials, API keys, and other secrets while avoiding false positives and other common pitfalls.
One of the most important steps necessary for securing Slack is to enforce policies about what cannot be shared in Slack channels and workspaces. While there are different types of business-critical data, personally identifiable information (PII), as well as personal information (PI) more broadly, represents one of the most critical risks given the compliance and regulatory standards surrounding this type of data.
This story was originally published in VentureBeat as a guest post On Friday, February 7, the California Office of the Attorney General (CAG) published a “notice of modifications” to the California Consumer Privacy Act (CCPA), followed by an update on Monday, February 10. Learn more about these changes.
Researchers have discovered that a popular photo app leaked the personal data and images of thousands of customers as a result of an unsecured Amazon Web Services (AWS) storage bucket. The discovery was made by vpnMentor whose researchers found that a misconfigured S3 database belonging to the company PhotoSquared, which creates printed photo boards from customers’ digital images.
On January 30, security researcher Jeremiah Fowler discovered a database online that contained what he says was “a massive amount of records.” That internet-facing database had no password protection in place, contained a total of 440,336,852 records, and was connected to the New York-based cosmetics giant, Estee Lauder.
Less than a year after a massive data leak exposed the contact and payment information of 7.7 million patients, American clinical testing giant LabCorp has experienced another significant breach. The number of affected patients is much lower this time estimated to be somewhere over 10,000 documents.
While most large enterprises are moving to the cloud in some form, the path is never as direct as chief information officers (CIOs) and chief information security officers (CISOs) might like it to be. Most come to terms with the fact that the cloud wont be a single offering, but rather a hybrid multicloud that aligns critical applications with cloud service offerings that best suit their needs.
The cloud, once touted as an IT panacea, has a flip side that we see all too often in headlines when malicious actors take advantage of gaps in security. This cannot be repeated enough: Securing data and networks in a cloud environment is very different than doing so on-premises. Drawing from our experience with commercial and government cloud clients, here are five tips that re-emphasize and expand upon the fundamentals.