Nightfall’s Cloud Security Newsletter 1/7/20
In Nightfall’s Trends in Cloud Security Newsletter, we review the top stories and developments in cloud security. Some of this issue’s highlights include:
- Nightfall provides original reporting on December’s CCPA hearings. Read our most important takeaways for compliance.
- Dark Reading shares 7 lessons about cloud security that we can learn from 7 of 2019’s biggest breaches.
- IBM’s Chris Collard explains how cloud security changed in 2019 and what 2020 will look like.
Read these stories and other timely cloud security stories below.
Top stories from Our Blog
- Speakers at December CCPA Hearings Reveal Biggest Lingering Compliance Gaps
In December, we sat in on the San Francisco CCPA public hearing and read public comments submitted to the California Office of Attorney General to report how companies felt about CCPA compliance ahead of the Jan 1 deadline. Our original reporting was featured in VentureBeat.
- 10 Cloud Developments that Excited Us this Decade
At the end of 2019, we shared what we thought were the most significant developments in the cloud industry last decade and what we hope for the industry in the 2020s.
- Aaron’s Maintains Company Communication Standards On Slack With Nightfall
Last month we provided a glimpse into how Aaron’s, Inc., one of the nation’s largest retailers, uses Nightfall to secure communications across their company.
- 4 SaaS and Slack Security Risks to Consider in 2020
As organizations continue to migrate to the cloud, there are four major SaaS security risks they’ll need to take into account going forward. We wrote about what we think the SaaS threat landscape will look like in 2020.
Incidents in the cloud
- Lessons Learned from 7 Big Breaches in 2019
Last year provided no shortage of data breaches. In this article, Dark Reading summarizes some of 2019’s worst breaches and the important lessons in cloud security they offered.
- Plenty of Fish app was leaking users’ hidden names and postal codes
TechCrunch reports on a data leak found within the Canadian dating app Plenty of Fish by the blog The App Analyst. The leak resulted from API calls containing sensitive information, such as the names and zip codes of users whose profiles were marked as private.
- Names, Social Security numbers exposed in Moss Adams breach
The accounting, consulting and wealth management firm Moss Adams posted a notice about a cybersecurity incident on October 10 centered on an employee email account that was accessed by an unauthorized person compromising PII.
- Wyze: Data Leak Exposes 2.4 Million Customers
User data in Wyze’s database sat out in the open for more than three weeks. Twelve Security, an independent research firm, identified a security vulnerability and reported on it ahead of Wyze.
- Starbucks Devs Leave API Key in GitHub Public Repo
Developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users.
Strategies for securing the cloud
- Cloud Security in 2020 Starts With Protecting Data Wherever It Resides
IBM Security Program Director Chris Collard provides insight into important changes in cloud security in 2019 and makes predictions about what to expect in 2020.
- Conquering the Cyber Security Challenges of the Cloud
Steve Durbin, Managing Director at Information Security Forum, succinctly lays out the challenges ahead for new and existing adoptees of cloud services and infrastructure in today’s cloud ecosystem.
- Addressing the issue of data leakage from the cloud
Paolo Passeri, cyber intelligence principal at Netskope, talks about the issue of data leakage within the cloud and why organizations’ perspective on their responsibility in securing their data in the cloud needs to change.