Cloud Security 101

Managing cloud permissions and configurations As organizations evolve in the cloud, you will find the number of cloud services their teams use and identity permissions that need to be managed increase significantly. These services teams used to build and deliver applications are referred to as assets or resources. Configuring cloud assets, roles, and permissions doesn’t take long to become tedious, time-consuming, and error-prone. The leading causes of security incidents are misconfigurations of assets and over-privileged identities, therefore, it essential to diligently manage these. Discovering cloud…

Your Firewall is Now Everywhere — And Nowhere

Network security has been stuck in a box for too long. Much of what we know consists of perimeter or zone-based rules that limit which network segments can talk to which other network segments over which ports. The workhorse of this world has been the firewall appliance, interconnecting network segments and enforcing these rules. In the meantime, applications have moved to the public cloud and users have left the building. Hybrid work is challenging the very notion of the enterprise WAN. So what does this…

Discover your Cloud Security Posture Maturity Level

ONUG Cloud Native Security Working Group Blog Series Introduction Cloud Security Posture Management (CSPM) is currently one of the fastest growing areas within the field of cloud security; most security vendors are now offering or developing CSPM capabilities. However, enterprises are still trying to build the most effective CSPM program to fit their environment. In many cases, it’s unclear where to start and what the end goal is for the CSPM effort.  To help simplify this process, this post will share guiding principles for implementing…

A More Secure Digital Future

A More Secure Digital Future During my long career, there has been one constant requirement I often hear, “I want to see an end-to-end view of an application.” This is the holy grail to assure great user experience, assure security and observability.  Developers, IT infrastructure and operational teams struggle every day with this lack of visibility of an application’s dependency map. Gaining end-to-end visibility is hard enough when you own every device or piece of software that supports an application as in a private data…

Zero Trust: An Overnight Sensation Decades Later

Introduction Years after the term was coined by Stephen Paul Marsh in 1994 and popularized by John Kindervag more than a decade ago, Zero Trust has become the “new” security solution that addresses the confluence of today’s three critical factors and the emergence of what amounts to a cyber-war on businesses and governments. Zero Trust switches the focus from outward-facing defense of a network perimeter to prevention of unauthorized exfiltration of data and other exploits. This short work looks at why it has become virtually…

Zero Trust: The Critical Essence – An Introduction

On January 12, 2010 Google wrote a blog revealing to the world that it had been breached by attackers sponsored by a nation state.  The attack is now known as ‘Operation Aurora’.[i] Subsequent investigations showed that many other enterprises and government organizations had also been breached by the same attackers.  Among other things, these hackers were targeting source code repositories via software configuration management systems.  Any entity that had already breached perimeter network security and had created a presence on an internal system could reach…

ONUG Collaborative Working Groups Kick Off 2022

Members of The ONUG Collaborative Working Groups are delivering solutions to the challenges faced by today’s Enterprise Multi-Cloud Community. Composed of both vendors and cloud consumers from some of the largest companies in the world, these Working Groups focus on delivering best-in-class solutions, both on-premise and off.  Here’s a quick update on the initiatives being worked on by ONUG’s Automated Cloud Governance, Network Cloud, Cloud Native Security and AIOps Working Groups.  Interested in joining the team? Contact us to find out more.  Automated Cloud Governance…

How to Protect Your Data from Ransomware and Double-Extortion

Malware has been the archenemy of organizations around the globe for years, with ransomware, in particular, being an extremely deadly foe. Locking down victims’ files through encryption and demanding a ransom for decryption has proven to be an effective tactic for cybercriminals, with a steady stream of recent attacks serving as a constant reminder. However, these attackers are continually refining their tactics and have recently turned to double-extortion, whereby they threaten to leak victims’ sensitive files in order to increase the odds of ransoms being paid. Kaseya-style…

Application Architectures: It’s been a journey

ONUG Cloud Native Security Working Group Blog Series #1 Over the next several quarters, the ONUG Cloud Native Security Working Group will be publishing a set of short articles that examine different aspects of modern application security –new threats, the role of big data and machine learning in addressing those threats, how security interacts with the CI/CD development process, and more. The discussion of how to protect today’s applications begins with understanding how applications are built.  And understanding modern application architectures requires us to appreciate…

ONUG Collaborative’s Cloud Security Notification Framework Decorator

As more companies move to a multi-cloud environment, their IT departments become inundated with security notifications. Trying to make sense of these statuses can be challenging as each cloud provider has its own notification formats. Adding one provider doesn’t mean doubling the notifications; the data grows exponentially until enterprises reach the “wall of worry.”  Large enterprises have constructed security infrastructures to process the volume of events being transmitted. However, they require additional staffing to interpret and process the data sent from each provider. The ongoing…