This release of the Qualys Cloud Platform version 2.32 includes updates and new features for AssetView, EC2 Connector, Indication of Compromise, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows.
As cloud computing adoption accelerates among businesses, InfoSec teams are struggling to fully protect cloud workloads due to a lack of visibility into these environments, and to hackers’ increasingly effective attacks.
That’s the main finding from SANS Institute’s “Cloud Security: Defense in Detail if Not in Depth” report, which surveyed IT and security pros from organizations of all sizes representing many industries.
“We’re seeing more organizations moving to the cloud. They’re definitely moving quickly. And security teams aren’t wholly comfortable with the way cloud providers are giving us details about what’s going on in the environments,” report author Dave Shackleford, a SANS Institute analyst and instructor, said during a webcast to discuss the study findings.
It’s happening all over the business world. Organizations of all sizes and in all industries are aggressively deploying innovative products to new online consumer channels, digitizing their core services and transitioning core business workloads to public clouds as part of digital transformation efforts aimed at increasing business efficiency and effectiveness.
This trend represents both a challenge and an opportunity for InfoSec teams. The challenge: To ensure the security and compliance of these cloud instances, without interrupting their deployment. The opportunity: To become a partner to business units by facilitating the adoption of public cloud services and other digital transformation technologies.
The digital transformation opportunities ahead are immense, according to Qualys’ CISO. Digital transformation programs are yielding tangible business benefits, but fundamental security challenges remain, he said during the recent webcast “Securing Your Public Cloud Infrastructure.”
Specifically, InfoSec teams must gain visibility into these cloud workloads, so that they can monitor those assets, identify vulnerabilities and misconfigurations, and promptly remediate problems. Continue reading …
As organizations seek digital transformation benefits and aggressively move workloads to public cloud platforms, InfoSec teams must support their business units’ efforts by adapting and properly protecting these environments.
This may sound surprising to those who think that, when you use a public cloud service, the platform provider takes on all security and compliance tasks. Rather, these public cloud service providers operate on a “shared security responsibility” model, so the burden is split between you and them.
In other words, you get to define your controls in the cloud to protect your data and infrastructure, while the cloud provider takes care of the security of the cloud.