Exception Sprawl
Blog Published: 04/28/2014
By Krishna Narayanaswamy, Chief Scientist at NetskopeWe released the Netskope Cloud Report today. One of the key findings of the report is that 90 percent of cloud app usage is in apps blocked by perimeter technology.How can this be the case? Are all the firewalls broken?That usage is the excepti...
The World is Failing to Remediate the Heartbleed Vulnerability
Blog Published: 04/28/2014
By Kevin Bocek, VP, Security Strategy & Threat Intelligence, Venafi. Time is running out to change keys and certificates or else…The world appears to be failing to respond to the Heartbleed vulnerability. In fact well under 16% of vulnerable keys and certificates have been replaced. Experts B...
Responding to New SSL Cybersecurity Threats—Gartner Featured Research
Blog Published: 04/25/2014
By Gavin Hill, Director, Product Marketing and Threat Intelligence, VenafiWhen it comes to defending against advanced threats that take advantage of keys and certificates, most organizations have a gaping hole in their security strategy. Cyber criminals on the other hand know all too well how lit...
Remediating Heartbleed with Next-Generation Trust Protection
Blog Published: 04/24/2014
By Gavin Hill, Director, Product Marketing and Threat Intelligence, Venafi. Heartbleed ImpactThe Heartbleed vulnerability unequivocally demonstrates the impact a single vulnerability has on all organizations when keys and certificates are exposed. Cyber-criminals have unfettered access to the key...
Featured Research: CIRRUS
Press Release Published: 04/24/2014
Stakeholders in cloud computing have varying expectations and requirements related to security in the cloud. Consumers of cloud products are concerned with data portability and cloud interoperability, which ensures privacy and security when migrating data from one cloud to another.Security concer...
CSA Seeks Input on Cloud Data Protection Cert
Press Release Published: 04/24/2014
The Cloud Security Alliance invites you to review the Cloud Data Protection Cert, a new candidate project proposed for inclusion in the CSA Research Portfolio. The Cloud Data Protection Cert will be a web-based tool that presents cloud providers and cloud consumers with a tiered data-sensitivity...
Volunteer Spotlight: David Lingenfelter
Press Release Published: 04/24/2014
David Lingenfelter is a seasoned security professional with nearly 20 years of experience in risk management, information security, compliance and policy development. He is responsible for oversight of all security and compliance aspects of Fiberlink, an IBM company, including physical, applicati...
CSA Responds to President Obama's “Big Data” Initiative Request for Information
Press Release Published: 04/24/2014
On January 17, 2014, President Obama called for senior government officials to lead a comprehensive review of the ways in which “big data” will affect how Americans live and work, and the implications of collecting, analyzing and using such data for privacy, the economy, and public policy. The Pr...
Dropbox joins the Cloud Security Alliance
Blog Published: 04/23/2014
Here at Dropbox, keeping your stuff safe isn’t just part of our mission; it’s our top priority. As part of that, we’ve been engaging with the Cloud Security Alliance (CSA), a not-for-profit organization that promotes and provides education around cloud security best practices. Today, we’re excite...
Don’t Be Blinded by the Next Heartbleed
Blog Published: 04/22/2014
Organizations—from service providers, banks, and retailers to government agencies—were recently blindsided by the Heartbleed bug, a critical vulnerability in the OpenSSL cryptographic software library, which underlies trust for secure transactions worldwide. Attackers wasted no time exploiting th...
ALMOST 90% OF CLOUD PROVIDERS STILL HAVEN’T UPDATED CERTIFICATES 1 WEEK AFTER HEARTBLEED
Blog Published: 04/17/2014
By Harold Byun, Senior director, Product Management, Skyhigh Networks http://blog.skyhighnetworks.com/almost-90-of-cloud-providers-still-havent-updated-certificates-1-week-after-heartbleed/#sthash.FD2ttd1o.dpuf hundreds of cloud providers were vulnerable to the Heartbleed bug in OpenSSL e...
The Tie Between Cloud App Enterprise-Readiness Score and Heartbleed Remediation: 7 Steps You Need to Take Now
Blog Published: 04/17/2014
Krishna Narayanaswamy, Netskope Chief ScientistThe Heartbleed Bug is a serious vulnerability for websites around the world. Many enterprise cloud and SaaS apps were also impacted. While most app vendors have remediated their systems, some remain vulnerable.Netskope researchers have been scanning ...
The Heartbleed Bug: Learn How It Operates
Blog Published: 04/15/2014
By Zulfikar Ramzan, CTO, ElasticaThe entire internet security community was up in arms on Monday as a devastating new bug, Heartbleed was discovered in OpenSSL, the most widely deployed cryptographic function on the web. Google’s security team discovered the malicious bug. Since then OpenSSL has ...
HOW CHICKEN EYES TAUGHT US TO DETECT CLOUD SECURITY BREACHES
Blog Published: 04/15/2014
By Sekhar Sarukkai, SkyHigh Networks A fascinating scientific discoveryThere was a fascinating discovery last month on a new state of matter never before seen in biology in, of all places, the eyes of chicken – a state of “disordered hyperuniformity”. This arrangement of particles in the chicken’...
FTC Recognizes Value of Trust Established by SSL and Digital Certificates
Blog Published: 04/14/2014
By KEVIN BOCEK, VP, SECURITY STRATEGY & THREAT INTELLIGENCE, VENAFIAttacks on digital certificates and trusted connections drive FTC to actionRecognizing that the trust established by Secure Sockets Layer (SSL) and digital certificates plays an important role in everyday life, the US Federal ...
Mad Max Here We Come: Heartbleed shows how much we blindly trust keys and certificates (and take them for granted)
Blog Published: 04/10/2014
KEVIN BOCEK, VP, SECURITY STRATEGY & THREAT INTELLIGENCE, VENAFI The race is on to respond and remediate by replacing keys and certificates in use with millions of applications because patching won't help. The world runs on the trust established by digital certificates and cryptographic key...
24 HOURS AFTER HEARTBLEED, 368 CLOUD PROVIDERS STILL VULNERABLE
Blog Published: 04/10/2014
By Harold Byun, Skyhigh NetworksOver the past weeks, security teams across country have been grappling with end of life for Windows XP, which is still running on 3 out of 10 computers. That issue has been completely overshadowed with news of the Heartbleed vulnerability in OpenSSL, which is used ...
Cloud Policy? I’ll Take a Sharp Stick in the Eye, Please!
Blog Published: 04/10/2014
By Jamie Barnett, VP Marketing, NetskopeWe were struck by a survey we conducted with RSA Conference attendees in February when we learned that even though more than 60% of respondents didn’t have or didn’t know if they had a cloud app policy, 70% cared enough to think about their organization’s p...
DON’T LET THE END OF SUPPORT FOR WINDOWS XP PUT YOUR CORPORATE DATA AT RISK
Blog Published: 04/10/2014
By Harold Byun, Skyhigh Networks April 8 = Y2K all over again?I may be dating myself a little bit here by writing this, but at the turn of the century, the impending arrival of the year 2000 led to multi-year coding projects, systems upgrades, and a massive testing effort to ensure Y2K compliancy...
CSA Seeks Input on Open Peer Review: CAIQ v3.0.1
Press Release Published: 04/09/2014
CSA has kicked off the Consensus Assessment Initiative Questionnaire (CAIQ) v3.0.1 open peer review period, to be held now through May 8, 2014. Please consider participating in this peer review by leaving your comments on the CAIQ v3.0.1. This updated version of the CAIQ realigns the quest...