CLOUD APP MANAGEMENT
Deepfence | May 18, 2022
Deepfence, a pioneer in the emerging security observability and protection space, today announced at KubeCon + CloudNativeCon Europe 2022 the launch of Deepfence Cloud, a fully managed offering that enables customers to deploy Deepfence’s security observability solution across multiple cloud platforms. With Deepfence Cloud, enterprise security teams can now gain comprehensive visibility across their entire cloud native infrastructure in minutes, without the administrative burden of deploying and managing on-premises resources.
Modern applications are cloud based, highly distributed, and constantly changing, which makes intelligent and timely security observability essential for organizations striving to protect their customers and themselves while staying ahead of attackers. Deepfence Cloud, built on the ThreatStryker offering from Deepfence, observes runtime indicators of attack (IoA) and indicators of compromise (IoC) and correlates events to tell the story of each attack as it evolves. With Deepfence Cloud, enterprises can easily tap into ThreatStryker to provide targeted security for their applications against known and unknown threats, in real time, with faster deployment and lower overhead.
“At Deepfence, we’re on a mission to help enterprises secure all their cloud native applications and infrastructure against the increasing onslaught of cybersecurity threats. With the launch of Deepfence Cloud, we’re making the product more flexible and accessible, so customers at any stage of their security journey will be better protected by our powerful suite of security observability technologies. Better, more accessible protection will empower security teams to do what they do best—focus on protecting their applications, businesses, and customers.”
Shyam Krishnaswamy, Co-Founder and CTO at Deepfence.
Deepfence Cloud is a fully-managed security solution for users who need to integrate Deepfence’s powerful security solutions across multiple cloud platforms, with simple user management, access control, scaling, and integration. From a single Deepfence Cloud dashboard, customers can view their entire cloud estate and drill down to individual applications and functions, with SSO and integration with enterprise identity platforms.
Deepfence Cloud comes with a free trial that makes it easy for security professionals to evaluate Deepfence as the cloud native security observability platform for their production workloads. To learn more and sign up for free, visit deepfence.io/cloud.
Deepfence is an essential security observability platform for cloud and container native environments. Based on a “security as a microservice” model, Deepfence measures and maps runtime attack surfaces, and provides full-stack protection from known and unknown threats. Deepfence ThreatMapper helps protect the increasingly vulnerable software supply chain by automatically scanning, mapping and ranking application vulnerabilities and sensitive secrets in running containers, images, hosts and repositories—from development through production. Deepfence ThreatStryker uses industry attack heuristics to interpret ThreatMapper intelligence and telemetry, identifying attacks-in-progress and deploying mitigating firewall and quarantine measures.
ICF | June 01, 2022
ICF (NASDAQ:ICFI), a global consulting and digital services provider, is partnering with Google Cloud to expand its cloud and analytics services to public sector clients.
"As organizations across the public sector execute on their digital transformation strategies, there is an increased need for technology partners and solutions that seamlessly support these transformation goals," said Lesta Brady, director, federal sales, Google Cloud. "We're pleased to partner with ICF and continue helping customers across the public sector with the solutions and expertise they need to move into the next stage of their digital transformation journeys."
ICF's partnership with Google Cloud illustrates ICF's success in accelerating digital transformation for federal agencies on Google Cloud's platform, which includes supporting federal health clients such as the National Cancer Institute and many others.
The partnership further expands the company's digital and partnership ecosystem in support of its multi-cloud strategy. Combining ICF's deep domain and technology consulting expertise with new Google Cloud capabilities enhances ICF's capabilities to rapidly deploy digital solutions that advance our customers' missions and increase operational efficiency.
"ICF's partnership with Google Cloud strengthens our ability to bring greater innovation to federal agencies so they can deliver better citizen services, faster, With Google Cloud as a partner, ICF can provide more clients with the interdisciplinary partners they need to accelerate their migrations to the cloud and increase their mission impact."
Mark Lee, ICF executive vice president and public sector lead
ICF combines public sector domain expertise with an ecosystem of platform partners and digital practices to deliver responsive, scalable solutions that achieve clients' mission outcomes and a step change in productivity. The company's digital solutions help mission leaders solve critical problems, modernize systems, harness the power of data and analytics and optimize the customer experience to drive positive change from within.
Read more about ICF's digital transformation and federal health IT services and its technology partnerships.
ICF is a global consulting services company with approximately 8,000 full- and part-time employees, but we are not your typical consultants. At ICF, business analysts and policy specialists work together with digital strategists, data scientists and creatives. We combine unmatched industry expertise with cutting-edge engagement capabilities to help organizations solve their most complex challenges. Since 1969, public and private sector clients have worked with ICF to navigate change and shape the future.
CLOUD APP DEVELOPMENT
Aptum | June 18, 2022
Aptum, a hybrid multi-cloud managed service provider, has announced Part 2 of its annual Cloud Impact Report 2022, titled Solving the Data Security Equation. The report examines the complexities inherent in hybrid cloud environments and their implications on security, data governance, compliance and disaster recovery. In particular, it finds that while companies are convinced of the value of cloud computing, its drivers have evolved.
Drivers to the cloud
When it comes to the value of cloud, the majority of respondents (91%) consider cloud computing to be essential for data management. In fact, more than half (54%) believe cloud transformation has had a positive impact on data governance.
While financial considerations have traditionally been a common driver, the study shows a shift in focus for many organizations, especially as security concerns evolve and continue to be top-of-mind:
50% of respondents cited efficiency as the top motivator for cloud investments
Increased security is the second most important business driver for organizations investing in cloud computing, with 48% of respondents citing it as a key factor in their investment
Resilience is also a primary driver of cloud computing investments for 40% of companies
During the pandemic, organizations had to hastily increase their cloud deployments to support the increase in remote work, enhance business resilience and enable greater flexibility. As a result, many businesses naturally moved toward a hybrid model. In fact, 86% of respondents said their organization has adopted a hybrid or multi cloud approach to cloud deployments.
For many organizations, the move to hybrid has meant their environments have become increasingly complex as data and workloads are now located across a range of cloud and non-cloud infrastructures.
As a result, many are grappling with complexities traditionally associated with hybrid cloud environments, such as data and workloads being located across a range of cloud and non-cloud infrastructures. Of those respondents, the top challenges cited in managing their environments include control and governance of access to cloud environments (90%); a clear mechanism to detect and respond to security threats across all environments (90%); and the ability to efficiently meet requirements of compliance audits (90%).
Impacts on security
The study showed that managing security effectively is no longer just an issue of securing data within each environment; data must also be secured as it moves between locations.
“Businesses use different environments for different purposes. A platform for application development and another as a production site, for example. That’s where you achieve the benefits of a hybrid cloud environment,” explains Marvin Sharp, Vice President of Product and Strategy at Aptum. “But moving workloads between the two environments puts data at risk. Therefore, in a hybrid work environment, organizations need to consider securing point A and point B, as well as the movement of data between them.”
When it comes to disaster recovery, the study’s results tell a similar story of complexity. Disaster recovery is amongst the top reasons organizations are continuing to move data to the cloud, with 37% of respondents citing improved data backup services and disaster recovery as a driver. However, 87% of respondents cite the ability to provide Service Level Agreements (SLAs) to the business as a key consideration.
“Disaster recovery is traditionally thought of as being in one environment – usually very secure public or private cloud facilities,” says Sharp. “Various experiences of downtime during the pandemic confirmed the importance of a coherent disaster recovery strategy. But as hybrid environments become more widespread, disaster recovery becomes more complex, and it’s likely to become more dispersed as a result.”
Strategy is key to cloud transformation
The study’s results reveal that only 20% of organizations surveyed have a holistic cloud strategy in place. The other 80% have a fragmented approach to cloud transformation that lacks the necessary big-picture thinking. The results also reaffirm a singular holistic cloud strategy must have security principles embedded in its design at the earliest stage possible. By doing so, businesses can take an integrated approach to security, mitigate threats and minimize risks across their entire infrastructure stack. This will eliminate any disconnect between the cloud's promise of secure, reliable operations and what organizations will actually experience.
The study canvassed the opinions and approach to cloud technology of 400 senior IT professionals. Respondents were from organizations with 250+ employees in the U.S., Canada and UK. Industries included financial services, technology, telecommunications, manufacturing, retail, public education and the commercial sector.
Aptum is a hybrid multi-cloud managed service provider delivering complex and high-performance cloud solutions with an integrated secure network. Using its Data As Infrastructure™ approach, Aptum solves complex technology challenges with total solutions and tailored options that drive tangible business outcomes and maximize the value of its clients’ technology investments. Aptum’s cloud and global network solutions, underpinned with expert managed and professional services, offer genuine choice and adaptability with international reach spanning North America, Latin America, Europe and the United Kingdom. Aptum is a portfolio company of DigitalBridge, a global investment firm dedicated to strategic opportunities in digital infrastructure.
CLOUD APP MANAGEMENT
Thales | June 08, 2022
The 2022 Thales Cloud Security Report, conducted by 451 Research, part of S&P Global Market Intelligence, reports that 45% of businesses have experienced a cloud-based data breach or failed audit in the past 12 months, up 5% from the previous year1, raising even greater concerns regarding to protecting sensitive data from cybercriminals.
Globally, cloud adoption and notably multicloud adoption, remains on the rise. In 2021, organisations worldwide were using an average amount of 110 software as a service (SaaS) applications2, compared with just eight in 2015, showcasing a startlingly rapid increase. There has been a notable expansion in the use of multiple IaaS providers, with almost three-quarters (72%) of businesses using multiple IaaS providers, up from 57% the year before. The use of multiple providers has almost doubled in the last year, with one in five (20%) of respondents reporting using three or more providers.
Despite their increasing prevalence and use, businesses share common concerns about the increasing complexity of cloud services with the majority (51%) of IT professionals agreeing that it is more complex to manage privacy and data protection in the cloud. Additionally, the journey to the cloud is also becoming more complex, with the percentage of respondents reporting that they’re expecting to lift and shift, the simplest of migration tactics, dropping from 55% in 2021 to 24% currently.
Security Challenges of Multicloud Complexity
With increasing complexity comes an even greater need for robust cybersecurity. When asked what percentage of their sensitive data is stored in the cloud, a solid majority (66%) said between 21-60%. However, only a quarter (25%) said they could fully classify all data.
Additionally, nearly a third (32%) of respondents admitted to having to issue a breach notification to a government agency, customer, partner or employees. This should be a cause for concern among enterprises with sensitive data, particularly in highly regulated industries.
Cyber-attacks also present an ongoing risk to cloud applications and data. Respondents reported an increasing prevalence of attacks, with a quarter (26%) citing an increase in malware, 25% in ransomware and one-fifth (19%) reporting seeing an increase in phishing/ whaling.
Protecting Sensitive Data
When it comes to securing data in multicloud environments, IT professionals view encryption as a critical security control. The majority of respondents cited encryption (59%) and key management (52%) as the security technologies they currently use to protect sensitive data in the cloud.
However, when asked what percentage of their data in the cloud is encrypted, only one in ten (11%) of respondents said between 81-100% is encrypted. Additionally, key management platform sprawl may be an issue for enterprises. Only 10% of respondents use one to two platforms, 90% use three or more, and almost one in five (17%) admitted using eight or more platforms.
Encryption should be a priority area for enterprises to focus on when it comes to securing data in the cloud. In fact, 40% of respondents stated that they were able to avoid the breach notification process because the stolen or leaked data was encrypted or tokenised, showcasing the tangible value of encryption platforms.
Additionally, it is encouraging to see signs enterprises embrace Zero Trust and investing accordingly. Nearly a third of respondents (29%) said they are already executing a Zero Trust strategy, a quarter (27%) said they are evaluating and planning one and, 23% said they are considering it. This is a positive result, but there is certainly still room to grow.
“The complexity of managing multicloud environments cannot be overstated. Additionally, the growing importance of data sovereignty is increasingly raising questions for CISOs and Data Protection Officers when considering their cloud strategy, governance, and risk management. The challenge is not only where the sensitive data resides geographically, but even who has access to sensitive data inside the organisation. There are various solutions such as encryption and key management. Last but not least, continuing to embrace a Zero Trust strategy will be essential in securing these complex environments, helping to ensure organisations can support their data and manage future challenges.”
Sebastien Cano, Senior Vice President for Cloud Protection and Licensing activities at Thales
Thales and 451 Research will discuss the findings in more detail during a webinar on 23 June 2022. To join, please visit the registration page.
About the 2022 Thales Global Cloud Security Study
As organizations step beyond the urgent actions of the last two years, they’re grappling with securing the more complex environments in which they now operate. The global edition of the 2022 Thales Cloud Security Study looked at various aspects of those impacts in a wide-ranging survey of security professionals and executive leadership that touched on issues including accelerated digital transformation, cloud migration, and the complexities of managing security in a multicloud world. The 2022 Thales Cloud Security Study is based on data from a survey of almost 2,800 security professionals and executive leaders. This research was conducted as an observational study and makes no causal claims.
Thales (Euronext Paris: HO) is a global leader in advanced technologies, investing in digital and “deep tech” innovations – connectivity, big data, artificial intelligence, cybersecurity and quantum computing – to build a confident future crucial for the development of our societies. The Group provides its customers – businesses, organisations and governments – in the defense, aeronautics, space, transport, and digital identity and security domains with solutions, services and products that help them fulfil their critical role, consideration for the individual being the driving force behind all decisions.