Cloud Security Resource Week in Review: Awareness, LinkedIn, Soha
It was a week of new studies, new products, and a fair amount of discussion about the dark web in Cloud Security Resource this week. Oh, and a Microsoft security guy tweeted that someone was selling LinkedIn users’ credentials on the dark web for $2,200.
As contributing editor Doug Mohney reported this week, Troy Hunt, Microsoft regional director and MVP for developer security, is the dude who first tweeted about the LinkedIn data breach. And LinkedIn said something like 117 million of its users may have had their email and password combination leaked due to a security breach dating back to 2014.
Speaking of the dark web, TMC and its partners Alan Meckler and Bob Miko just held an event called Inside Dark Web in New York City, and there will be more to come on this topic. However, while the dark web sounds like a bad thing, there is upside to it, as noted by TMC CEO Rich Tehrani in a recent blog.
Tehrani wrote “even though there are some who think there should be no dark web, there are many solid reasons why it is necessary.”
He and Max Schroeder, vice president emeritus of FaxCore Inc., in the upcoming June issue of INTERNET TELEPHONY magazine explain that dark web was invented by the U.S. Naval Research Laboratory to separate address identification from routing to protect U.S. intelligence communications online. The Navy later released the code under a free license agreement, and later a non-profit organization was formed to offer free software and an open network.
“The implementation of dark web technologies and cloud services are proven solutions to eliminate risk,” Schroeder and Tehrani wrote. “However, the reseller/provider must walk a tightrope and be very tactful. Customers need to have the confidence to implement new technologies but also be made to understand that their organizations must follow strict security precautions.”
In studies this week, Crowd Research Partners came out with a report indicating security concerns top the list of barriers to cloud adoption and that unauthorized access through misuse of employee credentials and improper access controls is the single biggest threat to cloud security. There’s a lot of other good stuff in the study, which is based on a survey of 2,200 global cybersecurity professionals. The study was done in collaboration with cloud security vendors Alien Vault, Bitglass, Cato Networks, CloudPassage, Dell Software, Dome9 Security, IMMUNIO, (ISC)2, and Randtronics.
Meanwhile, a survey by Soha Systems revealed that few IT experts think third-party secure access is a priority.
In other Cloud Security Resource news this week, contributing writer Andrew Bindelglass noted that Awareness Technologies recently added User Behavior Reports and Notifications to its InterGuard Suite.
“It uses behavior analytics to monitor the activity of user profiles, establish a baseline of their typical behavior, and alert users when there is a significant deviation, which could be a sign that some malware may have been introduced into the account,” he explained.