Cloud Security Resource Week in Review: OneLogin, Trend Micro, Uber
Security is a topic that just never seems to get old or uneventful. That’s why this week’s Cloud Security Resource was again packed with news and views. Here’s a refresher as to what we learned this week.
As our friend Peter Bernstein reported on how many companies now have bounty programs that enable ethical hackers to get rewards for finding vulnerabilities they share with the security community. For example, he noted, a Portuguese team recently uncovered flaws in Uber apps that would enable hackers to get free rides and access other passengers’ ride details.
Meanwhile, guest writer Alvaro Hoyos of OneLogin wrote about best practices in designing a cybersecurity training program. The chief information security officer suggested that it’s essential to beware of phishing attacks, safeguard corporate devices, be thoughtful about what you share on social media, and keep shadow IT from hiding in the shadows.
Cloud Security Resource contributing writer Frank Griffin on Wednesday offered up a piece about Trend Micro being featured in a new AWS Quick Start Reference Deployment for National Institute of Standards and Technology (NIST) compliance. "Security and compliance are top of mind for our customers, but both can be time-consuming and resource-intensive processes. For that reason, we’ve created the AWS Enterprise Accelerator for Compliance as a framework to help compress and simplify compliance processes," said Teresa Carlson, vice president of worldwide public sector for Amazon Web Services, as quoted in Griffin’s article.
Yet another article, this one by contributing writer Steve Anderson, discussed what skills are required to secure the cloud. It touched on a new Cloud Security Alliance blog by Brian Dye of the Intel Security Group. The three skills it lists are knowledge of identity and access management systems, policy management, and tracking and locating data on the cloud.