We would like to get your opinion on which Open Technologies you are familiar with, would like to know more about, a poll on more popular technology stacks vs some you might want to know about, following the ones which we think should be getting your attention.
Best practices cases webinar by OpenCloudification for use of cloud and open cloud technologies for technology and manufacturing companies. Part of the OpenCloudification.com series supporting ICT and manufacturing companies embracing cloud, open cloud technologies and digitally transforming. Some of the following topics were handled : why would a technology company or manufacturing company consider use of cloud and open cloud, technology and manufacturing use cases explained, the basic business cases for technology and manufacturing companies, make your own, some first steps, what to prepare for cloudification and digitization, …
The “Cloud and Threat Report” for 2022 from Netskope Threat Labs highlights a cloud malware delivery increase in cloud environments, with Microsoft OneDrive leading the charts as the origin of the majority of cloud malware downloads, together with phishing, scams, credit card skimmers, exploit kits, and other malicious web content, emphasizing the importance of inspecting all content from all destinations for both web and cloud. Netskope detected malware downloads from 401 distinct cloud apps in 2022. The report states that the percentage of malware downloads increased, ending the year ten points higher than in 2021. In the last year, 48% of HTTP/HTTPS malware downloads originated from cloud apps, whereas 30% of all cloud malware downloads originated from Microsoft OneDrive, which is a reflection of attacker tactics, user behaviour, and company policy. By industry vertical, the largest increases in cloud malware downloads occurred in healthcare, manufacturing, and telecom. Per specific sector, Google Drive takes the top spot in retail and Azure Blob Storage leads in healthcare. The majority of malicious web content is hosted on a variety of different types of sites. The top ten categories include uncategorized sites and marketing sites, which account for only 13.6% of the total malicious web content access. Attackers have been populating their websites with enough content to make them seem legitimate, and only using them to host malicious content after they have been around long enough to blend in. They have also been abusing free hosting services and compromising existing websites to deliver malicious content.
Keep Your Cloud Protected
Several measures for organizations to protect themselves against cloud-delivered malware and malicious web content. These include:
Deploy multi-layered, inline threat protection for all cloud and web traffic to block inbound malware and outbound malware communications.
Enforce granular policy controls to limit data flow, including flow to and from apps, between the company and personal instances, among users, and to and from the web, adapting the policies based on device, location, and risk.
Deploy cloud data protection to limit the movement of sensitive data, including preventing its movement to unauthorized devices, apps, and instances.
Invoke real-time coaching to users to use safer app alternatives to protect data, justify unusual data activity, and provide step-up authentication for risky conditions within business transactions.
Reduce browsing risk for newly registered domains, newly observed domains, uncategorized websites, and other security risk categories by using remote browser isolation (RBI).
Mitigate the risk of stolen credentials by enabling multi-factor authentication (MFA) and extending MFA to unmanaged apps via an identity service provider or Security Service Edge (SSE) platform.
Use behavioural analytics to detect compromised accounts, compromised devices, and insider threats.
Enable zero trust principles for least privilege access to data with continuous monitoring and reporting to uncover unknown risks using a closed loop to then further refine access policies.
Cloud repatriation refers to the process of moving data and applications back to traditional, on-premises systems from a public cloud provider. This trend is usually driven by the high costs and complexity of cloud computing, as many enterprises have found that their cloud bills are higher than expected. This is often due to inefficiencies in their migrated applications and data. While refactoring these workloads to be more cost-efficient on the cloud can be time-consuming and expensive, repatriation may be a more cost-effective option in some cases, particularly for workloads that do not require advanced cloud-based services or can take advantage of the lower prices of traditional data center hardware. However, when deciding whether to repatriate workloads to a traditional data center or not, it is important to consider some variables, like dependencies on specialized cloud-based services or the potential cost savings from native cloud capabilities.
Some tips to avoid cloud repatriation and therefore save money and time can be taken. OpenCloudification can help, either if you are looking for the expertise or simply to double-check that you are following these steps correctly:
Plan and prepare the migration process: Take the time to thoroughly assess your current workloads and determine which ones are suitable for the cloud. Consider factors such as the workload’s performance and scalability requirements, as well as any dependencies on cloud services.
Refactor your applications and data for the cloud: This can involve redesigning your applications to take advantage of native cloud capabilities such as auto-scaling and security, as well as optimizing your data storage for the cloud.
Monitor and manage your cloud costs: Keep track of your cloud usage and expenses, and take steps to optimize your cost efficiency. This can involve turning off idle resources or using cost-effective storage options, for instance.
Review your cloud contract: Make sure you understand it and ensure that it aligns with your business needs.
Use a cloud management platform: It can help you automate and optimize your cloud usage, as well as provide visibility into your cloud costs and performance.
Cloudification offers many great opportunities, is the way to go, but requires some cybersecurity consideratoins. Learn from some of the mistakes and incidents that happened in the previous years : 1. failing to implement “any” security measures; 2. misconfiguration of Azure buckets; 3. management dashboard publicly available over the internet; 4. compromised employee accounts (to access development environment); 5. breaching cloud-based data networks; 6. misconfigured AWS S3 bucket; 7. unsecured Elasticsearch database with operational data; 8. private cloud infected with ransomware; 9. deployment error for AWS Analytics (by Amazon); 10. no password protection (and misconfigured AWS S3); … For more information go to the full articles : https://www.immuniweb.com/blog/top-10-cloud-security-incidents-in-2022.html
According to the report “The State of Zero Trust Transformation 2023” by cloud security firm Zscaler, more than 90% of IT leaders who have started migrating to the cloud have implemented or are planning to implement a zero-trust security architecture. This approach, which is based on the principle that no user, device, or application should be inherently trusted, is seen as the ideal framework for securing enterprise users, workloads, and IoT/OT environments in a highly distributed and mobile-centric world.
Implementing a zero-trust model can bring advantages, like reducing the risk of data breaches and other security incidents by requiring all access to be carefully verified and controlled. With a zero-trust model, organizations can grant access to resources and systems on an as-needed basis, rather than relying on a perimeter-based approach. This can be especially useful for organizations with distributed workforces or that need to grant access to external partners or vendors. In addition, a zero-trust model can help organizations to meet various compliance requirements, such as those related to data protection and privacy.
At the same time, implementing a zero-trust model can be complex, and may require significant investment in security infrastructure and resources. The added security measures required may lead to longer login times and other delays, which can impact productivity and users may find the additional security measures required by a zero-trust model to be inconvenient, particularly if they need to authenticate multiple times or use different methods to access different resources.
The report also found that IT leaders see security, access, and complexity as the top concerns in the cloud and that traditional VPNs and perimeter-based firewalls are ineffective at protecting against cyberattacks or providing visibility into application traffic and attacks.
It’s worth noting that the specific pros and cons of implementing this model will depend on an organization’s specific needs and priorities. Organizations should carefully consider their security requirements and resources when deciding whether to implement a zero-trust model.
Cloud technology is expected to see massive growth in 2023, with worldwide public cloud spending forecast to increase 20.7% to $591.8 billion. The shift to cloud technology is no longer optional as it offers too many benefits, especially in an uncertain economy, according to Scott Chasin, Chief Technology Officer of Pax8. The global pandemic and work-from-home mandates have led to companies speeding up their digital transformation investments and moving to cloud-based telecom and applications to support remote working and serve customers. The elasticity and scalability of the public cloud reduce the financial risk of innovation while enabling business agility and new applications. The growth of cloud consumption in 2023 will be driven by the continuation of hybrid cloud adoption, the evolution of artificial intelligence and machine learning, and the increased importance of customer experience. Read the full article here.
Prometheus became the leading open source monitoring solution used globally by tens of thousands of organizations. Prometheus helped those organizations to better understand and monitor their systems and has been a critical part of many successful outages and incident response efforts. O11y.eu celebrates its anniversary.
Moving to the cloud is not an easy passage for everyone, but the rewards are infinite. Here we share some success stories from companies that moved to the cloud or adopted some of these technologies from the cloud. These are also some of the topics that OpenCloudification aims to cover and improve.