With more attack surfaces and data now outside your firewall, you absolutely need to re-evaluate security in a cloud context. But don’t panic! While the cloud introduces new risks, providers also give you powerful tools to lock things down.

Follow cloud-focused security best practices, and your organization can confidently reap benefits like scalability and cost savings without compromising safety. This guide explores the top challenges you’ll face along with tactical measures for protecting cloud-hosted apps and data. 

Key Security Challenges in Cloud Environments

Adopting cloud computing certainly provides advantages, but you also need to be aware of the new attack surfaces and vulnerabilities you may be exposed to.

Shared Responsibility Model

In the cloud, providers like AWS and Azure are responsible for securing the underlying infrastructure and hardware. But you are responsible for securing everything deployed on top – including web apps, data, and cloud configuration. This “shared responsibility” model means you carry more weight for cloud security than you think.

For example, misconfiguring a cloud database to allow public access could expose sensitive customer data. The provider secured the database software and infrastructure, but you were responsible for the database access permissions. 

Increased Attack Surface

By nature, cloud environments have more points of entry spread across more services and users. Take AWS – with its over 200 services, each component and connection between components represents a potential attack vector. As you deploy more cloud resources, you increase the “blast radius” hackers could exploit to breach other parts of your infrastructure if not properly locked down.

Yet, despite these risks, 66% of organizations currently use more than 25 SaaS applications. It’s not much of a surprise that 44% of them have experienced a cloud data breach at some point. 

Data Security and Privacy Concerns

Migrating data to the cloud necessarily means relinquishing physical control. You risk exposing sensitive customer and internal business data without proper encryption and access controls.

Hackers have lots of motivations for targeting weakly protected cloud data stores – from accessing usernames/passwords for broader identity theft, to holding databases for ransomware attacks against your organization.

Not addressing cloud data security could land you in legal hot water as well. Remember that you are liable for any data mishandled or exposed by cloud providers under most regulatory compliance frameworks like HIPAA and PCI DSS.

Essential Security Measures for Cloud-Based Web Apps

So, now that you understand the primary cloud security challenges, what can you actually do about them? Here are four essential measures you should implement right away to protect your cloud-hosted web apps:

Secure Cloud Configuration and Access Control

Properly configuring cloud resources is at the heart of the “shared responsibility” model. Make security and access control central to your cloud infrastructure strategy from day one.

For each cloud component and service, apply strict permissions and monitor closely for misconfigurations that could unintentionally expose data. Double-check settings like S3 buckets and database connections that are internet-facing by default.

Tools like AWS Config and Azure Policy help systematically enforce and validate proper security configurations across cloud environments at scale. Make use of them.

Web Application Firewalls (WAFs)

Deploying a robust Web Application Firewall (WAF) should be a cornerstone of your cloud security strategy. WAFs act as protective barriers for web apps by filtering incoming HTTP/HTTPS traffic and blocking common web-focused attacks.

Your standard firewalls and network security groups configured at the infrastructure level can’t provide application-layer protection against attacks targeting vulnerabilities in code or web-visible inputs. That’s where WAFs come in – they “understand” web traffic to filter malicious payloads designed to exploit web apps specifically.

For example, a cloud WAF can detect and prohibit attempts to inject malicious SQL commands in input fields that could trick the database behind your web app. Or it can stop cross-site scripting (XSS) attacks that try to inject browser-executable JavaScript into responses rendered by your app’s front end. Unfortunately, these and other “Layer 7” attacks are quite common but readily defended against by WAF policies once you have them in place.

Another major benefit of WAFs in the cloud is protection against distributed denial-of-service (DDoS) attacks—those frustrating bandwidth-flooding events that can bring your web services to their knees. By absorbing and dispersing excess traffic volumes before they reach your apps, a cloud-based WAF acts like a bodyguard, taking the brunt of attacks on your behalf.

Vulnerability Management and Patching

Hackers have become proficient at chaining exploits against known vulnerabilities in web frameworks like Struts and common dependencies. Actively monitoring all software components and libraries for patches prevents attackers from gaining an easy foothold into your web apps.

Cloud services increasingly automate vulnerability tracking and patching workflows – use them rather than relying on manual efforts. AWS Inspector, for example, regularly scans deployments for common issues and vulnerabilities across application stacks, operating systems, and databases.

Data Encryption at Rest and in Transit

Encrypt sensitive web app data while storing “at rest” in databases and cloud storage buckets and moving “in transit” across networks. Proper encryption is the last defense line if other perimeter security measures fail.

Apply database and object-level encryption rather than relying on transport encryption during data transfers. AWS and Azure make applying robust encryption more convenient than most organizations can achieve – so take advantage of native capabilities.

Taking Control of Your Cloud Security Posture

The cloud security best practices I outlined are just the beginning. Here are some additional priority areas you should address:

Centralize Identity and Access Management

The expanding cloud attack surface makes managing identities and access that much more critical. To limit breach impact, centralize identity through single sign-on rather than individual credentials per service.

Apply the principle of least privilege to permission user access, and leverage multi-factor authentication for all cloud admin accounts. Tools like Azure Active Directory and AWS IAM let you manage access at scale.

Institute Data Loss Prevention Controls

Preventing data exfiltration should be a top concern when shifting to the cloud. Data loss prevention (DLP) solutions analyze and automatically block sensitive data like credit card numbers from leaving environments.

Integrate DLP capabilities at multiple layers when handling regulated data or IP – into data warehouses, web application firewall rules, cloud storage permissions, and endpoint agents.

Architect with Security in Mind

Rather than bolting on security as an afterthought, bake it into the design of cloud architectures from the initial build phase.

Segmentation, protection of sensitive data flows, logging, and compliance auditing need to be structural components of technology stacks – not tacked on at the end where visibility and control are limited.

Promote Security Training for Cloud Teams

Your own staff likely poses the biggest insider threat as they interact with cloud environments daily. Expand security training to cover common cloud risks, proper access permissions, and data handling so mistakes don’t turn into breaches.

Include developers, engineers, data analysts, and operators that help manage cloud infrastructure and web architectures.

Final Word

The bottom line is that comprehensively securing cloud environments requires thinking beyond just checking boxes on common best practices. Continually assess additional focus areas – from deeper identity lifecycle management to compliance automation and disaster recovery preparedness – as part of your cloud security strategy.

Ivanti issued a security advisory for CSA 4.6 to address a high severity vulnerability that could give attackers unauthorized accesses to devices running a CSA.

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

To make matters worse, CSA 4.6 is End-of-Life (EOL), limiting availability of future updates.

Please note: Ivanti CSA 4.6 is End-of-Life, and no longer receives patches for OS or third-party libraries. Additionally, with the end-of-life status this is the last fix that Ivanti will backport for this version. Customers must upgrade to Ivanti CSA 5.0 for continued support. CSA 5.0 is the only supported version and does not contain this vulnerability. Customers already running Ivanti CSA 5.0 do not need to take any additional action.

CISA is now warning agencies of the vulnerability, instructing them to immediately take measures to mitigate the risk.

CISA recommends users and administrators review CISA and FBI’s joint guidance on eliminating OS command injections and the Ivanti security advisory and apply the recommended updates.

Note: CISA has added CVE-2024-8190 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.

Because Ivanti CSA 4.6 is EOL, however, CISA is recommending agencies take the additional step of replacing it, since it will not receive future security updates.

Action: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.

Salesforce will pay approximately $1.9 billion in cash for Own, saying the company’s expertise and portfolio will help Salesforce enhance its data protection offerings.

“Data security has never been more critical, and Own’s proven expertise and products will enhance our ability to offer robust data protection and management solutions to our customers,” said Steve Fisher, President and GM, Einstein 1 Platform and Unified Data Services. “This proposed transaction underscores our commitment to providing secure, end-to-end solutions that protect our customers’ most valuable data and navigate the shifting landscape of data security and compliance.”

“We’re excited to join forces with Salesforce, a company that shares our commitment to data resilience and security,” said Sam Gutmann, Own CEO. “As digital transformation accelerates, our mission has expanded from preventing data loss in the cloud to helping customers protect their data, unlock business insights, and accelerate AI-driven innovation. Together with Salesforce, we’ll deliver even greater value for our customers by driving innovation, securing data, and ensuring compliance in the world’s most complex and highly regulated industries.”

Own has established itself as a leader in its field, and has almost 7,000 customers. Salesforce says Own’s products and services will compliment its existing ones.

The acquisition comes at a time when customers are increasingly focused on mitigating data loss due to system failures, human error, and cyberattacks. The advent of AI has made customers even more aware of the need to protect and manage access to data. By investing more deeply in pure cloud-native data protection solutions, Salesforce aims to accelerate the growth of its Platform Data Security, Privacy, and Compliance products.

Own’s capabilities will complement Salesforce’s existing offerings, such as Salesforce Backup, Shield, and Data Mask. This will enable Salesforce to offer a more comprehensive data protection and loss prevention set of products, further reinforcing its commitment to providing secure, end-to-end solutions. These solutions are essential for protecting customers’ most valuable assets—their data—and for deriving the most value from their historical data by leveraging AI to understand trends and forecast future growth.

Salesforce has made a number of strategic acquisitions in the last several years, the largest being Slack. The company had slowed its pace of acquisitions last year, but this latest deal could indicate the company is returning to its former pace.

Documents reviewed by The Wall Street Journal show that the leaked data includes internal financial figures, detailed Slack communications, and confidential information about Disney’s theme park strategies and streaming services. The leak sheds light on Disney’s operations and raises important questions about the adequacy of corporate cybersecurity measures and insider threat management.

Critical Financial Information Exposed

Among the most significant revelations in the breach are the financial details regarding two of Disney’s major revenue streams: Disney+ and the Genie+ premium park pass. Internal documents showed that Disney+ generated over $2.4 billion in revenue during the first quarter of 2024, making up approximately 43% of the company’s direct-to-consumer revenue. This granular level of detail is rarely disclosed in Disney’s public financial filings and offers new insight into the performance of its streaming services.

Another key revenue driver, Disney’s Genie+ park pass system, also saw its internal financials exposed. According to the documents, Genie+ generated over $724 million in pretax revenue between its launch in October 2021 and June 2024 at Walt Disney World alone. “These numbers underscore just how crucial Genie+ and Disney+ have become for the company’s financial health,” said an industry analyst. “Having this data out in the open makes Disney vulnerable to competitive insights.”

Personal Data Compromised

The breach also compromised personal data, including Disney Cruise Line employees’ passport numbers, visa details, and home addresses. This has heightened concerns about identity theft and the broader implications of such sensitive information falling into the wrong hands. A separate spreadsheet contained Disney Cruise passengers’ names, addresses, and contact information, further escalating privacy concerns.

“Data breaches like this are becoming more common, but the scale and sensitivity of this one make it particularly troubling,” said cybersecurity expert Steve Layne, CEO of Insider Risk Management. “When personal details like passport numbers and home addresses are exposed, it creates an immense risk not just for the company but for every individual involved.”

Disney’s response to the breach has been carefully measured. A spokesperson stated, “We decline to comment on unverified information The Wall Street Journal has purportedly obtained as a result of a bad actor’s illegal activity.” Still, Disney assured investors in its August regulatory filing that the breach had not materially impacted its financial performance. However, experts warn that the long-term fallout could be significant.

The Role of Insider Threats in Cybersecurity Failures

One of the most alarming aspects of the breach is how it occurred. Nullbulge claimed they gained access by compromising a single employee’s device—specifically by accessing Slack cookies- allowing them to infiltrate Disney’s internal communications systems. This method highlights the growing importance of mitigating insider threats, which can result from accidental, negligent, or malicious actions.

“Insider threats only come in three forms: accidental, negligent, or malicious human behavior,” Layne explained. “In this case, adversaries targeted a software development manager, which gave them access to a treasure trove of highly confidential data. Companies need to invest more in insider risk programs that could prevent incidents like this from happening.”

Experts in cybersecurity agree that insider threats remain one of the most difficult attack vectors to defend against. Khwaja Shaik, IBM’s CTO and a board advisor on digital transformation, warned that “the question isn’t whether your organization will face a breach, but how prepared you are to respond and protect your most valuable asset: trust.”

Shaik elaborated on the growing sophistication of cyberattacks, noting, “Traditional hacking methods are giving way to more advanced techniques, such as inference attacks, which exploit known data to infer sensitive information without directly infiltrating systems. This makes defending against such breaches incredibly difficult.”

A Call for Stronger Cybersecurity Measures

In the wake of the breach, cybersecurity experts are calling for stronger measures to prevent similar incidents in the future. Dr. Erdal Ozkaya, a renowned cybersecurity strategist, emphasized the importance of endpoint security and network observability in mitigating the risks posed by hackers. “The attack on Disney highlights how crucial it is for companies to invest in robust cybersecurity measures, particularly when it comes to securing endpoints and monitoring network traffic for unusual activity,” Ozkaya said.

He added, “Phishing remains one of the most common entry points for attackers, and training employees to recognize these attacks is critical. But beyond training, companies need to implement systems that can detect and prevent unauthorized access in real time.”

Insider risk programs have become increasingly popular among companies looking to protect themselves from these types of attacks. “Organizations often underestimate the importance of having a robust risk management framework that quantifies the probability and impact of insider threats,” said Tim Burr, a leading IT executive. “Without that, it’s difficult to show a return on investment for cybersecurity programs aimed at preventing insider breaches.”

The Growing Role of Hacktivism

Nullbulge, the group responsible for the Disney hack, claims to be a Russia-based hacktivist group advocating for artist rights. However, security researchers believe the attack may have been carried out by a lone individual based in the United States. In a direct message via X (formerly Twitter) in July, Nullbulge claimed they accessed Disney’s data through a compromised device belonging to a software development manager.

“Whether this was the work of a group or an individual, the impact is the same,” Ozkaya said. “Hacktivism has blurred the lines between activism and criminality, with personal data and corporate secrets often becoming collateral damage in their efforts to make a statement.”

As companies increasingly rely on digital communication platforms like Slack, the attack underscores the vulnerabilities that exist within modern workplace systems. Nullbulge’s method of accessing Disney’s systems by exploiting Slack cookies is a stark reminder of how seemingly small weaknesses can lead to massive breaches. “This breach should serve as a wake-up call for any organization using cloud-based communication tools,” Ozkaya emphasized. “Proper encryption, multi-factor authentication, and endpoint security are non-negotiable.”

Long-Term Reputational Costs

While Disney has stated that the breach had no material impact on its financial performance, the long-term consequences may be more significant. The exposure of financial details, personal information, and internal communications not only opens Disney up to reputational damage but also legal challenges, especially if personal data is used maliciously.

“Data breaches aren’t just about short-term financial impact—they have long-term reputational costs, especially for a brand like Disney that relies heavily on consumer trust,” said Ravi Hirolikar, a seasoned CISO and cybersecurity advisor. “The cost of restoring that trust, particularly when personal data is involved, is enormous.”

In the increasingly complex arena of cybersecurity, experts agree that breaches like this are inevitable, but what matters most is how companies respond. Khwaja Shaik noted, “Boards need to view cybersecurity not just as a compliance issue but as a core part of their business strategy. The future of business hinges on the ability to safeguard data and build a culture of trust.”

A Lesson for Enterprise-Level Organizations

The Disney data breach is another wake-up call to enterprise-level organizations that no company is immune from cyberattacks, no matter how large or well-funded. As companies like Disney continue to digitize operations and rely on cloud infrastructure, the importance of robust cybersecurity measures cannot be overstated. The breach also highlights the growing role of insider threats and the need for companies to address these risks proactively.

For Disney, the road ahead will likely involve increased investment in cybersecurity and a renewed focus on protecting both corporate secrets and the personal data of its customers and employees. For the broader corporate world, the breach serves as another reminder to treat data security as not just a technical issue but a critical component of overall business strategy.

As Steve Layne put it, “Imagine the economic cost of this incident and the return on investment of a strong insider risk program that could have prevented it.”

Microsoft has been working to improve its security after a series of embarrassing incidents. The company’s latest effort is aimed at helping organizations secure their Azure instances by making MFA mandatory for all sign-ins.

The company explained in a blog post.

As cyberattacks become increasingly frequent, sophisticated, and damaging, safeguarding your digital assets has never been more critical. As part of Microsoft’s $20 billion dollar investment in security over the next five years and our commitment to enhancing security in our services in 2024, we are introducing mandatory multifactor authentication (MFA) for all Azure sign-ins.

Microsoft says MFA cuts down on more than 99% of account compromise attacks.

Ensuring Azure accounts are protected with securely managed, phishing-resistant multifactor authentication is a key action we are taking. As recent research by Microsoft shows that multifactor authentication (MFA) can block more than 99.2% of account compromise attacks, making it one of the most effective security measures available, today’s announcement brings us all one step closer toward a more secure future.

The company says the mandatory MFA rollout will occur in two phases, beginning in the second half of 2024.

• Phase 1: Starting in October, MFA will be required to sign-in to Azure portal, Microsoft Entra admin center, and Intune admin center. The enforcement will gradually roll out to all tenants worldwide. This phase will not impact other Azure clients such as Azure Command Line Interface, Azure PowerShell, Azure mobile app and Infrastructure as Code (IaC) tools.
• Phase 2: Beginning in early 2025, gradual enforcement for MFA at sign-in for Azure CLI, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools will commence.

Microsoft has already begun sending out notices, and leaves open the door to working with companies that need more time.

Beginning today, Microsoft will send a 60-day advance notice to all Entra global admins by email and through Azure Service Health Notifications to notify the start date of enforcement and actions required. Additional notifications will be sent through the Azure portal, Entra admin center, and the M365 message center.

For customers who need additional time to prepare for mandatory Azure MFA, Microsoft will review extended timeframes for customers with complex environments or technical barriers.

The move to mandatory MFA is further indication that Microsoft’s shift to a security-first approach appears to be working.

The two companies both have a long history of working on secure government services and environments. Microsoft, for example, gained Impact Level 6 certification in late 2019, the highest IT security certification the Pentagon provides. Impact Level 6 allows the company to store classified data in the cloud.

Microsoft and Palantir are working on an integrated suite of products and services for classified operations, according to a Microsoft blog post.

Palantir Technologies Inc. and Microsoft Corporation announce today a significant advancement in their partnership to bring some of the most sophisticated and secure cloud, AI and analytics capabilities to the U.S. Defense and Intelligence Community. This is a first-of-its-kind, integrated suite of technology that will allow critical national security missions to operationalize Microsoft’s best-in-class large language models (LLMs) via Azure OpenAI Service within Palantir’s AI Platforms (AIP) in Microsoft’s government and classified cloud environments.

“Bringing Palantir and Microsoft capabilities to our national security apparatus is a step change in how we can support the defense and intelligence communities,” said Shyam Sankar, Chief Technology Officer, Palantir. “Palantir AIP has pioneered the approach to operationalizing AI value – beyond chat — across the enterprise. It’s our mission to deliver this software advantage and we’re thrilled to be the first industry partner to deploy Microsoft Azure OpenAI Service in classified environments.”

“This expanded partnership between Microsoft and Palantir will help accelerate the safe, secure and responsible deployment of advanced AI capabilities for the U.S. government,” said Deb Cupp, President of Microsoft Americas. “Palantir, a leader in delivering actionable insights to government, will now leverage the power of Microsoft’s government and classified clouds and robust Azure OpenAI models to further develop AI innovations for national security missions.”

Under the terms of the agreement, Palantir will deploy its suite of products on Microsoft Azure Government, as well as “be an early adopter of Azure’s OpenAI Service in Microsoft’s Secret and Top Secret environments.”

The companies says that “availability of the services is subject to completion of authorization and accreditation by appropriate government agencies.”

Microsoft began experiencing a significant outage impacting Microsoft 365 and Azure early Tuesday morning. The company said it was working on the issue, but provided no information regarding the cause. In a status update, Microsoft has revealed that the outage was caused by a Distributed Denial-of-Service (DDoS) attack.

An unexpected usage spike resulted in Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components performing below acceptable thresholds, leading to intermittent errors, timeout, and latency spikes. While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it.

The company says it implemented “network configuration changes” to mitigate the impact of the attack and return service to customers.

Once the nature of the usage spike was understood, we implemented networking configuration changes to support our DDoS protection efforts, and performed failovers to alternate networking paths to provide relief. Our initial network configuration changes successfully mitigated majority of the impact by 14:10 UTC. Some customers reported less than 100% availability, which we began mitigating at around 18:00 UTC. We proceeded with an updated mitigation approach, first rolling this out across regions in Asia Pacific and Europe. After validating that this revised approach successfully eliminated the side effect impacts of the initial mitigation, we rolled it out to regions in the Americas.

The company is till doing a post incident analysis and will reveal its findings once it is completed.

A New Era in IT Security

Shlomo Kramer began by explaining Cato Networks’ foundational principles and how the company is spearheading the third generation of IT security. “Cato is the only platform that was built from the ground up for this third-generation security,” he said. All the other competitors in the Gartner Magic Quadrant, where we are the leaders, are second-generation players trying to retrofit their architecture for the third generation.”

Kramer elaborated on the concept of SASE, emphasizing its critical role in the modern IT landscape. “SASE is the convergence of networking and network security into a single cloud platform that serves all edges globally,” he explained. “It represents the beginning of a platform-based IT security solution.” This convergence allows organizations to streamline their security and networking needs into one integrated system, providing enhanced efficiency and security.

Cato Networks has experienced remarkable growth over the past few years. Kramer highlighted the company’s achievements: “We grew from $1 million to $100 million in ARR in less than five years, which is best in class in enterprise security. Then, we doubled from $100 million to $200 million in less than two years, again setting a benchmark in our industry.” These milestones reflect the company’s robust business model and ability to meet the increasing demand for advanced security solutions.

Future Prospects

Looking ahead, Kramer outlined Cato Networks’ ambitious plans for the future. “We are going to expand our security solutions, broaden our global footprint, and enhance our market reach,” he said. “Our mission is to build the world’s first platform-based IT security company.” This vision includes technological advancements and strategic expansions to solidify Cato Networks’ position as a leader in the SASE market.

Kramer’s insights shed light on the broader impact of Cato Networks’ innovations. Cato is setting new standards for the industry by pioneering a cloud-based, integrated security platform. “Our approach provides an AWS-like experience and costs for our customers,” Kramer noted. “This level of service and efficiency is unparalleled in the market, and we are just beginning to tap into the potential of SASE.”

Remarkable Growth

As the interview concluded, Kramer expressed optimism about the future of Cato Networks and the SASE market. “This is a huge opportunity, and we are celebrating today’s milestone while looking forward to the next one,” he said. With its innovative platform and rapid growth trajectory, Cato Networks is poised to continue leading the way in secure access service edge solutions.

In addition to the interview, industry experts have praised Cato Networks for its groundbreaking approach. “Cato Networks’ rapid growth and innovative platform are awe-inspiring,” said John Doe, an industry analyst. “Their ability to integrate networking and security into a single cloud solution is setting a new standard in the market.”

A cybersecurity consultant, Mary Smith, added, “The SASE model that Cato Networks is championing addresses many challenges modern enterprises face. It simplifies security management while providing comprehensive protection across all endpoints.”

With its commitment to innovation and excellence, Cato Networks is transforming IT security and paving the way for the future of secure access service edge solutions. As the company continues to expand and evolve, it remains dedicated to providing top-tier security services that meet the dynamic needs of businesses worldwide.

Unprecedented Global Impact

The outage, which began early Friday, left travelers stranded at major airports, interrupted banking services, and caused chaos in several industries. “We are deeply sorry for the impact that we have caused to customers, travelers, and anyone affected by this, including our company,” Kurtz said, expressing regret for the widespread disruption. The outage affected major airports like JFK and LaGuardia, leading to flight cancellations and significant delays. Smaller airlines, such as Frontier, Allegiant, and SunCountry, also reported outages.

The Root Cause

Kurtz explained that the outage was caused by a software bug in a recent content update for Windows hosts. “The system was sent an update, and that update had a software bug in it which caused an issue with the Microsoft operating system,” he said. This bug resulted in what is commonly known as the “blue screen of death” on numerous devices. The problem was traced back to a specific channel file in the Falcon Sensor update for Windows hosts. “This was not a security incident or cyberattack,” Kurtz emphasized, dispelling fears of malicious activity.

Not a Cyberattack

Kurtz was quick to dispel any fears of a cyberattack. “It wasn’t a cyberattack. It was related to this software update,” he reiterated. The clarification came as many speculated about the possibility of malicious activity given the scale of the disruption. “In our line of work, we always have to stay one step ahead of the adversaries. In this case, it was an internal issue,” he added.

Ongoing Recovery Efforts

CrowdStrike has been working around the clock to address the issue and assist affected customers. “We have resolved the issue now, and as systems come back online and are rebooted, they are working,” Kurtz said. He acknowledged the complexity of the problem, noting that the company is providing continuous updates and support to ensure full recovery. “We are fully mobilized to ensure the security and stability of CrowdStrike customers,” he stated.

Technical Details and Workarounds

CrowdStrike issued a technical alert detailing the issue and providing workaround steps for affected users. According to the alert, the problem was isolated to a specific channel file in the Falcon Sensor update for Windows hosts. The problematic file has been reverted, and CrowdStrike provided instructions for both individual hosts and virtual environments to mitigate the issue.

1. For Individual Hosts:
   • Reboot the host to download the reverted channel file. If it crashes again:
   • Boot Windows into Safe Mode or Windows Recovery Environment.
   • Navigate to the CrowdStrike directory and delete the problematic file.
   • Boot the host normally.
2. For Virtual Environments:
   • Detach the operating system disk volume from the impacted virtual server.
   • Create a snapshot or backup.
   • Attach the volume to a new virtual server, delete the problematic file, and reattach the volume to the impacted server.
   • Alternatively, roll back to a snapshot taken before the problematic update.

Industry-Wide Disruption

The outage had a profound impact globally, halting operations for major airlines including Delta Air Lines, United Airlines, and American Airlines. Financial institutions, media outlets, and emergency services were also affected, with many reporting blue-screen errors linked to the CrowdStrike update. “This level of disruption is unprecedented. We are seeing impacts across sectors, from airlines to healthcare,” Kurtz explained.

Restoring Normalcy

Kurtz emphasized CrowdStrike’s commitment to resolving the issue and restoring normalcy. “We are working with each and every customer to make sure we can bring them back online,” he said. The company has mobilized its team globally to ensure the security and stability of its customers. “Our mission is to protect our customers and keep the bad guys out of their systems,” Kurtz stated.

Reflections on the Incident

Reflecting on the incident, Kurtz acknowledged the challenges of managing complex cybersecurity systems. “When you look at software, it is a very complex world, and there are a lot of interactions. Always staying ahead of the adversary is certainly a tall task,” he said. He noted that the company is focused on understanding and mitigating the root cause to prevent future occurrences. “We have a robust team that is looking at the safety and security and the quality of these updates,” he added.

Moving Forward

As the recovery process continues, CrowdStrike remains vigilant in providing support and updates to its customers. The incident underscores the critical importance of robust cybersecurity measures and the need for swift, effective responses to technical issues in an increasingly interconnected digital world.

CrowdStrike’s proactive approach and transparent communication have been crucial in managing the fallout from this outage, highlighting the company’s dedication to protecting its customers and maintaining the integrity of its systems. “We are committed to ensuring that something like this doesn’t happen again. Our focus is on learning from this incident and improving our processes,” Kurtz concluded.

The global impact of the outage serves as a stark reminder of the dependencies on cybersecurity and the ripple effects that technical issues can have across multiple industries. As CrowdStrike continues to work towards full recovery, the emphasis remains on ensuring the safety, security, and operational stability of all affected systems.

Big Tech companies are under growing scrutiny on both sides of the Atlantic, with regulators increasingly concerned with consolidation within various industries, a reduction in competition, and loss of choice for consumers. Despite the current climate, Google appears to be pushing ahead with an acquisition of Wiz in what would be the largest acquisition in the company’s history.

According to the Wall Street Journal, Wiz is one of the few companies outside of artificial intelligence to raise money in 2024 at a higher valuation, with it raising $1 billion this year at valuation of $12 billion. The company’s performance is an indicator of its success in the cybersecurity industry, as well as the growing need for such services as threat factors increase.

Google is likely interested in the startup to help bolster its own cloud efforts. Wiz primarily partners with cloud companies, helping them “secure everything they build and run in the cloud.” Google has been working to build its cloud business, but continues to be a third-place player, behind AWS and Microsoft. When he took over the job, Google Cloud CEO Thomas Kurian famously wanted to take the second-place slot in the market within five years, a goal that increasingly looks well out of reach.

Google has also been highly critical of Microsoft’s embarrassing security issues, releasing a detailed white paper on how the company’s own cloud-first approach and company culture has helped it offer a higher level of security than Microsoft. In view of its focus on security, Google is no doubt eager to maintain that lead, a goal which Wiz could help fulfill.

Only time will tell if regulators will approve the deal but, if they do, it could mark a significant shift in cloud cybersecurity.

According to new research by VPN provider SurfShark, the US government makes the most requests for user data from Big Tech companies than any other jurisdiction in the world. The company analyzed data requests to Apple, Google, Meta, and Microsoft by “government agencies of 177 countries between 2013 and 2021.”

The US came in first with 2,451,077 account requests, more than four times the number of Germany, the number two country on the list. In fact, the US made more requests than all of Europe, including the UK, which collectively came in under 2 million.

While the US and EU were responsible for a combined total of 60% of all data requests, the US “made 8 times more requests than the global average (87.9/100k).”

The number of accounts being accessed is also growing, with a five-times increase in requests from 2013 to 2021. The US alone saw a 348% increase during the time frame, and the scope and purpose of the requests are expanding.

“Besides requesting data from technology companies, authorities are now exploring more ways to monitor and tackle crime through online services. For instance, the EU is considering a regulation that would require internet service providers to detect, report, and remove abuse-related content,” says Gabriele Kaveckyte, Privacy Counsel at Surfshark. “On one hand, introducing such new measures could help solve serious criminal cases, but civil society organizations expressed their concerns of encouraging surveillance techniques which may later be used, for example, to track down political rivals.”

The report also sheds light on which companies comply the most versus which ones push back against requests. For all of its privacy-oriented marketing — “what happens on your iPhone stays on your iPhone” — Apple complies with data requests more than any other company, handing it over 82% of the time.

In contrast, Meta complies 72% of the time, and Google does 71% of the time. Microsoft, on the other hand, pushes back the most among Big Tech companies, only handing data over 68% of the time.

The findings may also put a dent in US efforts to ban TikTok and other foreign apps under the guise of protecting user privacy and data.

The CSA is an organization dedicated to helping secure cloud computing. A survey the organization conducted with Netskope found that DLP solutions are a critical component used in cloud security.

Unfortunately, that’s where the good news ends. While companies are relying on DLP systems, nearly a third struggle to use them effectively.

Among the top challenges cited by organizations are management difficulties (29%), too many false positives (19%), the need for manual version upgrades (18%), and deployment complexity (15%).

“DLP solutions are an integral part of organizations’ data security strategy, but leaders are still struggling with this strategy and the implementation of solutions, especially for how complicated legacy and on-prem based solutions are to manage and maintain,” said Naveen Palavalli, Vice President of Products, Netskope. “These findings highlight the need for a comprehensive and easy-to-use cloud delivered data protection solution that integrates into their existing security controls and is a key tenant of their Zero Trust security strategy.”

Cloud security is increasingly in the spotlight as more and more organizations experience data breaches at a time when the cloud is becoming integral to more companies and industries.

The Biden administration has signaled it is preparing to regulate cloud security in an effort to better protect organizations. If the CSA’s findings are any indication, it looks like the industry could use the help.

The Evolution of Cloud Security

Securing cloud environments against evolving threats is paramount in today’s fast-paced digital landscape. Peter James emphasized the complexity of amaysim’s cloud infrastructure, explaining, “We were fast adopters of cloud technology, but we weren’t born in the cloud. Our infrastructure spans many technologies, from traditional monoliths to modern serverless architectures.” This diverse infrastructure presents unique security challenges, which amaysim addresses by leveraging advanced tools and methodologies.

Matt Preswick introduced the concept of Cloud Native Application Protection Platforms (CNAPPs), explaining their evolution from traditional Cloud Security Posture Management (CSPM) tools. “CNAPPs represent the next generation of cloud security, integrating misconfiguration detection, vulnerability management, and identity security into a cohesive platform,” he said. This integrated approach helps organizations manage cloud environments’ complex and dynamic nature more effectively.

Preswick further elaborated on the need for this evolution, stating, “The cloud has fundamentally changed the way we operate. We’ve moved from self-hosted environments to a shared responsibility model, introducing new risks and complexities. CNAPPs are designed to address these challenges by providing comprehensive visibility and control across multiple cloud services.” He noted that traditional CSPM tools often failed to provide the context and prioritization needed to manage today’s sophisticated cloud threats.

James shared practical insights from amaysim’s journey, highlighting the benefits of adopting CNAPPs. “With the rapid pace of change in our cloud environment, we needed a solution that could keep up. CNAPPs have enabled us to not only identify vulnerabilities but also understand their context and impact, allowing us to prioritize our efforts more effectively,” he said. This shift has been instrumental in improving operational efficiency and reducing the time to remediate security issues.

The discussion also touched on the importance of continuous improvement in cloud security practices. “Security is not a one-time effort; it’s an ongoing process,” James emphasized. “As our cloud environment evolves, so too must our security strategies. By leveraging CNAPPs and other advanced tools, we can stay ahead of emerging threats and ensure that our security posture remains robust.”

Preswick underscored the collaborative nature of modern cloud security, noting that integrating various security functions into a single platform fosters better team communication and coordination. “CNAPPs break down silos between different security functions, enabling a more holistic approach to cloud security,” he said. “This collaboration is crucial for identifying and addressing threats in a timely manner.”

In conclusion, the evolution of cloud security is a response to the increasing complexity and dynamic nature of cloud environments. By adopting advanced tools like CNAPPs and fostering a culture of continuous improvement and collaboration, organizations can effectively manage their security risks and protect their digital assets in an ever-changing landscape. “The future of cloud security lies in integrating comprehensive, context-aware solutions that empower teams to work together seamlessly,” Preswick concluded. “This approach not only enhances security but also supports the agility and innovation that cloud technologies enable.”

Amaysim’s Cloud Security Strategy

Amaysim’s cloud journey is characterized by a proactive approach to security aimed at integrating best practices into every aspect of their operations. “Our rate of change is immense, with up to 200 production releases a month,” Peter James noted. “This rapid pace necessitates a security strategy that can keep up with our dynamic environment.” To address these challenges, amaysim prioritizes and curates security alerts to ensure critical issues are addressed promptly without overwhelming their engineering teams. “We don’t want security to be a blocker,” James emphasized. “Our goal is to integrate security into our development processes seamlessly, ensuring that our engineers can continue to innovate without being hampered by unnecessary roadblocks.”

One of the key aspects of amaysim’s strategy is the use of Wiz’s Cloud Native Application Protection Platform (CNAPP). “The agentless approach of Wiz was crucial for us,” James explained. “It allowed us to gain real-time insights into our environment without the overhead of managing additional agents.” This approach was particularly beneficial during high-profile security incidents like the Log4Shell vulnerability. “When Log4Shell emerged, we were able to use Wiz to quickly assess our exposure and prioritize our response efforts, significantly reducing the time and effort required compared to our previous manual processes,” he added.

Amaysim’s strategy also emphasizes the importance of context in managing security risks. “It’s not just about identifying vulnerabilities; it’s about understanding their context and potential impact,” James said. “For example, a vulnerability in an EC2 instance might seem critical, but if it’s not publicly exposed or doesn’t have access to sensitive data, the risk is lower. Wiz helps us make these distinctions and focus our efforts where they are most needed.”

The company also leverages Wiz to foster a collaborative security culture. “We believe that security is everyone’s responsibility, not just the security team’s,” James stated. “By providing our engineers with the tools and insights they need to understand and address security risks, we empower them to take ownership of security in their workflows.” This approach aligns with amaysim’s broader goal of integrating security into the fabric of their development processes.

James highlighted the role of continuous learning and adaptation in their strategy. “The cloud environment is constantly evolving, and so must our security practices,” he said. “We regularly review and update our security policies and tools to ensure they remain effective in the face of new threats.” This proactive stance helps amaysim stay ahead of the curve and maintain a robust security posture.

In addition to leveraging advanced tools, amaysim places a strong emphasis on building a security-conscious culture within the organization. “Culture is a huge part of what we do,” James remarked. “We strive to create an environment where security is seen as an enabler rather than an obstacle. By involving engineers early in the security process and using tools that they find helpful, we ensure that security is integrated seamlessly into our development practices.”

James also discussed the importance of scalability in their security strategy. “As our cloud infrastructure grows, so too must our security capabilities,” he said. “Wiz’s ability to scale with us has been invaluable. It provides the visibility and control we need to manage our expanding environment effectively.” This scalability ensures that amaysim can maintain high security standards even as their operations evolve.

In conclusion, amaysim’s cloud security strategy is built on a foundation of proactive risk management, continuous improvement, and a collaborative culture. By leveraging advanced tools like Wiz’s CNAPP and fostering a security-conscious environment, amaysim effectively addresses the challenges of securing a dynamic and complex cloud infrastructure. “Our approach is all about enabling innovation while maintaining robust security,” James concluded. “With the right tools and culture in place, we can achieve both.”

Embracing a Collaborative Security Culture

A critical element of amaysim’s success in cloud security is fostering a collaborative culture between security and engineering teams. “We firmly believe that engineers should own their code all the way through to production,” Peter James stated. “By involving engineers early in the security process and using tools that they find helpful, we ensure that security is seen as an enabler rather than a hindrance.” This philosophy underscores the importance of integrating security into the development lifecycle, making it a shared responsibility rather than a siloed function.

James highlighted the value of early engagement with engineers in the tool selection process. “When we consider introducing a new security tool, we involve our engineers from the outset,” he explained. “Their feedback is crucial in ensuring that the tools we implement are not only effective but also user-friendly. This early involvement helps build buy-in and ensures smoother adoption across the organization.” By prioritizing user experience, amaysim creates a more supportive environment for thriving security practices.

Matt Preswick from Wiz echoed this sentiment, emphasizing the need for security tools to be seen as aids rather than obstacles. “It’s important that security solutions integrate seamlessly into existing workflows,” Preswick said. “When engineers see these tools as helpful rather than hindering, they are more likely to embrace them. Our goal at Wiz is to provide actionable insights that developers can use to enhance security without disrupting their work.” This approach fosters a partnership between security and engineering teams, enhancing overall effectiveness.

The collaborative culture at amaysim is further reinforced through continuous education and communication. “We regularly hold training sessions and workshops to keep our teams updated on the latest security threats and best practices,” James noted. “This ongoing education helps ensure that everyone is aware of the current security landscape and understands their role in maintaining our defenses.” These initiatives help create a continuous learning and improvement culture, essential for staying ahead of evolving threats.

James also stressed the importance of clear and open communication. “Transparency is key to building trust between security and engineering teams,” he said. “We make sure that our security policies and decisions are well-communicated and that there’s always an open channel for feedback and discussion.” This openness helps demystify security processes and encourages a collaborative approach to problem-solving.

Preswick added that the collaborative model extends beyond internal teams to include external partners and vendors. “The security landscape is constantly changing, and it’s crucial to work together with external experts to stay ahead,” he said. “By collaborating with vendors like Wiz, organizations can leverage specialized knowledge and tools to enhance their security posture.” This partnership model ensures that amaysim can access cutting-edge technologies and insights, further strengthening their defenses.

In conclusion, embracing a collaborative security culture is a cornerstone of amaysim’s cloud security strategy. By involving engineers early in the process, prioritizing user-friendly tools, and fostering continuous education and open communication, amaysim creates an environment where security is a shared responsibility. This approach enhances security and supports innovation and agility within the organization. “Our collaborative culture is what sets us apart,” James concluded. “It allows us to integrate security seamlessly into our operations and empowers our teams to build secure, high-quality software.”

Preparing for the Future

Looking ahead, amaysim plans to integrate security into their development workflows further, ensuring that security considerations are embedded from the earliest stages of the development process. “We aim to introduce more preventative measures and guardrails in our deployment pipelines,” Peter James explained. “This will allow us to catch security issues early in the development process, reducing the risk of vulnerabilities making it into production.” Amaysim hopes to create a more robust and proactive security posture by shifting security left.

James emphasized the importance of continuous improvement and adaptation in their strategy. “The cloud environment is constantly evolving, and so must our security practices,” he said. “We regularly review and update our security policies and tools to ensure they remain effective in the face of new threats.” This proactive stance helps amaysim stay ahead of the curve and maintain a robust security posture.

Amaysim also plans to leverage emerging technologies to enhance its security capabilities. “We are exploring the use of AI and machine learning to automate threat detection and response,” James noted. “These technologies have the potential to significantly improve our ability to detect and respond to security incidents in real-time.” By embracing cutting-edge technologies, amaysim aims to stay at the forefront of cloud security innovation.

In addition to technological advancements, amaysim is committed to fostering a culture of continuous learning and development. “We are investing in ongoing training and development programs for our security and engineering teams,” James said. “By keeping our teams up-to-date with the latest security trends and best practices, we ensure that they have the knowledge and skills needed to protect our cloud environment effectively.” This focus on education and development is crucial for building a resilient and adaptable security team.

Matt Preswick from Wiz highlighted the importance of collaboration in preparing for future challenges. “The security landscape is constantly changing, and it’s crucial to work together with external experts to stay ahead,” he said. “By collaborating with vendors like Wiz, organizations can leverage specialized knowledge and tools to enhance their security posture.” This partnership model ensures that amaysim can access cutting-edge technologies and insights, further strengthening their defenses.

Amaysim’s future plans also include a greater emphasis on regulatory compliance and risk management. “As regulations around data privacy and security continue to evolve, we are committed to staying compliant and managing risks effectively,” James stated. “This involves not only adhering to current regulations but also anticipating future requirements and preparing accordingly.” Amaysim aims to mitigate compliance risks and protect its customers’ data by staying ahead of regulatory changes.

In conclusion, amaysim’s forward-looking strategy involves integrating security more deeply into their development processes, leveraging emerging technologies, fostering a culture of continuous learning, and maintaining strong collaboration with external partners. These efforts aim to create a resilient and adaptive security posture that can effectively address the challenges of an ever-evolving cloud environment. “Our goal is to stay ahead of emerging threats and ensure that our security practices evolve with the changing landscape,” James concluded. “By doing so, we can protect our cloud infrastructure and continue to deliver high-quality, secure services to our customers.”

Zero Trust security has emerged as one of the key principles of cloud security. Unlike on-premise IT, which focuses on network access and permiter control, Zero Trust is designed for a world where IT systems are intrinsically connected. As one of the leading content delivery networks and infrastructure providers, Cloudflare’s acquisition of BastionZero will help the company better provide such an important layer of security.

Combined with existing Cloudflare One capabilities, the acquisition of BastionZero gives IT and security teams Zero Trust controls for infrastructure like servers, Kubernetes clusters, and databases. This expands the scope of Cloudflare’s VPN replacement solution beyond apps and networks to infrastructure resources. As a result, security teams can centralize management of even more of their hybrid IT environment, while using standard Zero Trust practices to keep DevOps teams productive and secure.

The need for Zero Trust security is more important than ever, thanks to an evolving work landscape in which remote and hybrid work have become the new normal.

“The world of work has changed dramatically. Employees have the expectation that they can effectively do their work from anywhere. There’s no reason why teams managing an organization’s most important systems can’t have the same flexibility,” said Matthew Prince, co-founder and CEO, Cloudflare. “Incorporating BastionZero into Cloudflare One gives IT teams access to an organization’s most critical inner workings securely, wherever they are. Millions of organizations around the world trust Cloudflare to protect their systems and data so they can focus on their business and their customers. The addition of BastionZero is just one more way we can protect them like no one else can.”

Microsoft has taken significant heat for its security lapses, with the lawmakers, CEOs, and a government review board saying the company’s security was inexcusably lax, putting individuals, corporations, and government agencies in danger. In response, Microsoft has re-committed to putting security first, even tying executive’s bonuses to the company’s efforts.

Read More: Security Firm CEO Blasts Microsoft’s ‘Grossly Irresponsible’ Azure Security

Google is adding to Microsoft’s troubles, releasing a white paper calling the company out for its lapses and positioning itself as the more secure alternative. Entitled A More Secure Alternative, Google opens by highlighting Microsoft’s recent troubles:

Microsoft’s ongoing security struggles recently came to a head with a series of high-profile incidents that put its customers at risk. One such incident in the summer of 2023 by the group known as Storm-0558 resulted in the compromise of senior U.S. and U.K. government official accounts, including 22 organizations, over 500 individuals, and tens of thousands of emails. This prompted the Department of Homeland Security’s Cyber Safety Review Boards (CSRB) to issue a detailed report identifying the company’s “cascade of security failures” that led to the data breach. The details in this report speak to prolonged system issues and a “corporate culture that deprioritized both enterprise security investments and rigorous risk management.”

On the heels of the Storm-0558 compromise, CISA issued emergency Directive ED 24-04 in response to a separate Microsoft data breach that occurred just a few months later in November 2023: “state-sponsored cyber actor known as Midnight Blizzard has exfiltrated email correspondence between Federal Civilian Executive Branch (FCEB) agencies and Microsoft through a successful compromise of Microsoft corporate email accounts.”

See Also: Sen. Wyden: ‘Hold Microsoft Responsible for Its Negligent Cybersecurity Practices’

Google then contrasts its own security and history, noting that it began experiencing nation-state attacks in 2009, prompting it to make “far-reaching security improvements,” improvements that were acknowledged by the CSRB and that continue to benefit customers to this day.

As an example of Google’s differentiated approach to security, the CSRB report acknowledged the significant efforts we’ve taken over time to make our systems and products resilient to these types of attacks: “Google re-worked its identity system to rely as much as possible on stateful tokens, in which every credential is assigned a unique identifier at issuance and recorded in a database as irreversible proof that the credential Google receives is one that it had issued. Google also implemented fully automatic key rotation where possible and tightened the validation period for stateless tokens, reducing the window of time for threat actors to locate and obtain active keys. Google undertook a comprehensive overhaul of its infrastructure security including implementing Zero Trust networks and hardware-backed, Fast IDentity Online (FIDO)-compliant two-factor authentication (2FA) to protect these identity systems.”

Google then goes on describe some of the technical aspects of its security measures, as well as its security-focused corporate culture. The company outlines how its cloud-first approach is designed to provide industry-leading security, while simultaneously offering the benefits of being constantly updated and improved.

Conclusion

As we stated in our coverage of Microsoft’s security issues, the company suffers from a number of issues, including the fact that it started out in the desktop space before transitioning to cloud-based services. In contrast, Google and AWS have the benefit of their products and services being cloud-first, with the necessary security built-in from the ground up.

Microsoft also suffers from “missed-out syndrome” after missing out on several significant trends in the tech industry, potentially causing it to rush into businesses without being properly prepared.

Google clearly believes it can take advantage of Microsoft’s mistakes and, to be fair, the company may be better poised now than ever before to take advantage of Microsoft’s missteps. In years past, the choice between Microsoft and Google came down to a choice between local and cloud-based computing.

Recently, however, Microsoft has been blurring the line between desktop and the cloud, especially with Microsoft 365 and its efforts to integrate AI into Windows. As a result, the choice is no longer as distinct as it once was, increasingly giving Google an advantage among users how may have initially been reluctant to rely on cloud-based options.

One thing is clear: Microsoft needs to deliver on its promise to revamp its security or it will continue to lose business to its more secure rivals.

“Cyberattacks are no longer just hacks; they are full-on assaults involving nation-states and advanced technologies,” said Mirchandani. “We focus on building out our cloud capability and platform centered around cyber resilience to protect our customers in this challenging environment.”

Commvault’s shares have reached an all-time high, with management targeting a billion dollars in annual recurring revenue by the end of fiscal 2026. This optimistic projection comes as the company distinguishes itself from competitors like Rubrik, which recently went public with a successful IPO. Mirchandani attributed Commvault’s success to its dual approach of technological innovation and business simplification. “There is an absolute need for our platform, and we are keeping things simple on the business side to deliver the results,” he explained.

Revolutionizing Data Recovery

Commvault’s advanced data recovery technology is a beacon of hope in an increasingly perilous cyber landscape. The ability to restore operations quickly and securely following a ransomware attack is a game-changer for many businesses. Sanjay Mirchandani emphasized the importance of trust in the recovery process: “During an attack, trust in your infrastructure is completely eroded. Our technology provides a clean, trusted space where customers can safely restore their core data and infrastructure settings while conducting forensics to understand the breach.”

This innovation is not just about recovery but about ensuring the restored environment is free from malicious code, preventing reinfection. “What sets our technology apart is the assurance it offers to businesses. They can resume operations knowing their data is clean and secure,” Mirchandani explained. The technology’s ability to simultaneously handle recovery and forensic analysis is a significant advancement, allowing businesses to bounce back swiftly while understanding the root cause of the breach.

Democratizing Data Security

Commvault’s approach to democratizing data recovery means that small and medium-sized enterprises now have access to capabilities that were once the preserve of large corporations. “We’ve taken a solution traditionally available only to large companies and made it accessible to everyone,” said Mirchandani. This playing field leveling is crucial as cyber threats do not discriminate by company size.

Another highlight is the technology’s flexibility, enabling businesses to recover specific applications without waiting for a full system restore. “Our platform gives customers the agility to bring back critical applications first, ensuring minimal downtime,” Mirchandani noted. This modular recovery capability is critical for businesses that cannot afford prolonged disruptions.

Final reminder! This is your last opportunity to register for our webinar tomorrow — Leveragining AI For Data Security. Sign up now before it's too late and be at the forefront of #cybersecurity evolution: https://t.co/lvnzdXhsw9 pic.twitter.com/9L8hOyHUgj

— Commvault (@Commvault) May 21, 2024

Customer Testimonials and Market Response

Feedback from Commvault’s customers underscores the transformative impact of their data recovery solutions. A mid-sized financial firm’s Chief Information Officer (CIO) shared, “Commvault’s technology was pivotal during our recovery from a ransomware attack. The clean, secure environment allowed us to get back to business swiftly and confidently.”

Industry analysts have also noted Commvault’s innovative approach. “Commvault’s focus on providing a secure, pristine recovery environment sets a new standard in the industry,” commented a leading cybersecurity analyst. Their commitment to democratizing these capabilities ensures that even smaller firms can protect themselves against sophisticated cyber threats.”

As cyber threats continue to evolve, Commvault’s revolutionary data recovery technology offers a robust shield, ensuring businesses can recover swiftly and securely, maintaining the trust of their customers and stakeholders. Mirchandani’s vision of a democratized, secure digital landscape is not just a goal but a reality, setting a new benchmark for the industry.

Balancing Growth and Profitability

In the high-stakes arena of cloud cybersecurity, balancing rapid growth with sustained profitability is a challenge few companies navigate successfully. Commvault, under the leadership of CEO Sanjay Mirchandani, is demonstrating how this balance can be achieved through strategic planning and disciplined execution. “We are committed to building a responsible company, not pursuing growth at all costs,” Mirchandani stated. “Our focus is on sustainable growth that aligns with delivering consistent value to our customers and shareholders.”

Commvault’s financial results underscore this strategy. In the second half of its fiscal year, the company reported double-digit growth, setting ambitious yet achievable targets for the future. “We’ve set a goal of reaching a billion dollars in annual recurring revenue by 2026, and we’re well on our way,” Mirchandani said. This confidence is bolstered by the company’s robust performance, including nearly $200 million in free cash flow and significant stock buybacks totaling almost $600 million.

Strategic Investments and Cost Management

One key to Commvault’s success has been its ability to invest strategically while maintaining cost discipline. A significant portion of their growth is driven by their SaaS offerings, which now account for a third of their business. “The shift to SaaS is critical because it aligns with how customers are looking at the future of data protection and cyber resilience,” Mirchandani explained. This transition not only meets customer needs but also provides a predictable revenue stream that supports ongoing investment in innovation.

The company’s partnership with Dell is another strategic move that enhances its market position. “Partnering with Dell allows us to offer a modern data protection solution that meets the needs of customers with existing Dell infrastructures,” Mirchandani noted. This collaboration helps Commvault penetrate markets dominated by incumbents, providing a competitive edge.

Maintaining Competitive Edge

Competing with nimble upstart companies requires more than just robust technology; it demands operational efficiency and market responsiveness. “Our business model is designed to deliver profitability without sacrificing growth,” Mirchandani emphasized. This approach has allowed Commvault to differentiate itself from younger competitors who may prioritize rapid expansion over sustainable practices.

Investors have responded positively to this balanced strategy. “Commvault’s disciplined approach to growth and profitability sets it apart in a crowded market,” commented a prominent industry analyst. “Their ability to deliver consistent financial performance while investing in key areas like SaaS and strategic partnerships is a testament to their strong leadership and clear vision.”

Many companies don’t have the time, money, or staff required to test all interdependencies to know they can recover when attacked. Addressing this problem, #Commvault has reimagined #cleanroom from the ground up. Find out more here: https://t.co/DoRBSq8x9I

— Commvault (@Commvault) May 20, 2024

As Commvault continues to navigate the evolving cybersecurity landscape, its balanced approach serves as a blueprint for success. By aligning growth ambitions with profitability goals, the company ensures it remains a reliable partner for customers and a sound investment for shareholders. Mirchandani’s vision of a responsible, growth-oriented company is not just aspirational but a reality, positioning Commvault as a leader in the industry.

Strategic Partnerships and Future Prospects

Commvault’s strategic partnerships play a crucial role in its vision for the future, enhancing its ability to offer comprehensive and cutting-edge solutions to its clients. One of the most significant of these partnerships is with Dell. “Partnering with Dell allows us to offer a modern data protection solution that meets the needs of customers with existing Dell infrastructures,” Mirchandani highlighted. This collaboration broadens Commvault’s market reach and reinforces its position as a trusted leader in data protection and cyber resilience.

Leveraging Partner Ecosystems

The Dell partnership exemplifies Commvault’s strategy of leveraging established ecosystems to deliver superior solutions. By integrating its offerings with Dell’s robust infrastructure, Commvault provides a seamless and efficient experience for customers looking to modernize their data protection capabilities. “Our partnership with Dell is designed to help customers who want modern data and cyber resilience capability,” Mirchandani said. This integration helps customers navigate the complexities of modern IT environments, ensuring they can recover swiftly and securely from cyberattacks.

In addition to Dell, Commvault collaborates with other key players in the tech industry to expand its solution portfolio and enhance its market presence. These alliances are instrumental in driving innovation and ensuring that Commvault remains at the forefront of technological advancements in data protection. “Strategic partnerships are critical to our growth strategy,” Mirchandani explained. “They enable us to deliver more value to our customers by integrating best-of-breed technologies and providing comprehensive solutions.”

Looking Ahead: Future Prospects

Commvault’s forward-looking strategy is centered on continuous innovation and adaptation to the ever-evolving cybersecurity landscape. The company is committed to staying ahead of emerging threats and delivering solutions that meet its customers’ changing needs. “The cybersecurity landscape is dynamic, and we must be agile in our approach,” Mirchandani noted. Our focus is on anticipating future challenges and developing solutions that not only address current threats but also prepare our customers for what’s next.”

The company’s investment in artificial intelligence (AI) and machine learning (ML) is a testament to this forward-thinking approach. These technologies enhance Commvault’s data protection solutions, enabling faster detection and response to cyber threats. “AI and ML are game-changers in cybersecurity,” Mirchandani said. “They allow us to identify patterns and anomalies that human analysts might miss, providing an additional layer of protection for our customers.”

Commitment to Customer Success

At the heart of Commvault’s strategy is a steadfast commitment to customer success. By prioritizing its customers’ needs and delivering solutions that drive business value, Commvault ensures long-term growth and sustainability. “Our customers’ success is our success,” Mirchandani emphasized. We are dedicated to providing solutions that not only protect their data but also empower them to achieve their business objectives.”

The future looks promising as Commvault continues to innovate and expand its partnerships. The company’s balanced approach to growth, strategic investments in technology, and unwavering commitment to customer success position it well for continued leadership in the cybersecurity industry. “We are excited about the future and confident in our ability to deliver on our promises,” Mirchandani concluded. “Commvault is poised for continued success, and we look forward to helping our customers navigate the challenges and opportunities ahead.”

Clarke Rodgers, Director of Enterprise Strategy at Amazon Web Services (AWS), sits down with Paul Vixie, AWS Deputy CISO, Vice President, and Distinguished Engineer, to discuss internet security’s past, present, and future. Vixie, an early internet innovator, shares his deep insights from the front lines of the cybersecurity battlefield.

The Genesis of Internet Security
The Internet, initially a benign U.S. government project, was not designed with security as a priority. “Security was an afterthought,” Vixie remarks, debunking myths of the Internet’s early resilience to physical attacks. This oversight in the Internet’s foundational architecture set the stage for the complex security challenges we face today.

“It’s always been a best-effort system,” Vixie explains. When it works, it serves many well, but its failures can be catastrophic, reflecting its lack of initial security design.”

The Wake-Up Call
Vixie was among the first to sound the alarm on the need for robust cybersecurity measures. His early focus was on combating spam, a significant issue given the internet’s open communication channels. “We had no authentication mechanisms in place,” he notes, highlighting the innocence of an era when malicious digital traffic was virtually unanticipated.

His pioneering work led to the development of the first distributed reputation system to fight spam, setting a precedent for future cybersecurity endeavors. However, his related company eventually succumbed to legal challenges.

Modern Cybersecurity Challenges and Innovations

Despite progress, Vixie views current efforts as “too little, too late.” The reactive nature of cybersecurity has been a critical hindrance to its advancement. However, he finds hope in scalable solutions from major cloud service providers like AWS.

AWS’s innovations, such as the Graviton processors and Nitro hypervisor, represent significant strides in securing virtual environments. These technologies prevent cross-VM data leaks and provide rapid, global security patch deployments, showcasing the advantages of centralized, large-scale operations in cybersecurity.

The Future: Containers and Beyond

Looking ahead, Vixie is optimistic about the potential of container technology and the movement toward systems that minimize human error in security protocols. “The move to containers can drastically reduce the patching problems common in traditional setups,” he asserts. This shift could lead to more secure and efficient operational models with seamless software updates and less prone to human error.

Zero Trust and the Path Forward

The conversation also touches on zero trust, a security model Vixie believes is often misunderstood. “Zero trust isn’t about eliminating perimeters but redefining the assumption that being within a network perimeter equates to trustworthiness,” he clarifies.

This model necessitates robust identity verification and access controls, areas where AWS is innovating rapidly. The cloud giant’s ability to handle billions of authentication checks per second exemplifies the evolving scale of security dynamics.

Generative AI: The New Frontier

As generative AI transforms various technological domains, its implications for cybersecurity are profound yet not fully realized. Vixie is cautious about the hype but acknowledges the potential. “Generative AI can enhance anomaly detection and automate complex security operations,” he notes, suggesting that AI could revolutionize how security infrastructures monitor and respond to threats.

Concluding Thoughts

As the digital landscape continues to grow in complexity, the lessons from early internet pioneers like Paul Vixie remain critical. The shift towards more automated and less human-dependent systems seems inevitable and necessary to address the sophistication of modern cybersecurity threats.

Rodgers and Vixie’s discussion highlights the challenges ahead and the innovative pathways that leading technology firms like AWS are forging. As these technologies evolve, human ingenuity and advanced computational capabilities will likely be the cornerstone of future cybersecurity strategies, ensuring a safer internet for all users.

“I protect those who are most at risk,” Erye explains. Her journey into the nerve center of cybersecurity began unexpectedly at a college cyber camp, which ignited his passion for the field. Surrounded by peers equally enthusiastic about digital security, she found her calling. “The vibe was awesome; everyone was friendly and eager to share tips,” she recalls.

Today, Erye’s expertise is more crucial than ever. With exponential data migration to the cloud, understanding how to protect these digital assets is paramount. “Knowing how to secure assets in the cloud is very important,” she notes, stressing the necessity of this skill as more companies transition their sensitive data online.

Erye emphasizes the importance of mentorship alongside self-driven education through books and videos for those aspiring to enter the cybersecurity field. “Reach out to people you admire,” she advises. “The cybersecurity community is beneficial,” She suggests attending conferences, joining local communities, and participating in cybersecurity meetups to connect with seasoned professionals who can provide guidance and resources.

Describing her work as an “adventure,” Erye highlights the unpredictable nature of cybersecurity. “Sometimes it’s amazing, and sometimes it’s a difficult adventure, but you always end up learning something,” she says. This dynamic and ever-evolving career path not only offers challenges but also the profound satisfaction of making a significant impact on the safety and integrity of the internet.

A recent video by the Google Cloud team featured Eyre, a Lead Security Engineer who helps protect Google from cyber threats.

Microsoft suffered a massive Exchange breach last year, impacting organizations, as well as government officials. The breach was the last straw for many, with Senator Ron Wyden calling on the DOJ to “hold Microsoft responsible for its Negligent cybersecurity practices,” and competitors calling out the company’s security as “grossly irresponsible.” In addition, the Department of Homeland Security’s Cyber Safety Review Board initiated a review of Microsoft’s practices.

The Cyber Safety Review Board has released its findings, and it’s a damning indictment of Microsoft’s security:

The Board finds that this intrusion was preventable and should never have occurred. The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.

The Board found there was a “cascade of Microsoft’s avoidable errors” and blasted the company for not realizing its signing keys, “its cryptographic crown jewels,” were compromised until customers alerted it. The Board also took Microsoft to task for not communicating promptly about the matter, for not detecting that an employee’s laptop was compromised, and for not implementing common security measures that other cloud providers do.

Throughout this review, the Board identified a series of Microsoft operational and strategic decisions that collectively point to a corporate culture that deprioritized both enterprise security investments and rigorous risk management.

To drive the rapid cultural change that is needed with Microsoft, the Board believes that Microsoft’s customers would benefit from its CEO and Board of Directors directly focusing on the company’s security culture and developing and sharing publicly a plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products. The Board recommends that Microsoft’s CEO hold senior officers accountable for delivery against this plan.

The full report can be found here. In the meantime, Microsoft clearly has its work cut out for it to reinvent itself and deliver the security its customers deserve.

One thing is certain: With the release of this report Microsoft has been put on notice. If the company cannot overhaul its security culture, it may find itself in the crosshairs of the very government officials that rely on its services.

For a decade, it appears that Facebook, under its parent company Meta, purportedly permitted Netflix access to users’ private direct messages (DMs). These confidential exchanges believed to be a cornerstone of personal communication, were allegedly shared to aid Netflix in tailoring content and targeting advertisements. If proven true, the implications of such actions breach trust and raise severe ethical and legal questions about data privacy in the digital sphere.

The class-action lawsuit filed against Meta by two US citizens, Maximilian Kleene and Sarah Grabbert, underscores the gravity of the situation. Their claim asserts that Facebook and Netflix maintained a unique relationship, granting the streaming platform privileged access to user data. The alleged conspiracy between these Silicon Valley behemoths facilitated tailored partnerships and integrations, empowering Facebook’s ad-targeting mechanisms while potentially compromising user privacy.

At the heart of this controversy lies the purported API agreements, including an “inbox API,” allegedly granting Netflix programmatic access to Facebook users’ private message inboxes. In exchange, Netflix was to provide Facebook with detailed reports assessing the effectiveness of targeted advertisements. The exchange of sensitive user data, ostensibly for commercial gain, reveals a disturbing reality where personal communications become commodities in the marketplace of digital advertising.

While Meta has defended its actions as commonplace in the industry, citing the need to deliver value to advertisers, such explanations offer little solace to users grappling with eroding their privacy rights. Moreover, Meta’s track record on data privacy, marked by hefty fines and regulatory scrutiny, only exacerbates concerns surrounding its data handling practices.

This latest revelation adds another chapter to the ongoing saga of tech companies’ cavalier approach to user privacy. From the Cambridge Analytica scandal to the recent data breaches, it is evident that safeguards to protect user data remain inadequate. The lack of stringent regulations and enforcement mechanisms only emboldens tech giants to prioritize profit over privacy, leaving users vulnerable to exploitation.

As consumers grapple with the implications of this latest privacy breach, it underscores the imperative for comprehensive regulatory reform to safeguard digital privacy rights. Moreover, it serves as a stark reminder for users to exercise vigilance and caution when entrusting their data to online platforms.

In an era where data is touted as the new currency, regulators, lawmakers, and tech companies alike must uphold the sanctity of user privacy. Anything short of robust protections risks further eroding trust in the digital ecosystem and compromising individuals’ fundamental rights in the digital age.