Image: Getty Images/Maskot
Cloud computing continues to grow at a fantastic rate, even though it’s been around for quite some time; the most recent data from tech analyst Gartner shows that the infrastructure as a service market grew more than 40% just last year and it noted that ‘cloud-native becomes the primary architecture for modern workloads.”
Then it’s perhaps no surprise that cloud security is the fastest growing segment of the security market, with spending jumping from $595 million in the US in 2020 to $841 million last year, largely because companies are discovering that it’s a more complicated topic than they realised.
Most businesses use multiple cloud services and cloud providers, a hybrid approach that can support granular security options where vital data is kept close (perhaps in a private cloud) while less sensitive applications run in a public cloud to take advantage of big tech’s economies of scale.
But the hybrid model also introduces new complications, as every provider will have a slightly different set of security models that cloud customers will need to understand and manage.
That takes time and (often elusive) expertise across multiple cloud vendors systems. And it’s also a dynamic environment; applications and data are often switched between on- and off-premise and between cloud services, all of which are opportunities for errors and data leaks.
All of this can extend the enterprise threat surface, while making it harder for organisations to ensure their assets are secured. As a result, misconfigured services are high on the list of root causes for security incidents – along with even more basic failures like poor passwords and identity controls.
ZDNET SPECIAL FEATURE: SECURING THE CLOUD
According to one recent piece of research half of companies had experienced some kind of cloud security breach in the last 12 months, while almost one in three had been forced to issue a breach notification to a government agency, customer, partner or employees according to the research by Thales.
Little surprise that companies are evaluating tools to automate much of this. That’s leading to interest in new technologies such as Cloud Security Posture Management (CSPM) tools, which can help security teams spot and fix potential security issues around misconfiguration and compliance in the cloud, so they know the same rules are being enforced across their cloud services.
Another area of growth has been Cloud Access Security Brokers (CASBs), which also aim to guarantee that an enterprise’s security policies are being enforced across its portfolio of services. Other security technologies that cloud users are interested in, according to industry research, include zero trust and artificial intelligence, and machine learning. However, many technologies that hold out the promise of improving cloud security are still at an early stage.
None of this is to say that the cloud is inherently less secure. Indeed, because cloud vendors have the scale to invest in skills and capabilities that are beyond the reach of most customers, cloud services and applications are likely to be more secure than those hosted by companies for whom tech is far from their core competency.
But as well as looking at technical innovations it’s also worth scrutinising the levels of service and understanding offered by cloud service providers in the first place. The UK’s National Cyber Security Centre (NCSC) has a good set of general principles for cloud computing security that’s worth considering, which can help you judge the security posture of a supplier. There are 14 principles in total, including:
Your data should be protected against tampering and eavesdropping as it transits networks inside and external to the cloud.
A malicious or compromised customer of the service should not be able to access or affect the service or data of another.
The service needs to be operated and managed securely in order to impede, detect or prevent attacks, using vulnerability management, protective monitoring, configuration and change management.
If service provider personnel have access to your data and systems, you need a high degree of confidence in their trustworthiness and the technical measures in place that audit and constrain the actions of those personnel.
Cloud services should be designed, developed and deployed in a way that minimises and mitigates threats to their security, including a robust software development lifecycle
All external or less-trusted interfaces of the service should be identified and defended appropriately, including external APIs, web consoles and command line interfaces.
You should be able to identify security incidents and should have the information necessary to find out how and when they occurred. The service will need to provide you with audit information, and issue security alerts when attempted attacks are detected.
Developing the right security posture is hard: some companies worry about sophisticated hacking groups, others struggle to stop staff using ‘1234’ as a password. Covering the fundamentals of security, understanding where the market is going, and asking cloud providers tough questions about their own security, is a good path to follow.
Resource: Ranger, S. (2022, June 14). Cloud computing means big opportunities – and big threats. ZDNET. https://www.zdnet.com/article/cloud-computing-security-where-it-is-where-its-going/
MixedMug
We firmly believe that the internet should be available and accessible to anyone, and are committed to providing a website that is accessible to the widest possible audience, regardless of circumstance and ability.
To fulfill this, we aim to adhere as strictly as possible to the World Wide Web Consortium’s (W3C) Web Content Accessibility Guidelines 2.1 (WCAG 2.1) at the AA level. These guidelines explain how to make web content accessible to people with a wide array of disabilities. Complying with those guidelines helps us ensure that the website is accessible to all people: blind people, people with motor impairments, visual impairment, cognitive disabilities, and more.
This website utilizes various technologies that are meant to make it as accessible as possible at all times. We utilize an accessibility interface that allows persons with specific disabilities to adjust the website’s UI (user interface) and design it to their personal needs.
Additionally, the website utilizes an AI-based application that runs in the background and optimizes its accessibility level constantly. This application remediates the website’s HTML, adapts Its functionality and behavior for screen-readers used by the blind users, and for keyboard functions used by individuals with motor impairments.
If you’ve found a malfunction or have ideas for improvement, we’ll be happy to hear from you. You can reach out to the website’s operators by using the following email
Our website implements the ARIA attributes (Accessible Rich Internet Applications) technique, alongside various different behavioral changes, to ensure blind users visiting with screen-readers are able to read, comprehend, and enjoy the website’s functions. As soon as a user with a screen-reader enters your site, they immediately receive a prompt to enter the Screen-Reader Profile so they can browse and operate your site effectively. Here’s how our website covers some of the most important screen-reader requirements, alongside console screenshots of code examples:
Screen-reader optimization: we run a background process that learns the website’s components from top to bottom, to ensure ongoing compliance even when updating the website. In this process, we provide screen-readers with meaningful data using the ARIA set of attributes. For example, we provide accurate form labels; descriptions for actionable icons (social media icons, search icons, cart icons, etc.); validation guidance for form inputs; element roles such as buttons, menus, modal dialogues (popups), and others. Additionally, the background process scans all the website’s images and provides an accurate and meaningful image-object-recognition-based description as an ALT (alternate text) tag for images that are not described. It will also extract texts that are embedded within the image, using an OCR (optical character recognition) technology. To turn on screen-reader adjustments at any time, users need only to press the Alt+1 keyboard combination. Screen-reader users also get automatic announcements to turn the Screen-reader mode on as soon as they enter the website.
These adjustments are compatible with all popular screen readers, including JAWS and NVDA.
Keyboard navigation optimization: The background process also adjusts the website’s HTML, and adds various behaviors using JavaScript code to make the website operable by the keyboard. This includes the ability to navigate the website using the Tab and Shift+Tab keys, operate dropdowns with the arrow keys, close them with Esc, trigger buttons and links using the Enter key, navigate between radio and checkbox elements using the arrow keys, and fill them in with the Spacebar or Enter key.Additionally, keyboard users will find quick-navigation and content-skip menus, available at any time by clicking Alt+1, or as the first elements of the site while navigating with the keyboard. The background process also handles triggered popups by moving the keyboard focus towards them as soon as they appear, and not allow the focus drift outside it.
Users can also use shortcuts such as “M” (menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics) to jump to specific elements.
We aim to support the widest array of browsers and assistive technologies as possible, so our users can choose the best fitting tools for them, with as few limitations as possible. Therefore, we have worked very hard to be able to support all major systems that comprise over 95% of the user market share including Google Chrome, Mozilla Firefox, Apple Safari, Opera and Microsoft Edge, JAWS and NVDA (screen readers).
Despite our very best efforts to allow anybody to adjust the website to their needs. There may still be pages or sections that are not fully accessible, are in the process of becoming accessible, or are lacking an adequate technological solution to make them accessible. Still, we are continually improving our accessibility, adding, updating and improving its options and features, and developing and adopting new technologies. All this is meant to reach the optimal level of accessibility, following technological advancements. For any assistance, please reach out to