The principles of data protection are the same whether your data is stored in a traditional, on-premises data center or in a cloud environment. What is different is the way that you apply those principles. Moving data to the cloud introduces novel cybersecurity risks, challenges, and the threat surface. This novelty requires a new approach to data security. Cloud security is the protection of data, applications, and infrastructures involved in cloud computing environments. Traditional security controls are not adequate to mitigate and protect against the new threats in cloud environments. Establishing and sustaining a robust and effective cloud security posture presents many benefits to organizations. Understanding the differences between cloud security and traditional security is crucial to finding the right

Protecting critical infrastructure and associated challenges was a recurring theme during (ISC)² Security Congress 2021, which took place virtually from Monday to Wednesday this week. It was the subject of various sessions and came up during a keynote session delivered by Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA). Krebs said critical infrastructure needs to be hardened against foreign adversaries that might have an interest in disrupting it at some point. CISA and other agencies are working to come up with standards and practices for infrastructure security. And they are looking for input from the cybersecurity industry. One of the main challenges with securing critical infrastructure is the move to connect IT and operational technology (OT),

In one of the most sobering presentations about the current state of security delivered during (ISC)² Security Congress 2021, security expert Lisa Forte said no matter how many protective measures an organization takes, it can never achieve zero risk. Insider threats are always a possibility. Forte, co-founder of Red Goat Cyber Security, used her keynote speech on the third and final day of Security Congress to drive home the point that insider threats have gotten harder to identify. Not only does technology make it easier to steal data, bad actors also can manipulate insiders into becoming unwitting spies. And that’s on top of those insiders who are willing collaborators. To minimize risk, Forte said companies should take a number of measures,

Martin R. Okumu lived through the ransomware attack on the City of Baltimore in 2018, which affected 90% of the municipality’s applications. As the then-director of IT infrastructure for the city, he learned a lot of valuable lessons about defending against and recovering from a ransomware attack. On Tuesday afternoon, he shared those lessons with (ISC)² Security Congress 2021 attendees during a virtual session. He is now the Chief Information Officer for the City and County of San Francisco. In many ways, Okumu said, Baltimore was not prepared for the attack. The city did not have a cyber incident response team (CIRT), or well-defined plans for activating an incident response, or how to handle communication and escalation. These are elements

"Perseverance” and “Ingenuity” aren’t just the names of spacecraft on Mars; they are also the human qualities we need to get us through the post-pandemic world, said Adam Steltzner, chief engineer and mission leader of NASA's Mars 2020 mission. Steltzner, who works at NASA’s Jet Propulsion Laboratory (JPL) in Pasadena, CA, was the keynote speaker on the second day of the (ISC)² Security Congress 2021, taking place virtually through Wednesday, October 20. After NASA landed the nuclear-powered “Curiosity” rover on Mars in 2012, the agency worked to send another rover to the Red Planet. That rover, “Perseverance,” landed on Mars in February 2021, accompanied by a helicopter-like robotic spacecraft called “Ingenuity.” Getting there wasn’t easy, Steltzner recalled. It required adjusting to