This Week in Cloud covers news and commentary from the intersection of cloud and cybersecurity. In the latest installment, we will cover updates from the Blackhat conference, recent data breaches, and the emerging role known as DevSecOps.
What Did We Learn at Blackhat?
The Blackhat conference attracts a notoriously threat-focused crowd, and while top names in cybersecurity research still attend, the past few years have found a healthy crowd of risk-minded IT security executives. Perhaps that’s why this year, one of the resonating messages from the conference wasn’t about sophisticated threats, but security basics. In a keynote, Facebook’s Alex Stamos drew the audience’s attention to focusing on the impact of cybersecurity failures rather than prioritizing issues based on how sophisticated they are. Cloud security also had its time in the conversation around the show; Skyhigh released details on a persistent Office 365 brute force attack that targeted the high level employees of many companies.
Black Hat 2017: Insightful, but too much hype | Jon Oltsik, CSO
Data Theft, from PHI to Game of Thrones
After Anthem’s 2015 data breach, reports emerged that their cyber insurers were hesitant to renew policies to the embattled healthcare company. News of another data breach at Anthem confirm the company is still struggling with cybersecurity. Investigators traced the latest breach to a third-party vendor’s employee who plotted to steal the data. The theft is the latest example of a highly regulated company falling victim to poor security practices from a business partner; Verizon and the Republican National Committee suffered leaks involving millions of records as a result of vendors as well.
A vast online black market exists for cybercrime “commodities” like payment data and personal health, but HBO’s data breach demonstrated that no data is exempt from hackers’ purview. Attackers gained access to 1.5 terabytes of confidential data, making the incident the largest data breach in the entertainment industry. For scale, the runner-up Sony only leaked 200 gigabytes of data in their breach.
Anthem reports 18,500 members involved in new data breach | Doug Olenick, SC Magazine
Largest Hollywood hack in history may have compromised HBO confidential documents, emails | Michael Sheetz, CNBC
DevSecOps Steals the Day
DevOps transformed software development best practices and set a new standard for staying competitive in industries where software matters – aka every industry. Cloud infrastructure allows companies to spin up new resources nearly instantly. IT teams can develop and deploy applications more quickly putting pressure on security teams to keep up or be left behind. A survey conducted with the Cloud Security Alliance found that security is only aware of 38.5 percent of custom applications that their company has developed. DevSecOps involves security teams working side by side with application teams for better security and more agility. This movement is a perfect example of the potential for the security team to accelerate the business rather than sideline new projects as the “Department of No”.
How DevOps and cloud will speed up security | Fahmida Rashid, IDG
DevOps security and the culture of ‘yes’ | Michael Feiertag, Darkreading
By the Numbers
The number of health insurance policies a rogue insider accessed at Bupa Global
The rough amount of IoT device vulnerabilities that security researchers revealed in a single talk at Blackhat
The amount of dollars companies will spend on security this year, up 8.2 percent from last year