Storing sensitive values is a problem as old as software itself. In 2016, Uber experienced a massive data breach that exposed 57 million users’ personal information—all traced back to a hardcoded AWS credential discovered in a GitHub repository. While we have successfully established that hardcoding secrets such as API keys and passwords is bad practice, correctly storing them is a different story, and the issues from 2016 are still prevalent today (8 years later…).

AWS and other cloud infrastructure exposed to after attacks uncovered in the wild Cloud networking solutions provider Aviatrix has published a new vulnerability (CVE-2024-50603) in its controller. This vulnerability allows unauthenticated actors to run arbitrary commands. This Remote Code Execution (RCE) vulnerability, rated CVSS 10 (critical), has been exploited in the wild. A patch is already available on GitHub. Alternatively, users can update to the secure versions 7.1.4191 or 7.2.4996.

Even the simplest mistakes can leave your data wide open to cyber threats. If the worst happens and there’s an attack, cybercriminals gain free-for-all access to your cloud resources. They tamper with your data, disrupt workflows, and steal sensitive information, meaning the need for Privileged Access Management (PAM) best practices are more indispensable than ever for any robust cloud security strategy.

It’s 9:00 AM, and your team is ready to tackle the day. But before they can start, access issues rear their ugly head. A developer can’t get into the staging server and IT is buried under a mountain of permission requests. Sounds familiar? Employees lose up to five hours weekly on IT access issues, while IT teams spend 48% of their time handling manual provisioning. These inefficiencies cost both time and valuable progress. So, how do you fix it?

In this edition, Rom discusses four essential capabilities to consider when using a solution to manage cloud privileges and access to resources. He emphasizes the importance of visibility across all cloud access, planning for scale upfront, speaking the language of both security and DevOps, and ensuring easy onboarding and fast adoption. These four points are a great starting point for making the right PAM buying decision.

We recently started a new blog series featuring our CEO and co-founder Rom Carmel. In this series, we discuss real issues from the field. So, check out what Rom Carmel has to say about the three complaints he hears the most in access management.

Recent studies indicate that more than 80% of organizations have experienced security breaches related to their CI/CD processes, highlighting the critical need for comprehensive access management strategies.

Organizations lose $16.2 million annually (up from $15.4 million) due to insider threats. Many businesses still can’t prevent these threats effectively. Malicious or negligent employees continue to risk sensitive data and systems despite strong external security measures. Security professionals must solve a big challenge – protecting against insider threats while keeping operations running smoothly.

It’s not that often that a story about a Joiner-Mover-Leaver (JML) failure makes the international news. But throw in an insider threat actor making potentially life threatening changes to the impacted systems and it becomes quite the doozy. Especially when the company at the center of the story is Disney.

With an average of more than 5 data breaches globally a day, it’s clear companies need a way to prevent data loss. This is where a data loss prevention policy comes into play. A data loss prevention policy serves as a crucial safeguard against unauthorized access, data breaches, and compliance violations. This comprehensive framework outlines strategies and procedures to identify, monitor, and protect valuable data assets across an organization’s network, endpoints, and cloud environments.