UpGuard Blog

How Can Cloud Leaks Be Prevented?

When we examined the differences between breaches, attacks, hacks, and leaks, it wasn’t just an academic exercise. The way we think about this phenomenon affects the way we react to it. Put plainly: cloud leaks are an operational problem, not a security problem. Cloud leaks are not caused by external actors, but by operational gaps in the day-to-day work of the data handler. The processes by which companies create and maintain cloud storage must account for the risk of public exposure.

Filed under: AWS, cyber risk, process, Procedures, third-party vendor risk, cloudleaks

Why Do Cloud Leaks Matter?

Introduction

Previously we introduced the concept of cloud leaks, and then examined how they happen. Now we’ll take a look at why they matter. To understand the consequences of cloud leaks for the organizations involved, we should first take a close look at exactly what it is that’s being leaked. Then we can examine some of the traditional ways information has been exploited, as well as some new and future threats such data exposures pose.

Filed under: AWS, process, cloudleaks

Discovering Important Changes With UpGuard's Real Time Forwarder

A funny thing that’s happened as the digitization of business has sped up in the last ten years is that process cadence has not done well in keeping up. Regulatory compliance standards often use quarters, or even years, as audit intervals, and in unregulated industries that interval can be yet longer. But in the data center, changes happen all the time, changing the risk profile of the business along with it. Determining which changes are the root cause of a problem can be the difference between fixing it and having it happen again.

Filed under: process, change management, RTF

Data Crunch: Stats or Scoreboards?

When it comes to measuring success for your team, finding a reliable and accurate means for doing so can be more difficult than it might appear. UpGuard's VP of Product, Greg Pollock, wrote about his insights into instituting such metrics and understanding the difference between "behavior" and "results."

Filed under: IT operations, process

Almost Compliant With NERC CIPv5? CIPv6 is On Its Way

The NERC CIP v5 standards will be enforced beginning in July of this year, but version 6 is already on the horizon. Previously, we examined the differences between v3 and v5, and we saw how the CIPs related to cybersecurity were evolving. This pattern continues in v6, with changes coming to some of the cyber CIPs and the addition of standards regarding “transient cyber assets and removable media,” but the major changes in v6 have to do with scope-- which facilities are required to comply, and at what level they must comply: low, medium or high impact. We’ll examine some of the differences coming up in CIPv6 and what they will mean for the industry.

Filed under: compliance, cybersecurity, NERC, process

Improved Policies Make Testing and Compliance Even Easier

UpGuard's "three waves" methodology helps businesses achieve digital maturity through a three step process: gain visibility, establish test driven infrastructure, and then automate what you can also validate. In our last release we focused on improving visibility with an improved data visualization, a search engine, and group differencing. Now we've revisited our testing platform to make both incremental improvements and fundamental changes.

Filed under: upguard, IT operations, process