Achraf Souk’s Post

Developing secure and compliant applications in the financial services industry is no small feat. With the constantly evolving cyber threat landscape and stringent regulatory requirements, app developers must go beyond just integrating security measures—they need to ensure compliance with standards like PCI-DSS, SOC2, GDPR, and more. At ClearScale, we leverage AWS’s security and compliance services to help financial services organizations meet their unique challenges. From DevSecOps integration to comprehensive app security solutions, we ensure your applications are secure and compliant, giving you peace of mind. Learn more in ou new blog post - https://hubs.ly/Q02NtFbG0 #AppDevelopment #CyberSecurity #AWS #Fintech #DevSecOps

Google Cloud's MFA Move 🔐 Great to see Google Cloud requiring multi-factor authentication (MFA) by 2025. With rising cyber threats, this step strengthens account security and sets a solid standard in cloud protection. Here’s to safer data and user trust! #CloudSecurity #GoogleCloud #cyber #CyberSecurity #google

Google Cloud's decision to enforce mandatory multi-factor authentication (MFA) by the end of 2025 is a significant step toward enhancing account security. This phased rollout aims to bolster defenses against unauthorized access, particularly from phishing attacks and stolen credentials. The implementation will occur in three stages: Phase 1 (Starting November 2024): Administrators receive information to prepare for the security upgrade. Phase 2 (Early 2025): MFA becomes mandatory for all new and existing Google Cloud users who sign in with a password. Phase 3 (End of 2025): MFA protections extend to federated users. This initiative aligns with similar moves by other cloud providers, such as Amazon Web Services and Microsoft Azure, reflecting a broader industry trend toward strengthening security protocols. For organizations and users, this change underscores the importance of adopting robust authentication measures to safeguard digital assets. Proactive preparation and adaptation to these security enhancements are crucial in mitigating potential risks.

Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users Google's cloud division has announced that it will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025 as part of its efforts to improve account security. "We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025," Mayank Upadhyay, vice president of engineering and distinguished engineer at Google Cloud, said in a statement. "To ensure a smooth transition, Google Cloud will provide advance notification to enterprises and users along the way to help plan MFA deployments." Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations 

Google's cloud division has announced that it will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025 as part of its efforts to improve account security. "We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025," Mayank Upadhyay, vice president of engineering and distinguished engineer at Google Cloud, said in a statement. "To ensure a smooth transition, Google Cloud will provide advance notification to enterprises and users along the way to help plan MFA deployments." Stay connected to Aashay Gupta, CISM, GCP for content related to Cybersecurity.  #LinkedIn #Cybersecurity #Cloudsecurity #AWS #GoogleCloud #Trends #informationprotection #Cyberthreats #CEH #ethicalhacker #hacking #cloudsecurity #productmanagement #cybersecurity #appsec #devsecops

Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users Gist: Phase 1 (Starting November 2024), when administrators will be provided information to prepare for the security upgrade Phase 2 (Early 2025), when Google will begin requiring MFA for all new and existing Google Cloud users who sign in with a password Phase 3 (End of 2025), when Google will extend MFA protections to federated users Source: https://lnkd.in/gac5pmaq #cybersecurity

The importance of using IAM roles and not keys 🛡️ Hide your Environment Files! Or Risk Getting Your Cloud-Stored Data Stolen and Held for Ransom 🛡️ According to Palo Alto Networks researchers, cybercriminals are infiltrating organizations' cloud storage containers, exfiltrating sensitive data, and in some cases, receiving payments from victims to prevent data leaks or sales. Researchers identified over 90,000 leaked environment variables, including 7,000 cloud service access keys and 1,515 social media platform credentials. The attackers behind this campaign gained access by scanning for exposed environment files (.env) within web applications, which often contain hard-coded cloud provider IAM keys, SaaS API keys and database login information. Once inside, the attackers verified IAM credentials, listed IAM users and S3 buckets, and located services like Simple Storage Service and Security Token Service. Subsequently, they used the original IAM role to create new roles that will have administrative permissions within the compromised AWS account. This allowed them to create Amazon Elastic Cloud Compute (EC2) resources for cryptomining and AWS Lambda functions for further scanning. The attackers exfiltrated data using the S3 Browser tool and uploaded ransom notes. https://lnkd.in/gBPkXtGw

Solutions-Focused Immersion Day – Fraud protections using AWS WAF Hey there my fellow mammals, Please join AWS experts for a deep dive into fraud protections for web applications using AWS WAF. Explore how AWS uses a combination of techniques to identify and mitigate types of bots and fraudulent activities. You will get hands-on experience and will walk away with best practices for when, how, and why to set up the services. Temporary AWS accounts will be provided for this workshop. Who: anyone interested in learning how to implement fraud controls against account takeover and account creation. When: Wednesday, September 18 2024 | 12:00PM - 3:30PM EDT For more information, and to register for the event please click here: https://lnkd.in/eRfQeg4X

SaaS providers are in a tough spot, evidenced below. They ultimately want to make the user experience as smooth as possible but it can sometimes compromise security. I personally have debated architects & system administrators on the use of MFA, when at my last company they decided to require it. I was shocked at how many were unwilling to implement it in the name of simplicity & speed, to the point that they threatened not to use or buy the product. And you know what they say… “The customer is always right”. So many providers (such as Snowflake) have traditionally not required MFA, allowing their users to assume the risk. But as you can see in the below article, it’s not just their customers assuming all the risk and heat. It’s a (potentially undeserved) blackeye for Snowflake.

🔒⏰ Tick-tock, techies! Amazon Web Services is waving the MFA wand and shaking things up. 💫 Are you ready to bid adieu to the old ways and embrace the passkey revolution? Let's dive in! 🔑💥 🔥 The heat is on! Amazon Web Services is turning up the security dial by making MFA mandatory for select users. It's not just a trend – it's the new cool! 😎 #ainews #automatorsolutions 🚀 Why settle for a one-trick pony when you can have multi-factor authentication's superhero cape by your side? Say goodbye to passwords as we know them and greet a new era of security! 🦸♂️🔐 📈 The digital battle is real. As cyber threats evolve faster than trends in tech, MFA is stepping up to the plate to keep our digital fortresses secure. Show those hackers it's game over before the game even starts! 💪💻 💡 Time to flex those cybersecurity muscles! With MFA taking center stage, it's not just a sugary security treat – it's the main course in the realm of data protection. Bon appétit, hackers! 🍽🛡 🔮 The crystal ball speaks – MFA is just the beginning. As the tech landscape continues to shape-shift, staying ahead of the curve is no longer optional – it's the golden ticket to the cybersecurity kingdom. Who's ready to rule? 🏰🔒 🔗 Join the conversation! Share your thoughts on the MFA wave – is it a tech tsunami or a cool breeze of change? Let your voice be heard in the ever-evolving symphony of cybersecurity! 🗣💬 Ready or not, MFA is here to stay. Embrace the passkey power and ride the cybersecurity wave like the tech-savvy superhero you are! 🦸♀️💥 #ainews #automatorsolutions Let's lock arms (and data) in this epic quest for security supremacy! Who's in? 🛡🚀 #GameChanger #CybersecurityHeroes #CyberSecurityAINews ----- Original Publish Date: 2024-06-17 04:30