CyberInsights Weekly #23
Your weekly dose of learnings from cybersecurity news
I. Solving the data sovereignty issue
Cloudflare data localisation tools aim to keep data in-country and compliant with local laws
There’s good news for organizations that are putting off moving to the cloud for concerns related to data localization.
While some specific cloud services (like AWS Gov Cloud) have been available, this is the first time that a company is providing assurances of data localization for its cloud services.
CISO Check:
Do you know where your logs are being shipped when you use services like cloud firewalls?
II. How critical is your vulnerability?
Microsoft SaaS application for collaboration (Teams) had a bug. The problem was that Microsoft appears to have downplayed the capability of the bug.
Microsoft tagged it as an “XSS bug capable of spoofing”, while the security researcher who found it out feels it is a "zero-click, wormable, cross-platform remote code execution.". Big Difference.
CISO Check:
How do you measure the severity of vulnerabilities applicable to your organization?
Do you patch vulnerabilities that do not have a CVE ID?
III. Quote of the week
The main element you can not delegate to your cloud service provider is your responsibility for security, compliance and customer trust. - Stephane Nappo
Have an original interesting cybersecurity quote? Let us know in the comments and we will publish it along with your name in our quotes section.