Tech News

CISA Directive Requires Federal Agencies to Secure Network Devices

A new CISA directive requires agencies to "take steps to reduce the attack surface created by insecure or misconfigured management interfaces across certain classes of devices."

The Binding Operational Directive 23-02 (https://www.cisa.gov/news-events/directives/binding-operational-directive-23-02), which outlines the steps required for compliance, defines a networked management interface as "a dedicated device interface that is accessible over network protocols and is meant exclusively for authorized users to perform administrative activities on a device, a group of devices, or the network itself."

"Recent threat campaigns underscore the grave risk to the federal enterprise posed by improperly configured network devices," the directive states.

SUSE Report Reveals Cloud Security Concerns

The majority of IT teams (88%) experienced at least one cloud security incident in the past year, according to a recent report released by SUSE (https://www.prnewswire.com/news-releases/suse-releases-securing-the-cloud-industry-trend-report-revealing-challenges-that-threaten-cloud-adoption-301854386.html). "Of those affected, 76 percent encountered multiple incidents, with 11 percent experiencing more than 10 issues in the same period."

SUSE's "Securing the Cloud" trend report reflects industry concerns around cloud security, as "88 percent of professionals agreed that if they were certain about the integrity of their data, they would be more inclined to migrate additional workloads to the cloud and edge."

Top concerns cited by respondents include data stores hosted by cloud or third parties, runtime attacks from threat actors, security policy management, federation, and automation. Additionally, the report notes that "US IT decision makers (35%) are significantly more likely than those in Europe (25%) to believe that security policy management, federation, and automation are among their biggest cloud security concerns."

Download the complete report to learn more (https://more.suse.com/securing-the-cloud-report_download-thank-you.html).

Canonical Sunbeam Extends OpenStack to Small Cloud Environments

Canonical has announced Sunbeam, an extension of its commercial OpenStack offering (https://ubuntu.com/openstack) for small-scale cloud environments.

According to the announcement, the Sunbeam (https://governance.openstack.org/tc/reference/projects/sunbeam.html) deployment and operational tooling project comes with "a lucid interface and very simple installation instructions, making it super straightforward for everyone – even those with no previous OpenStack experience."

"What makes Sunbeam unique is its K8s-native architecture," the announcement says (https://ubuntu.com/blog/canonical-extends-commercial-openstack-offering-to-small-scale-cloud-environments-with-project-sunbeam). "By using native Kubernetes principles, such as StatefulSets and operators, OpenStack can finally be modeled, deployed, and managed as any other cloud-native application."