The Network and Information Systems (NIS) Directive, introduced in 2016, was the European Union's (EU) first cybersecurity legislation aimed at protecting critical infrastructure and essential services from cyber threats.
On March 21, 2025 a significant security incident was reported by CloudSEK, allegedly targeting Oracle Cloud via their identity management system. CloudSEK uncovered that a threat actor, claimed to have stolen 6 million records, potentially affecting over 140,000 tenants.
The U.S. Department of Health and Human Services (HHS) in January published a "Notice of Proposed Rule Making (NPRM) which includes significant updates to the the Security Standards for the Protection of Electronic Protected Health Information (ePHI) ("Security Rule") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act)". This marks the first major overhaul for HIPAA in over...
As of 2022, over 60% of corporate data was stored in the cloud, this number is growing. Most organizations rely on cloud service providers (CSPs) like Microsoft Azure, Amazon Web Services (AWS), or Google Cloud Services (GCS), as well as various cloud Software as a Service (SaaS) providers for critical operations including, Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), Human Resource (HR) systems, customer support, ticketing, document management and productivity...
In today's digital-first world, protecting sensitive data is a cornerstone of cybersecurity. Data tokenization stands out as a highly effective way to secure information, providing both robust protection and operational flexibility. So, what is data tokenization, and why is it so important?Data tokenization is the process of replacing sensitive or regulated data, like confidential business information, protected heath information (PHI) or personally identifiable information (PII) with a...
By 2025, global data generation is projected to reach an astounding 463 exabytes per day. Coupled with the rise of cloud computing and the expansion of geographically distributed businesses, cross-border data flows are more prevalent than ever, and so too is the significance of data residency the specific physical or geographic location where an organization stores or processes its data.
With GDPR now formally passed into law, StratoKey has released a comprehensive GDPR compliance guide. This guide focuses on how organisations can utlise StratoKey to meet GDPR requirements when using cloud and SaaS applications.The General Data Protection Regulation (GDPR 2016/679 ) was approved by the European Parliament on 14 April 2016. With this approval, data protection regulations have been synchronised across all European Union (EU) member states. GDPR is the formal replacement for the...
StratoKey has published a guide on Cloud Access Security Broker (CASB) features, functions and architectures. This guide is designed to dispel some of the myths about CASB vendors and covers the advantages and disadvantages of differing CASB offerings.This guide looks at areas of CASB products that are not often discussed by vendors, such as what type of impact a CASB will have on performance, throughput and scalability of an end cloud application. Vendors typically focus on the marketing...
A CASB (Cloud Access Security Broker) is a gateway that sits between users and an end cloud application such as Salesforce, Office365 or any other cloud deployed application. The purpose of a CASB is to control the security of both users and data stored in the cloud. This is achieved by encrypting content before it reaches the cloud, monitoring user access and in some instances automated firewall-like rules to thwart attacks.
According to the Australian Attorney-General's Department website, a proposed Bill will require Government agencies and businesses subject to the Privacy Act 1988 (Privacy Act) to notify the national privacy regulator and affected individuals following a serious data breach. The Bill is intended to improve the privacy of Australians without placing an unreasonable regulatory burden on business.
