Ask the Experts

Ask the Experts

• What are the best criteria to use to evaluate cloud service providers?

  Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and third-party assessments.  Continue Reading

• What's the best way to approach multi-cloud security?

  Multi-cloud security can be challenging, but new tools promise to ease some of the problems associated with managing resources across multiple CSPs.  Continue Reading

• What is the best way to write a cloud security policy?

  Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these policy writing best practices.  Continue Reading

• What do the top cloud security providers offer in 2019?

  Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which one is right for you.  Continue Reading

• What are the top cloud security certifications for 2019?

  Cloud security certifications serve to bolster security professionals' resumes and boost value to employers. Learn about the top certifications available from expert Nick Lewis.  Continue Reading

• How does the Amazon GuardDuty threat detection service work?

  At the 2017 re:Invent conference, Amazon announced their latest threat detection product: Amazon GuardDuty. Learn how this service works and what sets it apart from other products.  Continue Reading

• Secure cloud migration: What pitfalls should companies avoid?

  Enterprises can ensure a secure cloud migration by avoiding specific risks. Expert Judith Myerson outlines what to look for and what mistakes not to make when moving to the cloud.  Continue Reading

• How can a hypervisor deployment avoid security risks?

  A hypervisor deployment can put the security of an organization at risk, but there are ways to make it secure. Expert Judith Myerson outlines how to make the process safer.  Continue Reading

• What security risks does rapid elasticity bring to the cloud?

  Enterprises can benefit from cloud features such as rapid elasticity and measured services, but they bring new security risks with them. Expert Matthew Pascucci explains.  Continue Reading

• How can enterprises use SOC 2 reports to evaluate cloud providers?

  Enterprises can use SOC 2 reports to evaluate cloud service providers. Expert Matthew Pascucci discusses the effectiveness of doing so, and what else companies can use.  Continue Reading

• Google Cloud KMS: What are the security benefits?

  Google Cloud KMS is a new encryption key management service available for Google customers. Expert Matthew Pascucci discusses how this service works and its security benefits.  Continue Reading

• How does the Cisco CloudCenter Orchestrator vulnerability work?

  Cisco's CloudCenter Orchestrator was found to have a privilege escalation vulnerability. Expert Matthew Pascucci explains how it works and what enterprises need to know about it.  Continue Reading

• How can AWS Organizations help secure cloud accounts?

  A new tool called AWS Organizations aims to make cloud account management more secure. Expert Matthew Pascucci explains how the tool works and how it compares to AWS IAM.  Continue Reading

• What is the difference between web role and worker role in Azure?

  It's important to know the difference between the web role and the worker role when testing applications in Microsoft's Azure. Expert Matthew Pascucci explains what sets them apart.  Continue Reading

• Project Springfield: How does Microsoft's fuzzing as a service work?

  Microsoft's fuzzing as a service cloud initiative, called Project Springfield, can make a significant difference to software security. Expert Matthew Pascucci explains.  Continue Reading

• How should organizations vet a cloud collaboration app?

  A cloud collaboration app can be a useful tool for enterprises, but they should be thoroughly vetted before use. Expert Matthew Pascucci discusses what security features to review.  Continue Reading

• How does Docker's hardware signing work?

  Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan goes over these new features.  Continue Reading

• Can Contiv automate policies for container platforms?

  Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of this open source tool.  Continue Reading

• OneOps: The value of cloud application lifecycle management

  The OneOps cloud application lifecycle management tool helps organizations regain control of cloud deployments and prevent vendor lock-in. Expert Rob Shapland explains how.  Continue Reading

• How are cloud threats abusing public cloud services?

  Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks of these cloud threats.  Continue Reading

• How does AWS Directory Service offer security benefits?

  AWS has begun providing Active Directory management in the cloud. Expert Dan Sullivan explains this new Amazon service and what it means for users.  Continue Reading

• Do multiple cloud accounts provide security benefits?

  Some experts believe establishing multiple cloud accounts for each enterprise project or workload can provide security benefits. Dan Sullivan explains what those benefits are.  Continue Reading

• Can virtual machine introspection improve cloud security?

  What is virtual machine introspection, and can it help improve cloud security? Expert Dan Sullivan explains techniques behind VM introspection and how it can boost security in the cloud.  Continue Reading

• What cloud security controls are best for due diligence?

  With increasing use of cloud sending more enterprise data outside of the organization's control, due diligence is crucial. Expert Dan Sullivan offers advice on how to get it right.  Continue Reading

• Is AWS WAF worth considering for enterprise cloud?

  The new Amazon WAF offers firewall features for the cloud. Expert Dan Sullivan explains how Amazon WAF can be integrated in the enterprise cloud.  Continue Reading

• Cloud DLP: What are the benefits for enterprises?

  Expert Dan Sullivan explains how enterprises can manage cloud DLP for data in cloud file storage services that offer offline synchronization.  Continue Reading

• What does Amazon Inspector do for cloud security?

  Expert Dan Sullivan explains what benefits Amazon Web Services' new Amazon Inspector service offers in terms of assessing cloud security.  Continue Reading

• How can vaultless tokenization protect data in the cloud?

  How do vaultless tokenization and standard tokenization differ, and what is the best way to use them for securing cloud data? Expert Dan Sullivan offers guidance and use cases.  Continue Reading

• How do new AWS APIs simulate IAM policies for cloud security?

  The newly released AWS APIs simulate IAM policies for security testing. Expert Dan Sullivan explains how to make the most of these APIs.  Continue Reading

• What does Docker Content Trust mean for container security?

  Docker Content Trust offers improved container security through code signing. Expert Dan Sullivan explains why this matters for enterprise cloud users.  Continue Reading

• Can Azure Container Service boost enterprise security?

  Microsoft's new container service for Azure makes use of the Apache Mesos platform. Expert Dan Sullivan explains why this matters for enterprise security.  Continue Reading

• How can a reverse proxy mode improve cloud security?

  Skyhigh Networks recently obtained a patent to use reverse proxies for cloud access security broker services. Expert Dan Sullivan explains how the method works.  Continue Reading

• What are the benefits of the Amazon API Gateway tool for AWS?

  Can the new Amazon API Gateway help make the AWS public cloud networks more secure? Expert Dan Sullivan examines how this new tool can benefit enterprises.  Continue Reading

• Are enterprise cloud management tools a security risk?

  A tool that manages hybrid cloud environments can benefit enterprises, but there are also security risks to consider. Expert Dan Sullivan explains what those risks are.  Continue Reading

• Is Amazon Aurora's security strong enough for enterprises?

  Without encryption for data at rest, is encrypting data in transit with Amazon Aurora enough, or is it worth waiting for AWS Key Management System integration?  Continue Reading

• Can Amazon Simple AD replace Active Directory?

  How does Amazon's Simple AD differ from Microsoft's Active Directory, and what security issues should be considered before creating a Simple AD? Expert Dan Sullivan explains.  Continue Reading

• Is IBM Blue Box 'private cloud as a service' really private?

  Is the "private cloud as a service" from IBM Blue Box actually a private cloud, or just marketing hype? Expert Dan Sullivan explores.  Continue Reading

• Should open source virtualization software be avoided?

  Xen bugs have been popping up, creating concerns about the security of open source virtualization software. Expert Dan Sullivan explains why open source is not to blame for security pitfalls.  Continue Reading

• Which cloud security certifications should providers have?

  With numerous security standards and certifications available, evaluating a cloud provider can be tricky. Expert Dan Sullivan explains what to look for during evaluation.  Continue Reading

• What is the business case for the s2n TLS implementation?

  Amazon Web Services purports its s2n TLS protocol creation is simpler, easier to manage and more secure than standard TLS. Expert Dan Sullivan explains.  Continue Reading

• DoD cloud security guidelines: What can enterprises learn?

  Expert Dan Sullivan explains key takeaways from the Department of Defense's cloud security guidelines that enterprises can put into practice.  Continue Reading

• What security controls does Amazon Elastic File System offer?

  Expert Dan Sullivan outlines the security features offered with Amazon Elastic File System and explains why privilege controls are critical to Amazon workload security.  Continue Reading

• How can enterprises prevent shadow data leakage?

  The increased use of cloud applications has caused a parallel increase in shadow data loss. Expert Dan Sullivan explains how to prevent the risk.  Continue Reading

• Is Enterprise Box security strong enough for enterprises?

  The U.S. Department of Justice started using Enterprise Box for cloud-based data storage and collaboration. Should enterprises also consider this option? Expert Dan Sullivan explains.  Continue Reading

• Open Container Project: Does it improve container security?

  The Open Container Project is creating a standard container image format and runtime engine. Expert Dan Sullivan explains how it can improve container security.  Continue Reading

• Container security: Is CoreOS Rocket better than Docker?

  Expert Dan Sullivan takes a look at how CoreOS Rocket and Docker differ security-wise, and how to decide which to deploy in your enterprise.  Continue Reading

• Can AWS security features help HealthCare.gov security?

  Moving HealthCare.gov onto AWS helped the government improve the safety of the site. Expert Dan Sullivan explains which AWS security features were most beneficial.  Continue Reading

• How can we mitigate the risks of cloud database services?

  Before utilizing cloud database services, there are several security considerations to keep in mind and prepare for. Expert Dan Sullivan explains.  Continue Reading

• Cloud access security brokers: How should enterprises evaluate them?

  A proper evaluation of a cloud access security broker is critical to finding the best match for your enterprise's needs. Expert Dan Sullivan outlines key criteria to keep in mind during CASB assessment.  Continue Reading

• What security considerations should go into choosing an AWS database?

  Careful consideration must go into choosing the right AWS database for your enterprise. Expert Dan Sullivan discusses the options and security considerations to keep in mind during evaluation.  Continue Reading

• What are the benefits of enterprise cloud bridge usage?

  Is a cloud bridge right for your enterprise? Learn what a cloud bridge is and the benefits it can offer, as well as when you might consider using one in the workplace.  Continue Reading

• How do key aliases affect cloud encryption key management?

  Amazon Web Services added support for key aliases to help improve enterprise cloud encryption key management. Learn what key aliases are and the benefits they bring to the enterprise.  Continue Reading

• What are the security concerns of backup as a service?

  While backup as a service sounds like a great idea, there are several considerations to keep in mind prior to jumping in feet first. Expert Dan Sullivan explains.  Continue Reading

• Our AWS encryption keys were exposed accidentally -- now what?

  Exposing encryption keys is never a good thing, but knowing the steps to take after such an incident can help limit damage to an enterprise. Expert Dan Sullivan explains.  Continue Reading

• Is the Certified Cloud Security Professional certification worth pursuing?

  The Cloud Security Alliance and (ISC)2 recently introduced the Certified Cloud Security Professional certification, but is it a must-have? Expert Dan Sullivan explains.  Continue Reading

• How can AWS EC2 Container Service improve Docker security?

  Expert Dan Sullivan outlines the security issues associated with Docker and explains how the AWS EC2 Container Service can help resolve them.  Continue Reading

• Why would public cloud providers turn off customer cloud accounts?

  Public cloud providers reserve the right to shut off vulnerable cloud accounts, but how does it work? Expert Dan Sullivan explains.  Continue Reading

• Are PaaS database applications more secure than IaaS applications?

  Choosing between a platform as a service database and an infrastructure as a service database when it comes to large amounts of data can be challenging. Expert Dan Sullivan explains the security factors to keep in mind.  Continue Reading

• What can enterprises learn from the new EU cloud security framework?

  Expert Dan Sullivan outlines key takeaways enterprises should learn from the European Union's cloud security framework recommendations.  Continue Reading

• How does a cloud readiness assessment work?

  Expert Dan Sullivan explains the three main factors of a cloud readiness assessment and how it can help enterprises prepare for a cloud migration.  Continue Reading

• Is a hybrid DDoS defense strategy the best option for enterprises?

  Choosing between on-premises and cloud DDoS services can be challenging, so why not use both? Expert Dan Sullivan explains.  Continue Reading

• Cloud authentication: What's the best way to secure cloud credentials?

  Cloud credentials can create major vulnerabilities. Expert Dan Sullivan outlines how to detect compromised credentials and the best ways to prevent it.  Continue Reading

• What are the benefits of a 'bring your own key' encryption service?

  'Bring your own key' services let customers hold onto their encryption keys, but is it really more secure? Expert Dan Sullivan explains.  Continue Reading

• How does ISO/IEC 27018 affect cloud provider selection, PII privacy?

  Learn what the ISO/IEC 27018 standard is, what it means to PII privacy, and how it should affect cloud provider and product selection.  Continue Reading

• Is the Google Cloud Security Scanner enterprise grade?

  Learn how cloud security scanners compare to traditional vulnerability scanners and whether the Google Cloud Security Scanner is ready for enterprise use.  Continue Reading

• What advanced email security controls does AWS WorkMail offer?

  AWS WorkMail is set to compete with Microsoft Outlook, but how does it compare security-wise? Expert Dan Sullivan explains.  Continue Reading

• How do Xen hypervisor security updates affect the public cloud?

  Public cloud providers were forced to reboot their cloud instances to implement Xen hypervisor security updates. Learn what these updates mean for public cloud security.  Continue Reading

• How can hybrid app security risks be mitigated?

  Despite their appeal, hybrid cloud apps come with a number of security risks. Expert Dan Sullivan explains what the challenges are and how to prevent them.  Continue Reading

• AES-128 encryption key generation: Leave it to AWS or do it in-house?

  Organizations can opt to allow Amazon Elastic Transcoder to generate AES-128 encryption keys or do the job in-house -- which is more secure? Expert Dan Sullivan explains.  Continue Reading

• Traditional vs. cloud pen testing: What's the difference?

  Penetration testing in the cloud differs from on-premises testing. Expert Dan Sullivan discusses cloud pen testing and whether cloud providers or in-house security teams are best suited for the job.  Continue Reading

• What's the business case for Amazon's three AWS monitoring tools?

  CloudTrail, CloudWatch and AWS Config are three different tools from Amazon that help enterprises monitor AWS. Expert Dan Sullivan explains the differences between the three and when each should be used.  Continue Reading

• AWS security groups vs. traditional firewalls: What's the difference?

  AWS security groups provide network-based blocking mechanisms, much like traditional firewalls. Expert Dan Sullivan explains the differences between the two.  Continue Reading

• What are the security pros and cons of hybrid cloud storage?

  Interest in hybrid cloud data storage is growing, but is it safe? Expert Dan Sullivan outlines the risks and rewards for enterprises.  Continue Reading

• How can cloud access security brokers improve enterprise security?

  Cloud access security brokers can help enterprises enforce security policies in the cloud. Expert Dan Sullivan discusses the benefits.  Continue Reading

• What policies should be in a cloud infrastructure security program?

  Expert Dan Sullivan explains which policies and security controls enterprises should include in their cloud infrastructure security program to prevent cloud security compromises.  Continue Reading

• Can the Cloud Security Alliance help with comparing cloud providers?

  The Cloud Security Alliance published its Privacy Level Agreement for Europe v2 to help consumers compare cloud providers. Expert Dan Sullivan explains how it can help U.S. companies as well.  Continue Reading

• Can proprietary databases be securely migrated to the AWS cloud?

  When enterprises look to migrate a proprietary database to the AWS cloud, there are a number of security considerations to keep in mind. Expert Dan Sullivan explains.  Continue Reading

• Minimizing cloud computing threats in the enterprise

  In this expert response, Nick Lewis outlines the biggest cloud computing threats, and explains what can be done to mitigate those threats.  Continue Reading

• Cloud computing risks: Secure encryption key management on virtual machines

  As cloud computing grows in popularity, secure encryption key management becomes more vital. Michael Cobb explains the security risk affecting cloud computing and virtualized computing and why encryption key management policies need to be included ...  Continue Reading

• Is Identity Management as a Service (IDaaS) a good idea?

  Identity Management as a Service (IDaaS) is new on the managed security service provider scene, so how can you know which of these SaaS service providers to trust with your identity and management access tools? Find out in this expert response.  Continue Reading

• How secure is 'Platform as a Service (PaaS)?'

  There's no doubt that companies will want to leverage cloud computing and platform as a service, but expert Michael Cobb explains why enterprises should proceed with caution.  Continue Reading

• Will a platform-as-a-service (PaaS) environment put data at risk?

  Platform-as-a-service is the next step in the evolution of Web services. But is it secure? Security expert Michael Cobb sets the record straight?  Continue Reading