Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Review these 7 CASB vendors to best secure cloud access
CASB technology offers threat protection, increased visibility and policy enforcement. Explore how these seven vendors stack up and protect access to cloud applications. Continue Reading
CASB explained: Know its use cases before you buy
CASB tools help to secure cloud applications so only authorized users have access. Discover more about this rapidly evolving technology in a CASB explained tutorial. Continue Reading
Why it's SASE and zero trust, not SASE vs. zero trust
SASE and zero trust are hot infosec topics. But, when it comes to adoption, it's not a question of either/or, but using SASE to establish and enable zero-trust network access. Continue Reading
-
How cloud-based SIEM tools benefit SOC teams
It's time for SIEM to enter the cloud age. Learn about the cloud-based SIEM features that can help SOC teams gain a holistic view of their organization's cloud infrastructure. Continue Reading
Choosing between proxy vs. API CASB deployment modes
Curious how to choose the right CASB deployment mode for your organization? Before you buy, compare how proxy vs. API CASB architectures work to secure SaaS applications. Continue Reading
How to use the Mitre ATT&CK framework for cloud security
Learn how to use the Mitre ATT&CK security framework to keep your enterprise cloud environment -- whether AWS, GCP, Azure, Azure AD or Microsoft 365 -- secure.Continue Reading
How enterprise cloud VPN protects complex IT environments
Do you know how enterprise cloud VPN differs from a traditional VPN? Explore how cloud VPN works and whether it's the right option for your hybrid IT environment.Continue Reading
CASB, CSPM, CWPP emerge as future of cloud security
Complexity has introduced new needs and challenges when securing cloud environments. Find out how CASB, CSPM and CWPP tools have evolved to meet the changing cloud landscape.Continue Reading
An inside look at the CCSP cloud security cert
Get insights into the Certified Cloud Security Professional cert, cloud infrastructure and platform benefits and risks, and more from the author of a CCSP exam guide.Continue Reading
How cloud security posture management protects multi-cloud
Improve control plane security at your organization by integrating a cloud security posture management tool into your existing multi-cloud strategy.Continue Reading
-
Infrastructure as code's security risks and rewards
Infrastructure as code can yield some exciting security benefits for enterprises, but they each come with drawbacks. Learn more about the most critical IaC security impacts.Continue Reading
The importance of security, data encryption for cloud
As more companies migrate to the cloud, they need to also invest in cybersecurity for their cloud computing, such as through better encryption and authentication tools.Continue Reading
Cloud workload protection platform security benefits, features
VMs and cloud environments make the task of protecting workloads more difficult than ever. Can a cloud workload protection platform help your organization solve the problem?Continue Reading
Privacy-preserving machine learning assuages infosec fears
Implementing privacy-preserving machine learning controls, such as federated learning and homomorphic encryption, can address top cloud security and privacy concerns. Learn how.Continue Reading
Istio service mesh security benefits microservices, developers
Learn more about Istio service mesh security features and how the open source technology can enable developers to better run, control and secure a distributed microservices architecture.Continue Reading
Benefits of open source container vulnerability scanning
Containers have revolutionized app development but pose many security challenges. Uncover how container vulnerability scanning can help and why to consider open source tools.Continue Reading
Top 6 cloud security analytics use cases
Security analytics use cases vary from fraud detection to threat intelligence analysis. Learn how deploying this technology in the cloud can improve enterprise infosec programs.Continue Reading
CCSK cert guide author's insights into cloud security credential
The author of a Certificate of Cloud Security Knowledge exam guide offers insights into certifications, top considerations for those pursuing the CCSK and more.Continue Reading
Comparing single cloud vs. multi-cloud security challenges
A multi-cloud environment is not inherently more secure than a single cloud. Learn how to choose between single cloud vs. multi-cloud for your organization from a security perspective.Continue Reading
SASE identity policies enhance security and access control
Will the Secure Access Service Edge model be the next big thing in network security? Learn how SASE's expanded definition of identity is fundamental to this emerging access model.Continue Reading
Benefits of cloud data discovery tools and services multiply
With multi-cloud and privacy regulations becoming the new normal, infosec teams need data discovery tools and services to keep up. Learn more about available cloud options.Continue Reading
Lyft's open source asset tracking tool simplifies security
Security teams need information and context about data in order to keep it safe. Learn how Cartography, Lyft's open source asset tracking tool, creates highly comprehensive maps.Continue Reading
McAfee launches security tool Mvision Cloud for Containers
Cloud security posture management, container images vulnerability scanning and DevOps integration are among features included in McAfee Mvision Cloud for Containers.Continue Reading
How to evaluate CASB tools for multi-cloud deployments
When it comes to evaluating CASB tools, it's essential to be an informed customer. Identify your organization's usage and security goals to get the context you need before you buy.Continue Reading
Benefits of using Azure Security Center for security assessments
Author Yuri Diogenes discusses how Azure Security Center helps admins achieve full cloud visibility, conduct security assessments and prevent potential breaches.Continue Reading
How container adoption affects container security
Scalability and efficiency make container adoption an attractive option for enterprises today. Learn how containerization has evolved and grown since the release of Docker 1.0 five years ago.Continue Reading
5 cloud storage privacy questions to ask potential providers
Data confidentiality in cloud computing is a major enterprise concern, yet providers are often lacking in their details. Here are the questions to ask before adopting a service.Continue Reading
Defining and evaluating SOC as a service
As cloud use increases, many enterprises outsource some security operations center functions. Evaluate if SOCaaS is the best model for your enterprise.Continue Reading
How security teams benefit from traffic mirroring in the cloud
Enterprises with the resources to deploy traffic mirroring are gaining security benefits. Frank Siemons explains how traffic mirroring has adapted to new and evolving cyber-risks.Continue Reading
What are the best criteria to use to evaluate cloud service providers?
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and third-party assessments.Continue Reading
Why CASB tools are crucial to your cloud security
CASB tools have gained traction as cloud security becomes more important. Among other features, a cloud security access broker helps companies pinpoint shadow IT.Continue Reading
Complexity requires new cloud-based patch management strategies
Patch management for cloud creates new challenges than traditional in-house programs. Expert Dave Shackleford presents patch management best practices for providers and consumers alike.Continue Reading
4 necessary steps to evaluate public cloud security
The Capital One hack raised questions about public cloud security. Take these four steps to ensure your data is protected.Continue Reading
What do the top cloud security providers offer in 2019?
Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which one is right for you.Continue Reading
Why centralization in a multi-cloud security strategy is key
When moving to a multi-cloud infrastructure, there are a few strategies to keep in mind. Learn how centralization will limit the challenges of fragmented security access and monitor controls.Continue Reading
The problems with cloud-based email security
Cloud-based email security can be challenging for enterprises to achieve. Learn what makes it a challenge and how to secure email in the cloud from expert Dave Shackleford.Continue Reading
How unsecured Firebase databases put critical data at risk
Unsecured Google Firebase databases are similar to misconfigured AWS S3 buckets, but there are key differences. Expert Rob Shapland discusses the risks of unsecured cloud databases.Continue Reading
The pros and cons of proxy-based security in the cloud
Is proxy-based security in the cloud right for you? Expert Ed Moyle looks at the benefits and drawbacks of using proxies for Office 365 and other cloud platforms.Continue Reading
How to apply cloud security controls in the network
Implementing cloud security controls in the network requires a careful balance between protecting points of connectivity while still making it easy for users to access services.Continue Reading
How hackers use Docker APIs for cryptojacking
Remote access puts Docker APIs in a vulnerable position. Expert Dave Shackleford explains how hackers abuse Docker APIs to carry out cryptojacking attacks.Continue Reading
What's different about Google Asylo for confidential computing?
The Google Asylo framework is an open source alternative for confidential computing. Expert Rob Shapland explains how it works and how it's different from other offerings.Continue Reading
How the Microsoft Authenticator app integrates with Azure AD
Microsoft expanded the Microsoft Authenticator app to integrate with tens of thousands of Azure AD apps. Expert Dave Shackleford explains how this tool is improving security.Continue Reading
What Microsoft's InPrivate Desktop feature could mean for enterprises
Microsoft's secretive, potential new feature InPrivate Desktop could give security teams access to disposable sandboxes. Expert Ed Moyle explains how the feature could work.Continue Reading
How do SLAs factor into cloud risk management?
While you may not have much control over the infrastructure used by cloud service providers, you’re not completely at their mercy when it comes to cloud risk management.Continue Reading
Cloud browsers: The security benefits of anonymity in the cloud
Cloud browsers can provide a level of security for users seeking anonymity in the cloud. Expert Frank Siemons of the Infosec Institute explains the benefits of cloud browsers.Continue Reading
Consider international cloud security standards, legal reqs
Whether you're accessing (or operating) the cloud from Miami, Milan or Mumbai, you need to ensure those services meet regional cloud security standards and legal requirements.Continue Reading
How to fight cloud security threats effectively
Read this expert guide to discover which current tools, techniques, policies and principles best keep corporate cloud infrastructure, data and software most secure.Continue Reading
A look at the new Google cloud security tools and features
Google cloud security has been bolstered by new GCP tools and capabilities. Learn more about Google's improved cloud security features from expert Dave Shackleford.Continue Reading
SaaS platform security: The challenges of cloud network security
Organizations have the necessary tools to protect data stored and processed in IaaS platforms. Learn why SaaS platform security remains a challenge from expert Rob Shapland.Continue Reading
Secure development lifecycle in the cloud: Trust but verify
Cloud providers may advertise their apps as secure, but it’s up to enterprises to validate those claims and confirm adherence to a secure development lifecycle.Continue Reading
Anonymity tools: Why the cloud might be the best option
The cloud might be the best of the available anonymity tools. Expert Frank Siemons explains the other options for anonymity for security and why the cloud is the best for privacy.Continue Reading
Harden cloud apps with a secure software development lifecycle
Wouldn't it be nice if every application were 100% cloud-ready? Unfortunately, that's often not the case, which can lead to security risks down the line if not properly addressed.Continue Reading
Is Docker's Kubernetes implementation good for security?
Docker's Kubernetes implementation provides enterprises with container orchestration options. Expert Rob Shapland discusses what this move means for cloud security.Continue Reading
Active cyber deception: Can it improve cloud security?
Fidelis Cybersecurity introduced a cloud security platform with active cyber deception features. Expert Dave Shackleford discusses how active deception techniques can work in the cloud.Continue Reading
Cloud endpoint security: Balance the risks with the rewards
While cloud endpoint security products, such as antivirus software, provide users with many benefits, the cloud connection also introduces risks. Expert Frank Siemons explains.Continue Reading
Are AWS certificate authority services trustworthy?
AWS now operates as its own CA. What are the potential risks of the new AWS certificate authority services? Expert Dave Shackleford outlines the pros and cons of this new setup.Continue Reading
Considering cloud threat intelligence and detection services
Cloud threat intelligence and detection services can provide better security for enterprises. Expert Dave Shackleford discusses some offerings from the major cloud providers.Continue Reading
How TLS mutual authentication for cloud APIs bolsters security
Secure access to cloud APIs is necessary but challenging. One viable option to combat that is TLS mutual authentication, according to expert Ed Moyle.Continue Reading
The security concerns of cloud cryptomining services
Cloud cryptomining as a service is a security risk to users. Expert Frank Siemons discusses cloud mining service providers and what to look out for if you use one.Continue Reading
How Amazon GuardDuty could bolster enterprise cloud security
The new Amazon GuardDuty aims to secure enterprise AWS accounts and workloads, but does it? Expert Ed Moyle takes a closer look at the tool and whether it's effective.Continue Reading
What the Azure AD Connect vulnerability can teach enterprises
Enterprises should learn from a Microsoft Azure AD Connect vulnerability that security requires a hands-on approach. Expert Rob Shapland takes a closer look at the permissions flaw.Continue Reading
How the Meltdown vulnerability affects cloud services
The Meltdown vulnerability has far-reaching implications, including with cloud providers. Expert Dave Shackleford looks at the Meltdown CPU flaw and what it means for the cloud.Continue Reading
How cloud access security brokers have evolved
Cloud access security brokers keep being acquired by bigger security companies. Expert Rob Shapland looks at how these acquisitions have changed the CASB industry.Continue Reading
Top five cloud security applications for infosec pros
The top five cloud security applications for infosec pros cover a wide range of security issues. Expert Frank Siemons outlines the security reasons to use cloud services.Continue Reading
The 12 biggest cloud security threats, according to the CSA
The Cloud Security Alliance reported what it found to be the biggest cloud security threats. Expert Rob Shapland looks at how cloud risks compare to on-premises risks.Continue Reading
How Microsoft uses secure enclaves to improve cloud security
The use of secure enclaves in the Microsoft Azure confidential computing update aims to improve cloud storage security. Expert Rob Shapland explains how it works.Continue Reading
Is cloud microsegmentation secure enough for enterprise use?
The use of cloud microsegmentation in enterprises has been met with some hesitation. Expert Dave Shackleford discusses why there are reservations and what the benefits are.Continue Reading
The Cloud Security Ecosystem
In this excerpt from chapter seven of The Cloud Security Ecosystem, authors Ryan Ko and Kim-Kwang Raymond Choo discuss protecting digital identity in the cloud.Continue Reading
Why web application attacks are a growing threat to the cloud
New research found that web application attacks present a significant threat to cloud environments. Rob Shapland explains the risks and what enterprises should do about them.Continue Reading
Understanding VM escape vulnerabilities and how to avoid them
In the last couple of years, VM escape vulnerabilities have popped up and caused problems for enterprises that rely on the cloud. Expert Ed Moyle explains how to handle these issues.Continue Reading
How Microsoft SRD uses AI to help developers with security
Microsoft SRD is a new cloud service that aims to detect vulnerabilities in software using artificial intelligence. Expert Dave Shackleford explains what that means.Continue Reading
What security risks does rapid elasticity bring to the cloud?
Enterprises can benefit from cloud features such as rapid elasticity and measured services, but they bring new security risks with them. Expert Matthew Pascucci explains.Continue Reading
How to keep an Amazon S3 bucket from becoming public
A public-facing Amazon S3 bucket caused problems for major organizations, including Booz Allen Hamilton. Expert Rob Shapland explains what happened and how to prevent it.Continue Reading
Why the use of blockchain in the cloud is growing quickly
Blockchain cloud services may offer organizations the ability to shift away from traditional cryptography models. Expert Dave Shackleford discusses what options are available.Continue Reading
How to use a cloud-based sandbox to analyze malware
A cloud-based sandbox can be a helpful tool for enterprises looking to bolster their intrusion prevention systems. Expert Rob Shapland explains how to leverage this technology.Continue Reading
How DevOps tools can be used to integrate cloud automation
DevOps tools can be used to deploy secure cloud automation. Expert Dave Shackleford looks at how this works and which tools are the best bet for DevSecOps.Continue Reading
How can enterprises use SOC 2 reports to evaluate cloud providers?
Enterprises can use SOC 2 reports to evaluate cloud service providers. Expert Matthew Pascucci discusses the effectiveness of doing so, and what else companies can use.Continue Reading
Google Cloud KMS: What are the security benefits?
Google Cloud KMS is a new encryption key management service available for Google customers. Expert Matthew Pascucci discusses how this service works and its security benefits.Continue Reading
How AWS Artifact tackles regulatory compliance for enterprises
A new service called AWS Artifact aims to help enterprises simplify regulatory compliance. Expert Rob Shapland discusses the potential security benefits of Artifact.Continue Reading
Microsoft Azure Security Center: Successful or stagnated?
Now that Microsoft's Azure Security Center has been out and in use for a while, expert Ed Moyle takes a look at how successful it is and where it's headed in enterprise use.Continue Reading
How to strategically implement CASBs in the enterprise
CASBs can offer help for enterprises that leverage cloud services. Expert Ajay Kumar examines the use cases, functions and architectures of cloud access security brokers.Continue Reading
How can AWS Organizations help secure cloud accounts?
A new tool called AWS Organizations aims to make cloud account management more secure. Expert Matthew Pascucci explains how the tool works and how it compares to AWS IAM.Continue Reading
How cloud endpoint protection products benefit enterprises
Cloud endpoint protection products are outpacing standard endpoint protections. Expert Frank Siemons discusses the evolution of these products and how they benefit enterprises.Continue Reading
How Microsoft's Secure Data Exchange bolsters cloud data security
Microsoft's new service, Secure Data Exchange, can help protect cloud data while in transit and at rest. Expert Rob Shapland looks at the service and how it works for enterprises.Continue Reading
Project Springfield: How does Microsoft's fuzzing as a service work?
Microsoft's fuzzing as a service cloud initiative, called Project Springfield, can make a significant difference to software security. Expert Matthew Pascucci explains.Continue Reading
How should organizations vet a cloud collaboration app?
A cloud collaboration app can be a useful tool for enterprises, but they should be thoroughly vetted before use. Expert Matthew Pascucci discusses what security features to review.Continue Reading
A look at the shared responsibility model of cloud providers
Many cloud providers now offer a shared responsibility model for their customers. Expert Dave Shackleford looks at the major providers' models and what they might be missing.Continue Reading
How bring your own encryption in the cloud works for enterprises
Bring your own encryption offerings for the cloud are more common now. Expert Ed Moyle discusses the benefits and drawback of BYOE and what to know before implementation.Continue Reading
Cloud DDoS protection: What enterprises need to know
DDoS attacks are a continuing problem, and enterprises should consider using cloud DDoS protection services. Expert Frank Siemons discusses the cloud options.Continue Reading
What to know about SIEM as a service before deployment
There's been increased interest in SIEM as a service and enterprises need to get to know the model before using it. Expert Frank Siemons explains what's different about it.Continue Reading
Lessons learned from the Microsoft Office 365 SAML 2.0 flaw
The Microsoft Office 365 SAML flaw that allowed attackers to bypass authentication was resolved quickly, but offers enterprises some important lessons. Expert Ed Moyle discusses.Continue Reading
How a cloud-based HSM can boost enterprise security with enough effort
There are both security benefits and risks to using a cloud-based HSM in an enterprise. Expert Dave Shackelford discusses the arguments for and against cloud HSMs.Continue Reading
Picking the best CASB for your enterprise
Cloud access security brokers, or CASBs, are either in-house network gateways or security-as-a-service cloud offerings that inspect network traffic destined for the cloud. This guide equips security pros with the knowledge they need to buy the best ...Continue Reading
Why the DROWN vulnerability requires constant vigilance
The DROWN vulnerability affected hundreds of SaaS applications, and they're not all completely fixed yet. Expert Ed Moyle discusses the SSLv2 vulnerability and how to manage it.Continue Reading
Cloud data classification services: How they benefit organizations
Data classification services from CSPs are important for organizations strengthening their cloud security posture. Expert Dave Shackleford explains the perks of these services.Continue Reading
Using the shared responsibility model to secure your cloud environment
The shared responsibility model for cloud services puts different sets of security duties on vendors and customers. Learn what to expect when moving services to the cloud.Continue Reading
A look at the cloud migration challenges enterprises could face
One of the most common problems facing organizations is dealing with many cloud migration challenges. Expert Dave Shackleford discusses the challenges and how to deal with them.Continue Reading
How to make sanitizing data in the cloud easier for organizations
Data sanitization is often required for compliance, but many organizations struggle with it in the cloud. Expert Frank Siemons discusses why and how to make it easier.Continue Reading
The security risks of URL-shortening services for enterprises
URL-shortening services have become a security threat to organizations. Expert Dave Shackleford explains why and how to mitigate the risks of shortened URLs.Continue Reading
How cloud WAF implementations can improve application security
Having to secure applications that are not locally hosted is possible with a cloud WAF. Expert Matt Pascucci explains how they work, and what enterprises need to understand.Continue Reading