Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
How to make sanitizing data in the cloud easier for organizations
Data sanitization is often required for compliance, but many organizations struggle with it in the cloud. Expert Frank Siemons discusses why and how to make it easier. Continue Reading
The security risks of URL-shortening services for enterprises
URL-shortening services have become a security threat to organizations. Expert Dave Shackleford explains why and how to mitigate the risks of shortened URLs. Continue Reading
How cloud WAF implementations can improve application security
Having to secure applications that are not locally hosted is possible with a cloud WAF. Expert Matt Pascucci explains how they work, and what enterprises need to understand. Continue Reading
-
Cloud API security: How to interface with DevOps
Security professionals need to get acquainted with cloud API security options available to development and operation teams regardless of the services they use. Continue Reading
Cloud pen testing: What testers need to consider
Before starting cloud penetration testing, there a few things to keep in mind. Expert Frank Siemons discusses limitations and techniques for pen testing cloud platforms. Continue Reading
Why cloud onboarding requires an enterprise security plan
Cloud onboarding shouldn't require sacrificing security. Expert Ed Moyle explains how enterprises can implement a plan to keep their organizations safe.Continue Reading
How does Docker's hardware signing work?
Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan goes over these new features.Continue Reading
Can Contiv automate policies for container platforms?
Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of this open source tool.Continue Reading
OneOps: The value of cloud application lifecycle management
The OneOps cloud application lifecycle management tool helps organizations regain control of cloud deployments and prevent vendor lock-in. Expert Rob Shapland explains how.Continue Reading
How machine learning in the cloud can help enterprise security
There's a growing trend of machine learning in the cloud and security should take advantage of it. Expert Dave Shackleford discusses machine learning and its benefits to security.Continue Reading
-
How does AWS Directory Service offer security benefits?
AWS has begun providing Active Directory management in the cloud. Expert Dan Sullivan explains this new Amazon service and what it means for users.Continue Reading
Cloud identity management: Deciding on the right approach
Cloud identity management can offer a lot of security benefits, but enterprises need to answer some questions before deployment. Expert Ed Moyle offers advice on what to ask.Continue Reading
Cloud DLP: Can gateways rise to the challenge?
Cloud access security brokers are quickly emerging as the technology of choice for enterprises seeking to implement data loss prevention controls in the cloud.Continue Reading
Distinguishing types of cloud services and their security risks
The different type of cloud services -- public, private and hybrid -- all provide different security for enterprises. Here's an explanation of each kind and their security pros and cons.Continue Reading
Three perspectives on cloud identity and access management
Identity access management (IAM) systems work to help keep security high by initiating, capturing, recording and managing user identities and access permissions. Cloud identity and access management systems can simplify these complex tasks, but ...Continue Reading
Can virtual machine introspection improve cloud security?
What is virtual machine introspection, and can it help improve cloud security? Expert Dan Sullivan explains techniques behind VM introspection and how it can boost security in the cloud.Continue Reading
Is AWS WAF worth considering for enterprise cloud?
The new Amazon WAF offers firewall features for the cloud. Expert Dan Sullivan explains how Amazon WAF can be integrated in the enterprise cloud.Continue Reading
What does Amazon Inspector do for cloud security?
Expert Dan Sullivan explains what benefits Amazon Web Services' new Amazon Inspector service offers in terms of assessing cloud security.Continue Reading
How the Lucky 13 attack affects Amazon s2n security
Amazon's s2n was targeted by the Lucky 13 attack and the discovery unnerved the security community. Expert Dave Shackleford discusses open source SSL/TLS risks like the s2n flaw.Continue Reading
How can vaultless tokenization protect data in the cloud?
How do vaultless tokenization and standard tokenization differ, and what is the best way to use them for securing cloud data? Expert Dan Sullivan offers guidance and use cases.Continue Reading
How do new AWS APIs simulate IAM policies for cloud security?
The newly released AWS APIs simulate IAM policies for security testing. Expert Dan Sullivan explains how to make the most of these APIs.Continue Reading
What does Docker Content Trust mean for container security?
Docker Content Trust offers improved container security through code signing. Expert Dan Sullivan explains why this matters for enterprise cloud users.Continue Reading
Inside the new Microsoft Azure security features
There are two new Microsoft Azure security features. Expert Rob Shapland breaks down how they aim to boost cloud security for enterprises.Continue Reading
Can Azure Container Service boost enterprise security?
Microsoft's new container service for Azure makes use of the Apache Mesos platform. Expert Dan Sullivan explains why this matters for enterprise security.Continue Reading
Readers' top picks for cloud security products
What companies and cloud security products do organizations consider when they see to reduce their cloud vulnerabilities?Continue Reading
How Azure Security Center boosts Microsoft cloud security
Azure Security Center looks to enhance Microsoft's cloud platform by improving visibility and control. Expert Dave Shackleford outlines the features intended to do that.Continue Reading
Is Amazon Aurora's security strong enough for enterprises?
Without encryption for data at rest, is encrypting data in transit with Amazon Aurora enough, or is it worth waiting for AWS Key Management System integration?Continue Reading
Is IBM Blue Box 'private cloud as a service' really private?
Is the "private cloud as a service" from IBM Blue Box actually a private cloud, or just marketing hype? Expert Dan Sullivan explores.Continue Reading
How the cloud access security broker space is evolving
The cloud access security broker space is accelerating at a fast clip, but expert Rob Shapland explains some obstacles for enterprises to consider before selecting a CASB platform.Continue Reading
What is the business case for the s2n TLS implementation?
Amazon Web Services purports its s2n TLS protocol creation is simpler, easier to manage and more secure than standard TLS. Expert Dan Sullivan explains.Continue Reading
What security controls does Amazon Elastic File System offer?
Expert Dan Sullivan outlines the security features offered with Amazon Elastic File System and explains why privilege controls are critical to Amazon workload security.Continue Reading
A look at Microsoft Azure security features for enterprises
Boosted Microsoft Azure security could give it a competitive edge in the cloud market. Here are the security features enterprises can take advantage of.Continue Reading
Is Enterprise Box security strong enough for enterprises?
The U.S. Department of Justice started using Enterprise Box for cloud-based data storage and collaboration. Should enterprises also consider this option? Expert Dan Sullivan explains.Continue Reading
Who does what in cloud data compliance?
Higher learning: The University of Notre Dame's IT director looks at the shared responsibility model for compliance in the cloud.Continue Reading
Who does what? Uncover the key to cloud security compliance
SaaS vendors bear more of a compliance burden for cloud security. Enterprise responsibilities for services hosted in IaaS are little changed, however.Continue Reading
How can we mitigate the risks of cloud database services?
Before utilizing cloud database services, there are several security considerations to keep in mind and prepare for. Expert Dan Sullivan explains.Continue Reading
Regaining control of cloud compliance
As assets are moved to the cloud, organizations must take steps to ensure that cloud compliance requirements are upheld by third-party vendors. This is a major undertaking that requires knowledge of federal, state and international law; changing ...Continue Reading
Cloud access security brokers: How should enterprises evaluate them?
A proper evaluation of a cloud access security broker is critical to finding the best match for your enterprise's needs. Expert Dan Sullivan outlines key criteria to keep in mind during CASB assessment.Continue Reading
What security considerations should go into choosing an AWS database?
Careful consideration must go into choosing the right AWS database for your enterprise. Expert Dan Sullivan discusses the options and security considerations to keep in mind during evaluation.Continue Reading
Why the security industry needs a standardized framework for CASBs
The growth of CASBs has prompted the CSA and CipherCloud to team up to form the Cloud Security Open API Working Group. Expert Dave Shackleford explains the purpose and benefits of the group.Continue Reading
What are the benefits of enterprise cloud bridge usage?
Is a cloud bridge right for your enterprise? Learn what a cloud bridge is and the benefits it can offer, as well as when you might consider using one in the workplace.Continue Reading
How to best employ cloud-based security services
The cloud-based security services market is booming, as enterprises adopt email, Web security, and identity and access management SaaS. How can CISOs best combine cloud-based security controls with on-premises security programs? This Beyond the Page...Continue Reading
CIOs no longer up in the air on hybrid cloud security concerns
David Strom outlines six information security strategies that CIOs have adopted as their organizations migrate toward hybrid clouds.Continue Reading
How hard is it to implement SSO with Microsoft Azure AD?
David Strom tells you how to use Azure Active Directory and Azure Multifactor Authentication for hybrid cloud management.Continue Reading
Five ways CIOs tackle hybrid cloud security
The traditional moat model is disappearing as companies embrace hybrid cloud strategies from microsegmentation to perimeter controls.Continue Reading
Finding the right balance in hybrid cloud security issues
The growing complexity of hybrid cloud security issues has many CIOs working to update their controls, particularly with cloud resources, which offer less visibility.Continue Reading
Five ways CIOs build hybrid cloud security
As CIOs adopt hybrid cloud strategies, some quickly learn that force-fitting traditional security methods to public and private clouds, or some combination, doesn't work. Whether it's migrating non-sensitive workloads to off-site data centers or ...Continue Reading
How do key aliases affect cloud encryption key management?
Amazon Web Services added support for key aliases to help improve enterprise cloud encryption key management. Learn what key aliases are and the benefits they bring to the enterprise.Continue Reading
Authentication in the cloud: Are more open standards the answer?
Using passwords to authenticate users has a long and troubled past. Expert Rob Shapland explains how open standards such as FIDO, SAML and OpenID can help solve the woes surrounding user authentication in the cloud.Continue Reading
What are the security concerns of backup as a service?
While backup as a service sounds like a great idea, there are several considerations to keep in mind prior to jumping in feet first. Expert Dan Sullivan explains.Continue Reading
Why financial organizations need a strong cloud security strategy
A cloud security strategy is critical for financial organizations, but many in the industry are dragging their feet. Expert Dave Shackleford explains why.Continue Reading
How enterprises can protect against weak cloud passwords
Weak passwords are a common threat to enterprises relying on cloud services. Expert Dejan Lukan reviews some password best practices.Continue Reading
Is the Certified Cloud Security Professional certification worth pursuing?
The Cloud Security Alliance and (ISC)2 recently introduced the Certified Cloud Security Professional certification, but is it a must-have? Expert Dan Sullivan explains.Continue Reading
Three steps to finding the ideal cloud data archiving services
While cloud data archiving services can be highly beneficial, careful consideration must be taken to find the service that best suits an enterprise's needs. Expert Ed Moyle outlines three steps to find your ideal cloud data archiving service.Continue Reading
How can AWS EC2 Container Service improve Docker security?
Expert Dan Sullivan outlines the security issues associated with Docker and explains how the AWS EC2 Container Service can help resolve them.Continue Reading
Lack of secure APIs can create IaaS risks
IaaS data security risks are a persistent problem for enterprises moving to the cloud, but there are specific issues to keep an eye on.Continue Reading
Why would public cloud providers turn off customer cloud accounts?
Public cloud providers reserve the right to shut off vulnerable cloud accounts, but how does it work? Expert Dan Sullivan explains.Continue Reading
Are PaaS database applications more secure than IaaS applications?
Choosing between a platform as a service database and an infrastructure as a service database when it comes to large amounts of data can be challenging. Expert Dan Sullivan explains the security factors to keep in mind.Continue Reading
The benefits of remote debugging techniques in the cloud
Sharpening debugging techniques can help IT professionals who need to remotely debug a system and can be useful across many different areas of technology.Continue Reading
What can enterprises learn from the new EU cloud security framework?
Expert Dan Sullivan outlines key takeaways enterprises should learn from the European Union's cloud security framework recommendations.Continue Reading
How does Google Cloud Platform affect merchant PCI compliance?
Google announced its Google Cloud Platform is PCI-compliant -- but what does this mean for merchants? Expert Ed Moyle explains.Continue Reading
Is a hybrid DDoS defense strategy the best option for enterprises?
Choosing between on-premises and cloud DDoS services can be challenging, so why not use both? Expert Dan Sullivan explains.Continue Reading
Why enterprises need data encryption in the cloud
There are many risks associated with data sharing across devices and services, which is why using data encryption in the cloud is so important.Continue Reading
Cloud authentication: What's the best way to secure cloud credentials?
Cloud credentials can create major vulnerabilities. Expert Dan Sullivan outlines how to detect compromised credentials and the best ways to prevent it.Continue Reading
What are the benefits of a 'bring your own key' encryption service?
'Bring your own key' services let customers hold onto their encryption keys, but is it really more secure? Expert Dan Sullivan explains.Continue Reading
How does ISO/IEC 27018 affect cloud provider selection, PII privacy?
Learn what the ISO/IEC 27018 standard is, what it means to PII privacy, and how it should affect cloud provider and product selection.Continue Reading
Which cloud malware analysis tools suit you best?
Deciding on cloud malware analysis tools can be a confusing process for organizations. Here's how to know which one is right for your business.Continue Reading
Is the Google Cloud Security Scanner enterprise grade?
Learn how cloud security scanners compare to traditional vulnerability scanners and whether the Google Cloud Security Scanner is ready for enterprise use.Continue Reading
What advanced email security controls does AWS WorkMail offer?
AWS WorkMail is set to compete with Microsoft Outlook, but how does it compare security-wise? Expert Dan Sullivan explains.Continue Reading
Comparing third-party vs. cloud providers' Web security scanners
Google Cloud Platform has its own Web application security scanner, but are in-house scanners better than third-party scanners? Expert Dave Shackleford examines.Continue Reading
How do Xen hypervisor security updates affect the public cloud?
Public cloud providers were forced to reboot their cloud instances to implement Xen hypervisor security updates. Learn what these updates mean for public cloud security.Continue Reading
Shadow cloud problem growing, SkyHigh Networks says
Kamal Shah of SkyHigh Networks talks with SearchSecurity about the rapid adoption of shadow cloud apps and services in the enterprise.Continue Reading
The benefits of cloud-based automated malware analysis tools
Cloud-based automated malware analysis tools are growing in importance to enterprises. Here is a look at the different types of tools and their benefits.Continue Reading
Private cloud sprawl: How cloud consolidation can improve security
Vast private cloud infrastructure can be detrimental to an organization. Expert Ed Moyle looks at how and when to consider cloud consolidation to reduce cloud creep.Continue Reading
AES-128 encryption key generation: Leave it to AWS or do it in-house?
Organizations can opt to allow Amazon Elastic Transcoder to generate AES-128 encryption keys or do the job in-house -- which is more secure? Expert Dan Sullivan explains.Continue Reading
Traditional vs. cloud pen testing: What's the difference?
Penetration testing in the cloud differs from on-premises testing. Expert Dan Sullivan discusses cloud pen testing and whether cloud providers or in-house security teams are best suited for the job.Continue Reading
What's the business case for Amazon's three AWS monitoring tools?
CloudTrail, CloudWatch and AWS Config are three different tools from Amazon that help enterprises monitor AWS. Expert Dan Sullivan explains the differences between the three and when each should be used.Continue Reading
AWS security groups vs. traditional firewalls: What's the difference?
AWS security groups provide network-based blocking mechanisms, much like traditional firewalls. Expert Dan Sullivan explains the differences between the two.Continue Reading
What are the security pros and cons of hybrid cloud storage?
Interest in hybrid cloud data storage is growing, but is it safe? Expert Dan Sullivan outlines the risks and rewards for enterprises.Continue Reading
How can cloud access security brokers improve enterprise security?
Cloud access security brokers can help enterprises enforce security policies in the cloud. Expert Dan Sullivan discusses the benefits.Continue Reading
Using NIST 800-125-A to understand hypervisor security threats
Expert Paul Henry discusses how the draft NIST Special Publication 800-125-A can help enterprises better understand the threat landscape in a virtual realm.Continue Reading
Can the Cloud Security Alliance help with comparing cloud providers?
The Cloud Security Alliance published its Privacy Level Agreement for Europe v2 to help consumers compare cloud providers. Expert Dan Sullivan explains how it can help U.S. companies as well.Continue Reading
Negotiating SLA requirements to ensure cloud regulatory compliance
Outlining your enterprise regulatory compliance reporting needs and establishing these needs with cloud providers during SLA negotiations is critical. Ed Moyle outlines steps to help organizations get started.Continue Reading
Can proprietary databases be securely migrated to the AWS cloud?
When enterprises look to migrate a proprietary database to the AWS cloud, there are a number of security considerations to keep in mind. Expert Dan Sullivan explains.Continue Reading
How AWS Key Management Service bolsters cloud security
The AWS Key Management Service is a good tool for cloud encryption key management. Expert Dave Shackleford examines AWS KMS and its benefits to enterprises.Continue Reading
How to use AWS to meet compliance standards' requirements
Looking to make compliance an easier task? Expert Steven Weil explains how to use AWS to help meet compliance standards' requirements.Continue Reading
Using a software-defined perimeter to create an air-gapped network
The Cloud Security Alliance's software-defined perimeter protocol can help enterprises achieve dynamic air-gapped networks. Expert Ed Moyle discusses how SDP works and the benefits it can provide.Continue Reading
How AWS PCI compliance affects enterprise PCI compliance
Before deploying an AWS infrastructure, it is critical to understand how it will affect enterprise PCI compliance. Expert Rob Shapland discusses key factors to consider.Continue Reading
How to achieve better cloud security for your enterprise
Better security in the cloud is possible. Learn what national standards and the CSA can do, what they cannot and how to plug the security gap.Continue Reading
Cloud security certifications: How important are they?
More and more certifications are being created around cloud security. Expert Sean Martin looks at some of the more prominent certifications and examines their value.Continue Reading
The importance of public cloud encryption for enterprise data storage
Cloud storage providers have beefed up their encryption offerings, but are they enough? Expert Dave Shackleford explains the importance of public cloud encryption.Continue Reading
Understanding the cloud security threat modeling process
The threat modeling process for cloud security is multifaceted. Expert Ravila Helen White breaks it down into a few key aspects.Continue Reading
Is iCloud authentication secure enough for enterprises?
ICloud authentication was called into question after the hack of celebrity photos, so is it secure enough for enterprises? Expert Dave Shackleford explains.Continue Reading
An introduction to Docker and its effect on enterprise cloud security
Docker provides improvements for application virtualization, but what does it mean for security? Expert Ed Moyle offers an intro to Docker and what it will mean for enterprise and cloud security.Continue Reading
The risks of cloud data loss prevention
Cloud data loss prevention offers many advantages to enterprises today, but it is not without challenges. Expert Rob Shapland discusses the issues to be aware of.Continue Reading
Desktop as a service: Enterprise security risks and rewards
While the interest in desktop as a service has grown, there are a number of security concerns enterprises should also be aware of. Expert Ed Moyle discusses the risks and rewards of desktop as a service.Continue Reading
The benefits of encryption key rotation for cloud users
Encryption key rotation is suggested for enterprises working in the cloud. Expert Dave Shackleford discusses the benefits of key rotation, key management options and some best practices.Continue Reading
Pros and cons: Cloud-based identity and access management
While cloud-based identity and access management services offer numerous benefits to enterprises, there are also a number of drawbacks. Learn the risks and rewards of cloud IAM.Continue Reading
How to evaluate, choose and work securely with cloud service providers
Learn the ins and outs of evaluating, selecting and establishing a secure relationship with a cloud service provider.Continue Reading
Develop a secure API design in a cloud environment
Developing a secure API design in a cloud environment can be challenging. Expert Dejan Lukan explains what enterprises need to remember when building a secure API.Continue Reading