Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• How does Docker's hardware signing work?

  Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan goes over these new features. Continue Reading

• Can Contiv automate policies for container platforms?

  Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of this open source tool. Continue Reading

• OneOps: The value of cloud application lifecycle management

  The OneOps cloud application lifecycle management tool helps organizations regain control of cloud deployments and prevent vendor lock-in. Expert Rob Shapland explains how. Continue Reading

• How machine learning in the cloud can help enterprise security

  There's a growing trend of machine learning in the cloud and security should take advantage of it. Expert Dave Shackleford discusses machine learning and its benefits to security. Continue Reading

• How does AWS Directory Service offer security benefits?

  AWS has begun providing Active Directory management in the cloud. Expert Dan Sullivan explains this new Amazon service and what it means for users. Continue Reading

• Cloud identity management: Deciding on the right approach

  Cloud identity management can offer a lot of security benefits, but enterprises need to answer some questions before deployment. Expert Ed Moyle offers advice on what to ask.Continue Reading

• Cloud DLP: Can gateways rise to the challenge?

  Cloud access security brokers are quickly emerging as the technology of choice for enterprises seeking to implement data loss prevention controls in the cloud.Continue Reading

• Distinguishing types of cloud services and their security risks

  The different type of cloud services -- public, private and hybrid -- all provide different security for enterprises. Here's an explanation of each kind and their security pros and cons.Continue Reading

• Three perspectives on cloud identity and access management

  Identity access management (IAM) systems work to help keep security high by initiating, capturing, recording and managing user identities and access permissions. Cloud identity and access management systems can simplify these complex tasks, but ...Continue Reading

• Can virtual machine introspection improve cloud security?

  What is virtual machine introspection, and can it help improve cloud security? Expert Dan Sullivan explains techniques behind VM introspection and how it can boost security in the cloud.Continue Reading

• Is AWS WAF worth considering for enterprise cloud?

  The new Amazon WAF offers firewall features for the cloud. Expert Dan Sullivan explains how Amazon WAF can be integrated in the enterprise cloud.Continue Reading

• What does Amazon Inspector do for cloud security?

  Expert Dan Sullivan explains what benefits Amazon Web Services' new Amazon Inspector service offers in terms of assessing cloud security.Continue Reading

• How the Lucky 13 attack affects Amazon s2n security

  Amazon's s2n was targeted by the Lucky 13 attack and the discovery unnerved the security community. Expert Dave Shackleford discusses open source SSL/TLS risks like the s2n flaw.Continue Reading

• How can vaultless tokenization protect data in the cloud?

  How do vaultless tokenization and standard tokenization differ, and what is the best way to use them for securing cloud data? Expert Dan Sullivan offers guidance and use cases.Continue Reading

• How do new AWS APIs simulate IAM policies for cloud security?

  The newly released AWS APIs simulate IAM policies for security testing. Expert Dan Sullivan explains how to make the most of these APIs.Continue Reading

• What does Docker Content Trust mean for container security?

  Docker Content Trust offers improved container security through code signing. Expert Dan Sullivan explains why this matters for enterprise cloud users.Continue Reading

• Inside the new Microsoft Azure security features

  There are two new Microsoft Azure security features. Expert Rob Shapland breaks down how they aim to boost cloud security for enterprises.Continue Reading

• Can Azure Container Service boost enterprise security?

  Microsoft's new container service for Azure makes use of the Apache Mesos platform. Expert Dan Sullivan explains why this matters for enterprise security.Continue Reading

• Readers' top picks for cloud security products

  What companies and cloud security products do organizations consider when they see to reduce their cloud vulnerabilities?Continue Reading

• How Azure Security Center boosts Microsoft cloud security

  Azure Security Center looks to enhance Microsoft's cloud platform by improving visibility and control. Expert Dave Shackleford outlines the features intended to do that.Continue Reading

• Is Amazon Aurora's security strong enough for enterprises?

  Without encryption for data at rest, is encrypting data in transit with Amazon Aurora enough, or is it worth waiting for AWS Key Management System integration?Continue Reading

• Is IBM Blue Box 'private cloud as a service' really private?

  Is the "private cloud as a service" from IBM Blue Box actually a private cloud, or just marketing hype? Expert Dan Sullivan explores.Continue Reading

• How the cloud access security broker space is evolving

  The cloud access security broker space is accelerating at a fast clip, but expert Rob Shapland explains some obstacles for enterprises to consider before selecting a CASB platform.Continue Reading

• What is the business case for the s2n TLS implementation?

  Amazon Web Services purports its s2n TLS protocol creation is simpler, easier to manage and more secure than standard TLS. Expert Dan Sullivan explains.Continue Reading

• What security controls does Amazon Elastic File System offer?

  Expert Dan Sullivan outlines the security features offered with Amazon Elastic File System and explains why privilege controls are critical to Amazon workload security.Continue Reading

• A look at Microsoft Azure security features for enterprises

  Boosted Microsoft Azure security could give it a competitive edge in the cloud market. Here are the security features enterprises can take advantage of.Continue Reading

• Is Enterprise Box security strong enough for enterprises?

  The U.S. Department of Justice started using Enterprise Box for cloud-based data storage and collaboration. Should enterprises also consider this option? Expert Dan Sullivan explains.Continue Reading

• Who does what in cloud data compliance?

  Higher learning: The University of Notre Dame's IT director looks at the shared responsibility model for compliance in the cloud.Continue Reading

• Who does what? Uncover the key to cloud security compliance

  SaaS vendors bear more of a compliance burden for cloud security. Enterprise responsibilities for services hosted in IaaS are little changed, however.Continue Reading

• How can we mitigate the risks of cloud database services?

  Before utilizing cloud database services, there are several security considerations to keep in mind and prepare for. Expert Dan Sullivan explains.Continue Reading

• Regaining control of cloud compliance

  As assets are moved to the cloud, organizations must take steps to ensure that cloud compliance requirements are upheld by third-party vendors. This is a major undertaking that requires knowledge of federal, state and international law; changing ...Continue Reading

• Cloud access security brokers: How should enterprises evaluate them?

  A proper evaluation of a cloud access security broker is critical to finding the best match for your enterprise's needs. Expert Dan Sullivan outlines key criteria to keep in mind during CASB assessment.Continue Reading

• What security considerations should go into choosing an AWS database?

  Careful consideration must go into choosing the right AWS database for your enterprise. Expert Dan Sullivan discusses the options and security considerations to keep in mind during evaluation.Continue Reading

• Why the security industry needs a standardized framework for CASBs

  The growth of CASBs has prompted the CSA and CipherCloud to team up to form the Cloud Security Open API Working Group. Expert Dave Shackleford explains the purpose and benefits of the group.Continue Reading

• What are the benefits of enterprise cloud bridge usage?

  Is a cloud bridge right for your enterprise? Learn what a cloud bridge is and the benefits it can offer, as well as when you might consider using one in the workplace.Continue Reading

• How to best employ cloud-based security services

  The cloud-based security services market is booming, as enterprises adopt email, Web security, and identity and access management SaaS. How can CISOs best combine cloud-based security controls with on-premises security programs? This Beyond the Page...Continue Reading

• CIOs no longer up in the air on hybrid cloud security concerns

  David Strom outlines six information security strategies that CIOs have adopted as their organizations migrate toward hybrid clouds.Continue Reading

• How hard is it to implement SSO with Microsoft Azure AD?

  David Strom tells you how to use Azure Active Directory and Azure Multifactor Authentication for hybrid cloud management.Continue Reading

• Five ways CIOs tackle hybrid cloud security

  The traditional moat model is disappearing as companies embrace hybrid cloud strategies from microsegmentation to perimeter controls.Continue Reading

• Finding the right balance in hybrid cloud security issues

  The growing complexity of hybrid cloud security issues has many CIOs working to update their controls, particularly with cloud resources, which offer less visibility.Continue Reading

• Five ways CIOs build hybrid cloud security

  As CIOs adopt hybrid cloud strategies, some quickly learn that force-fitting traditional security methods to public and private clouds, or some combination, doesn't work. Whether it's migrating non-sensitive workloads to off-site data centers or ...Continue Reading

• How do key aliases affect cloud encryption key management?

  Amazon Web Services added support for key aliases to help improve enterprise cloud encryption key management. Learn what key aliases are and the benefits they bring to the enterprise.Continue Reading

• Authentication in the cloud: Are more open standards the answer?

  Using passwords to authenticate users has a long and troubled past. Expert Rob Shapland explains how open standards such as FIDO, SAML and OpenID can help solve the woes surrounding user authentication in the cloud.Continue Reading

• What are the security concerns of backup as a service?

  While backup as a service sounds like a great idea, there are several considerations to keep in mind prior to jumping in feet first. Expert Dan Sullivan explains.Continue Reading

• Why financial organizations need a strong cloud security strategy

  A cloud security strategy is critical for financial organizations, but many in the industry are dragging their feet. Expert Dave Shackleford explains why.Continue Reading

• How enterprises can protect against weak cloud passwords

  Weak passwords are a common threat to enterprises relying on cloud services. Expert Dejan Lukan reviews some password best practices.Continue Reading

• Is the Certified Cloud Security Professional certification worth pursuing?

  The Cloud Security Alliance and (ISC)2 recently introduced the Certified Cloud Security Professional certification, but is it a must-have? Expert Dan Sullivan explains.Continue Reading

• Three steps to finding the ideal cloud data archiving services

  While cloud data archiving services can be highly beneficial, careful consideration must be taken to find the service that best suits an enterprise's needs. Expert Ed Moyle outlines three steps to find your ideal cloud data archiving service.Continue Reading

• How can AWS EC2 Container Service improve Docker security?

  Expert Dan Sullivan outlines the security issues associated with Docker and explains how the AWS EC2 Container Service can help resolve them.Continue Reading

• Lack of secure APIs can create IaaS risks

  IaaS data security risks are a persistent problem for enterprises moving to the cloud, but there are specific issues to keep an eye on.Continue Reading

• Why would public cloud providers turn off customer cloud accounts?

  Public cloud providers reserve the right to shut off vulnerable cloud accounts, but how does it work? Expert Dan Sullivan explains.Continue Reading

• Are PaaS database applications more secure than IaaS applications?

  Choosing between a platform as a service database and an infrastructure as a service database when it comes to large amounts of data can be challenging. Expert Dan Sullivan explains the security factors to keep in mind.Continue Reading

• The benefits of remote debugging techniques in the cloud

  Sharpening debugging techniques can help IT professionals who need to remotely debug a system and can be useful across many different areas of technology.Continue Reading

• What can enterprises learn from the new EU cloud security framework?

  Expert Dan Sullivan outlines key takeaways enterprises should learn from the European Union's cloud security framework recommendations.Continue Reading

• How does Google Cloud Platform affect merchant PCI compliance?

  Google announced its Google Cloud Platform is PCI-compliant -- but what does this mean for merchants? Expert Ed Moyle explains.Continue Reading

• Is a hybrid DDoS defense strategy the best option for enterprises?

  Choosing between on-premises and cloud DDoS services can be challenging, so why not use both? Expert Dan Sullivan explains.Continue Reading

• Why enterprises need data encryption in the cloud

  There are many risks associated with data sharing across devices and services, which is why using data encryption in the cloud is so important.Continue Reading

• Cloud authentication: What's the best way to secure cloud credentials?

  Cloud credentials can create major vulnerabilities. Expert Dan Sullivan outlines how to detect compromised credentials and the best ways to prevent it.Continue Reading

• What are the benefits of a 'bring your own key' encryption service?

  'Bring your own key' services let customers hold onto their encryption keys, but is it really more secure? Expert Dan Sullivan explains.Continue Reading

• How does ISO/IEC 27018 affect cloud provider selection, PII privacy?

  Learn what the ISO/IEC 27018 standard is, what it means to PII privacy, and how it should affect cloud provider and product selection.Continue Reading

• Which cloud malware analysis tools suit you best?

  Deciding on cloud malware analysis tools can be a confusing process for organizations. Here's how to know which one is right for your business.Continue Reading

• Is the Google Cloud Security Scanner enterprise grade?

  Learn how cloud security scanners compare to traditional vulnerability scanners and whether the Google Cloud Security Scanner is ready for enterprise use.Continue Reading

• What advanced email security controls does AWS WorkMail offer?

  AWS WorkMail is set to compete with Microsoft Outlook, but how does it compare security-wise? Expert Dan Sullivan explains.Continue Reading

• Comparing third-party vs. cloud providers' Web security scanners

  Google Cloud Platform has its own Web application security scanner, but are in-house scanners better than third-party scanners? Expert Dave Shackleford examines.Continue Reading

• How do Xen hypervisor security updates affect the public cloud?

  Public cloud providers were forced to reboot their cloud instances to implement Xen hypervisor security updates. Learn what these updates mean for public cloud security.Continue Reading

• Shadow cloud problem growing, SkyHigh Networks says

  Kamal Shah of SkyHigh Networks talks with SearchSecurity about the rapid adoption of shadow cloud apps and services in the enterprise.Continue Reading

• The benefits of cloud-based automated malware analysis tools

  Cloud-based automated malware analysis tools are growing in importance to enterprises. Here is a look at the different types of tools and their benefits.Continue Reading

• Private cloud sprawl: How cloud consolidation can improve security

  Vast private cloud infrastructure can be detrimental to an organization. Expert Ed Moyle looks at how and when to consider cloud consolidation to reduce cloud creep.Continue Reading

• AES-128 encryption key generation: Leave it to AWS or do it in-house?

  Organizations can opt to allow Amazon Elastic Transcoder to generate AES-128 encryption keys or do the job in-house -- which is more secure? Expert Dan Sullivan explains.Continue Reading

• Traditional vs. cloud pen testing: What's the difference?

  Penetration testing in the cloud differs from on-premises testing. Expert Dan Sullivan discusses cloud pen testing and whether cloud providers or in-house security teams are best suited for the job.Continue Reading

• What's the business case for Amazon's three AWS monitoring tools?

  CloudTrail, CloudWatch and AWS Config are three different tools from Amazon that help enterprises monitor AWS. Expert Dan Sullivan explains the differences between the three and when each should be used.Continue Reading

• AWS security groups vs. traditional firewalls: What's the difference?

  AWS security groups provide network-based blocking mechanisms, much like traditional firewalls. Expert Dan Sullivan explains the differences between the two.Continue Reading

• What are the security pros and cons of hybrid cloud storage?

  Interest in hybrid cloud data storage is growing, but is it safe? Expert Dan Sullivan outlines the risks and rewards for enterprises.Continue Reading

• How can cloud access security brokers improve enterprise security?

  Cloud access security brokers can help enterprises enforce security policies in the cloud. Expert Dan Sullivan discusses the benefits.Continue Reading

• Using NIST 800-125-A to understand hypervisor security threats

  Expert Paul Henry discusses how the draft NIST Special Publication 800-125-A can help enterprises better understand the threat landscape in a virtual realm.Continue Reading

• Can the Cloud Security Alliance help with comparing cloud providers?

  The Cloud Security Alliance published its Privacy Level Agreement for Europe v2 to help consumers compare cloud providers. Expert Dan Sullivan explains how it can help U.S. companies as well.Continue Reading

• Negotiating SLA requirements to ensure cloud regulatory compliance

  Outlining your enterprise regulatory compliance reporting needs and establishing these needs with cloud providers during SLA negotiations is critical. Ed Moyle outlines steps to help organizations get started.Continue Reading

• Can proprietary databases be securely migrated to the AWS cloud?

  When enterprises look to migrate a proprietary database to the AWS cloud, there are a number of security considerations to keep in mind. Expert Dan Sullivan explains.Continue Reading

• How AWS Key Management Service bolsters cloud security

  The AWS Key Management Service is a good tool for cloud encryption key management. Expert Dave Shackleford examines AWS KMS and its benefits to enterprises.Continue Reading

• How to use AWS to meet compliance standards' requirements

  Looking to make compliance an easier task? Expert Steven Weil explains how to use AWS to help meet compliance standards' requirements.Continue Reading

• Using a software-defined perimeter to create an air-gapped network

  The Cloud Security Alliance's software-defined perimeter protocol can help enterprises achieve dynamic air-gapped networks. Expert Ed Moyle discusses how SDP works and the benefits it can provide.Continue Reading

• How AWS PCI compliance affects enterprise PCI compliance

  Before deploying an AWS infrastructure, it is critical to understand how it will affect enterprise PCI compliance. Expert Rob Shapland discusses key factors to consider.Continue Reading

• How to achieve better cloud security for your enterprise

  Better security in the cloud is possible. Learn what national standards and the CSA can do, what they cannot and how to plug the security gap.Continue Reading

• Cloud security certifications: How important are they?

  More and more certifications are being created around cloud security. Expert Sean Martin looks at some of the more prominent certifications and examines their value.Continue Reading

• The importance of public cloud encryption for enterprise data storage

  Cloud storage providers have beefed up their encryption offerings, but are they enough? Expert Dave Shackleford explains the importance of public cloud encryption.Continue Reading

• Understanding the cloud security threat modeling process

  The threat modeling process for cloud security is multifaceted. Expert Ravila Helen White breaks it down into a few key aspects.Continue Reading

• Is iCloud authentication secure enough for enterprises?

  ICloud authentication was called into question after the hack of celebrity photos, so is it secure enough for enterprises? Expert Dave Shackleford explains.Continue Reading

• An introduction to Docker and its effect on enterprise cloud security

  Docker provides improvements for application virtualization, but what does it mean for security? Expert Ed Moyle offers an intro to Docker and what it will mean for enterprise and cloud security.Continue Reading

• The risks of cloud data loss prevention

  Cloud data loss prevention offers many advantages to enterprises today, but it is not without challenges. Expert Rob Shapland discusses the issues to be aware of.Continue Reading

• Desktop as a service: Enterprise security risks and rewards

  While the interest in desktop as a service has grown, there are a number of security concerns enterprises should also be aware of. Expert Ed Moyle discusses the risks and rewards of desktop as a service.Continue Reading

• The benefits of encryption key rotation for cloud users

  Encryption key rotation is suggested for enterprises working in the cloud. Expert Dave Shackleford discusses the benefits of key rotation, key management options and some best practices.Continue Reading

• Pros and cons: Cloud-based identity and access management

  While cloud-based identity and access management services offer numerous benefits to enterprises, there are also a number of drawbacks. Learn the risks and rewards of cloud IAM.Continue Reading

• How to evaluate, choose and work securely with cloud service providers

  Learn the ins and outs of evaluating, selecting and establishing a secure relationship with a cloud service provider.Continue Reading

• Develop a secure API design in a cloud environment

  Developing a secure API design in a cloud environment can be challenging. Expert Dejan Lukan explains what enterprises need to remember when building a secure API.Continue Reading

• An introduction to Microsoft Office 365 security

  The Microsoft Office 365 security features are robust, but may not offer the granularity some enterprises need. Expert Dave Shackleford reviews the security pros and cons of Microsoft's cloud-based productivity suite.Continue Reading

• The security pros and cons of a cloud email service

  Moving enterprise email to the cloud has its benefits but also its risks. Here's how to weigh the two so your migration succeeds.Continue Reading

• Introduction to cloud email security: Business case, key features

  Cloud-based email security is a top SaaS initiative for many firms, but is it really better than traditional email security? Ed Moyle offers a primer.Continue Reading

• Applying zero-knowledge to data storage security in cloud computing

  Expert Dejan Lukan offers examples of why enterprises need cryptographically secure cloud applications based on the zero-knowledge principle.Continue Reading

• Cloud tokenization: Why it might replace cloud encryption

  Expert Dave Shackleford says cloud tokenization technology is becoming an attractive alternative to cloud encryption, but problems persist.Continue Reading

• Cloud-based application security: Preventing security breaches

  Cloud-based application security is becoming an increasingly prevalent concern. Uncover three key best practices for preventing security breaches.Continue Reading