Get started
Bring yourself up to speed with our introductory content.
Get started
Bring yourself up to speed with our introductory content.
How does Docker's hardware signing work?
Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan goes over these new features. Continue Reading
Cloud security automation: Are we up to the task?
Orchestration tools and APIs can help enterprises implement threat detection and response functionality in the cloud. But it requires crossing another divide: DevOps and security. Continue Reading
How to test data analysis in virtual environments
Security teams need to practice and test data analysis, but it can be challenging to do in small environments. Expert Frank Siemons explains some ways to make it work anyway. Continue Reading
-
AWS CloudTrail
AWS CloudTrail is an application program interface (API) call-recording and log-monitoring Web service offered by Amazon Web Services (AWS). Continue Reading
How can a reverse proxy mode improve cloud security?
Skyhigh Networks recently obtained a patent to use reverse proxies for cloud access security broker services. Expert Dan Sullivan explains how the method works. Continue Reading
Can Amazon Simple AD replace Active Directory?
How does Amazon's Simple AD differ from Microsoft's Active Directory, and what security issues should be considered before creating a Simple AD? Expert Dan Sullivan explains.Continue Reading
Open Container Project: Does it improve container security?
The Open Container Project is creating a standard container image format and runtime engine. Expert Dan Sullivan explains how it can improve container security.Continue Reading
How to perform a forensic acquisition of a virtual machine disk
Virtualization expert Paul Henry provides a step-by-step guide to imaging a virtual machine disk (*flat.vmdk) in a forensically sound manner.Continue Reading
An introduction to cloud container security
While the benefits of cloud containers are readily apparent, there aren't clear guidelines on how to secure the technology. Expert Rob Shapland offers pointers on how to stay safe.Continue Reading
Cloud access security brokers: How should enterprises evaluate them?
A proper evaluation of a cloud access security broker is critical to finding the best match for your enterprise's needs. Expert Dan Sullivan outlines key criteria to keep in mind during CASB assessment.Continue Reading
-
How to securely manage public/private keys for cloud authentication
Managing public/private keys is crucial for enterprises to ensure secure cloud authentication. Here are four tips to harden security of cloud keys.Continue Reading
Authentication in the cloud: Are more open standards the answer?
Using passwords to authenticate users has a long and troubled past. Expert Rob Shapland explains how open standards such as FIDO, SAML and OpenID can help solve the woes surrounding user authentication in the cloud.Continue Reading
What are the security concerns of backup as a service?
While backup as a service sounds like a great idea, there are several considerations to keep in mind prior to jumping in feet first. Expert Dan Sullivan explains.Continue Reading
The benefits of remote debugging techniques in the cloud
Sharpening debugging techniques can help IT professionals who need to remotely debug a system and can be useful across many different areas of technology.Continue Reading
How does a cloud readiness assessment work?
Expert Dan Sullivan explains the three main factors of a cloud readiness assessment and how it can help enterprises prepare for a cloud migration.Continue Reading
Why enterprises need data encryption in the cloud
There are many risks associated with data sharing across devices and services, which is why using data encryption in the cloud is so important.Continue Reading
Security considerations for putting e-commerce in the cloud
As enterprises shift and put e-commerce in the cloud, security becomes an even more important consideration. Here's what you need to know before making the move.Continue Reading
Which cloud malware analysis tools suit you best?
Deciding on cloud malware analysis tools can be a confusing process for organizations. Here's how to know which one is right for your business.Continue Reading
AWS penetration testing secrets for success
AWS penetration testing must be done in both cloud and on-premises infrastructures. Cloud security expert Rob Shapland offers pointers for conducting a successful AWS pen test.Continue Reading
Using NIST 800-125-A to understand hypervisor security threats
Expert Paul Henry discusses how the draft NIST Special Publication 800-125-A can help enterprises better understand the threat landscape in a virtual realm.Continue Reading
What policies should be in a cloud infrastructure security program?
Expert Dan Sullivan explains which policies and security controls enterprises should include in their cloud infrastructure security program to prevent cloud security compromises.Continue Reading
Negotiating SLA requirements to ensure cloud regulatory compliance
Outlining your enterprise regulatory compliance reporting needs and establishing these needs with cloud providers during SLA negotiations is critical. Ed Moyle outlines steps to help organizations get started.Continue Reading
Using a software-defined perimeter to create an air-gapped network
The Cloud Security Alliance's software-defined perimeter protocol can help enterprises achieve dynamic air-gapped networks. Expert Ed Moyle discusses how SDP works and the benefits it can provide.Continue Reading
How to strengthen SSH security in the cloud
SSH security can be threatened by many kinds of attacks, but there are also several steps enterprises can take to protect against them. Expert Dejan Lukan explains.Continue Reading
Cloud security certifications: How important are they?
More and more certifications are being created around cloud security. Expert Sean Martin looks at some of the more prominent certifications and examines their value.Continue Reading
Cloud discovery: Finding shadow cloud use in the enterprise
Securing approved cloud applications is hard enough, but what about the apps it can't see? Expert Ed Moyle discusses three strategies for finding enterprise shadow cloud usage.Continue Reading
Secure cloud data storage services considerations for SMBs
Secure cloud data storage services can help small businesses cost-effectively safeguard data. But before choosing a provider, read expert Joe Malec's five top considerations to keep in mind.Continue Reading
Implementing VMware border router ingress and egress filtering
Implementing ingress and egress filtering at the border router can help greatly improve security in a VMware-based virtual data center. Expert Paul Henry explains how.Continue Reading
How to run a secure WordPress installation in an IaaS VM
In the cloud, a secure WordPress installation is important to the safety of enterprises. Expert Dejan Lukan provides detailed advice on this process.Continue Reading
Microsoft Cloud Security Readiness Tool (CSRT)
The Microsoft Cloud Security Readiness Tool (CSRT) is a survey that assesses the systems, processes and productivity of an IT environment in preparation for the adoption and secure use of cloud computing services.Continue Reading
Cloud Controls Matrix
The Cloud Controls Matrix is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.Continue Reading
Amazon CloudTrail: How it could change cloud logging
The new Amazon CloudTrail cloud logging service could make event management much simpler for security teams. Expert Dave Shackleford explains how.Continue Reading
Doing it right: Cloud encryption key management best practices
Expert Dave Shackleford takes a look at what cloud encryption key management is like today and what to know about cloud security providers' processes.Continue Reading
Hybrid IT services in the cloud age: What CISOs should do now
To keep enterprise IT secure, chief information security officers must fit cloud services into risk-management and governance frameworks. Here's how.Continue Reading
How to develop a business strategy for cloud security
Expert R.H. White walks through how to develop a business strategy that provides information security on the cloud.Continue Reading
Cloud forensics: An intro to cloud network forensic data collection
This introduction to cloud forensics explores the challenges of collecting cloud network forensic data and finding a provider to support the process.Continue Reading
CloudTrust Protocol (CTP)
The CloudTrust Protocol or CTP is a mechanism that helps cloud service customers request and retrieve standardized inquiries about cloud provider transparency.Continue Reading
Cloud security basics: What enterprises, IT pros need to know
Video: Securosis CEO Rich Mogull details cloud security basics, including how the cloud affects enterprises today and the joys of security automation.Continue Reading
Cloud stack security: Understanding cloud VM risk scenarios
Expert Dave Shackleford explains how cloud stack security must withstand a variety of a current and emerging threats, particularly cloud VM risk.Continue Reading
Amazon S3 encryption overview: How to secure data in the Amazon cloud
Learn details for employing Amazon S3 encryption features. Expert Dave Shackleford compares S3 encryption to other cloud provider offerings.Continue Reading
information-centric security
Information-centric security is an approach to information security paradigm that emphasizes the security of the information itself rather than the security of networks, applications, or even simply data.Continue Reading
Trusted Cloud Initiative
The Trusted Cloud Initiative is a program of the Cloud Security Alliance industry group created to help cloud service providers develop industry-recommended, secure and interoperable identity, access and compliance management configurations and ...Continue Reading
Cloudburst VM escape
Cloudburst VM (virtual machine) escape is an exploit method, credited to research firm Kostya Kortchinsky Immunity Inc., that takes advantage of IBM's Cloudburst cloud service provisioning software for cloud providers and a flaw in VMware ...Continue Reading
Soc 3 (Service Organization Control 3)
A Service Organization Control 3 (Soc 3) report outlines information related to a service organization’s internal controls in security, availability, processing integrity, confidentiality or privacy.Continue Reading
Soc 2 (Service Organization Control 2)
A Service Organization Control 2 (Soc 2) reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy.Continue Reading
Soc 1 (Service Organization Control 1)
A Service Organization Control 1 or Soc 1 (pronounced "sock one") report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.Continue Reading
ENISA (European Network and Information Security Agency)
The European Network and Information Security Agency (ENISA) is a European Union (EU) agency dedicated to preventing and addressing network security and information security problems.Continue Reading
Security, Trust and Assurance Registry (STAR)
The Security, Trust and Assurance Registry (STAR) is an online registry of cloud provider security controls.Continue Reading
AV storm
An AV storm is the performance degradation that occurs when antivirus software simultaneously scans multiple virtual machines (VMs) on a single physical host. Continue Reading
CloudAudit
CloudAudit is a specification for the presentation of information about how a cloud computing service provider addresses control frameworks. The specification provides a standard way to present and share detailed, automated statistics about ...Continue Reading
blue pill rootkit
The blue pill rootkit is malware that executes as a hypervisor to gain control of computer resources. Joanna Rutkowska, a security researcher for Singapore-based IT security firm COSEINC, developed the Blue Pill rootkit as proof-of-concept malware, ...Continue Reading
BIOS rootkit attack
A BIOS-level rootkit attack, also known as a persistent BIOS attack, is an exploit in which the BIOS is flashed (updated) with malicious code. A BIOS rootkit is programming that enables remote administration.Continue Reading
BIOS rootkit
A BIOS-level rootkit is programming that exists in a system's memory hardware to enable remote administration. Because the rootkit lives in the computer’s BIOS (basic input/output system), it persists not only through attempts to reflash the BIOS ...Continue Reading
Cloud computing security model overview: Network infrastructure issues
In this primer on cloud computing security, learn about the basics of data security in the cloud, how to secure network infrastructure and devices that interact with cloud-based services and the threats and attacks that pose a risk to enterprises.Continue Reading