Problem solve

Problem solve

Get help with specific problems with your technologies, process and projects.

• How to address and mitigate serverless security issues

  There are two major security implications of serverless cloud infrastructure: secure coding and identity and access management. Uncover best practices to mitigate these risks. Continue Reading

• Shared responsibility model transparency boosts cloud security

  The shared responsibility model delineates where company and CSP security responsibilities start and end. This is critical not only for compliance, but also the big security picture. Continue Reading

• Risks of container escape vulnerabilities and how to counter them

  Container escape vulnerabilities create new challenges for security and risk management teams. Learn more about container escapes and how to prevent exploitation. Continue Reading

• Research shows cloud security vulnerabilities grow

  Recent research shows the number of cloud security incidents are growing. Here are the biggest contributors to the complicated cloud threat landscape facing modern enterprises. Continue Reading

• As cloud complexities increase, cybersecurity skills gap worsens

  Concerns about the lack of security expertise persist, according to respondents in a new CSA survey of IT and security professionals on complexities within native cloud, hybrid and multi-cloud environments. Continue Reading

• 3 best practices for cloud security monitoring

  Cloud security monitoring can be laborious to set up, but organizations can make it easier. Learn about three best practices for cloud security monitoring and the available tools.Continue Reading

• The top cloud security challenges are 'people problems'

  Cloud security begins at home. Considering the human factor in cybersecurity is step one when it comes to addressing how to keep critical assets safe in cloud.Continue Reading

• Three steps to secure function as a service

  Securely setting up function as a service, or serverless computing, is complicated. Learn how to secure function-as-a-service cloud environments with three standard principles.Continue Reading

• Protect your enterprise against shadow IT in the cloud

  More technologies than ever are available to people now that the cloud is so pervasive, and, as a result, shadow IT has become a problem. Expert Michael Cobb explains what to do.Continue Reading

• Container security awareness, planning required as threats persist

  As container security vulnerabilities continue to emerge, companies should plan ahead and have strategies ready to defend against looming segmentation failures.Continue Reading

• How to defend against malicious IP addresses in the cloud

  Cybercriminals have found a way to use the cloud to mask their locations. Expert Rob Shapland looks at the options organizations have to deal with malicious IP addresses.Continue Reading

• How to monitor and detect a cloud API vulnerability

  A REST API vulnerability in Salesforce's Marketing Cloud service put users at risk of data disclosure. Learn how to detect cloud API vulnerabilities from expert Rob Shapland.Continue Reading

• How to prevent cloud cryptojacking attacks on your enterprise

  As the value of bitcoin has risen over the last year, so has the prevalence of cloud cryptojacking attacks. Expert Rob Shapland explains how enterprises can prevent these attacks.Continue Reading

• How enterprises should handle GDPR compliance in the cloud

  GDPR compliance in the cloud can be an intimidating concept for some enterprises, but it doesn't have to be. Rob Shapland explains why it's not so different from on premises.Continue Reading

• How to prevent SQL injection attacks in your enterprise

  SQL injection attacks threaten enterprise database security, but the use of cloud services can reduce the risk. Here's a look at some alternative SQL injection protection methods.Continue Reading

• Secure cloud migration: What pitfalls should companies avoid?

  Enterprises can ensure a secure cloud migration by avoiding specific risks. Expert Judith Myerson outlines what to look for and what mistakes not to make when moving to the cloud.Continue Reading

• How to handle configuration management in the cloud without issue

  Not handling configuration management in the cloud correctly can unintentionally expose sensitive enterprise data. Expert Ed Moyle explains how to make sure this doesn't happen.Continue Reading

• How to prevent an insider data breach of the cloud

  Enterprises using the cloud should be particularly careful to avoid an insider data breach. Expert Frank Siemons explains why it's important to stop insider threats in the cloud.Continue Reading

• How can a hypervisor deployment avoid security risks?

  A hypervisor deployment can put the security of an organization at risk, but there are ways to make it secure. Expert Judith Myerson outlines how to make the process safer.Continue Reading

• How Docker APIs can be misused to plant malware

  Researchers discovered how Docker APIs can be exploited to hide malware. Dave Shackleford explains the attack method and the threat it poses to container and virtual machines.Continue Reading

• The security risks of HTTPS inspection in the cloud

  Cloud service providers can perform HTTPS inspection, despite warnings from US-CERT. Expert Ed Moyle looks at what this technique does and what the security implications are.Continue Reading

• How attackers can intercept iCloud Keychain data

  A verification flaw in the synchronization service of iCloud Keychain enables attackers to intercept the data it transfers. Expert Frank Siemons explains what to do about it.Continue Reading

• Applying proper cloud access control to prevent data exposures

  Several recent data exposures have involved misconfigured Amazon S3 buckets. Dave Shackleford discusses the importance of proper cloud access control and how to implement it.Continue Reading

• Solving cloud console fatigue for enterprises

  Kamal Shah of Skyhigh Networks explains how his company is battling cloud console fatigue for enterprises and expanding its CASB model beyond cloud applications.Continue Reading

• The security challenges of custom applications in the cloud

  Securing custom applications in the cloud can be a hassle for enterprises. Expert Ed Moyle discusses how to make it easier to secure custom cloud apps.Continue Reading

• How NetFlow data can be used for cloud environments

  Collecting and analyzing NetFlow data can help organizations detect security incidents and figure out their cause. Expert Frank Siemons explains how NetFlow works.Continue Reading

• Continuous monitoring in the cloud: Two steps to make it a reality

  Enterprises can achieve continuous monitoring in the cloud if they focus on the two main elements of it. Expert Dave Shackleford discusses what those elements are.Continue Reading

• What a CPU cache exploit means for multi-tenant cloud security

  Researchers recently proved that it's possible to steal cloud data from a CPU cache. Expert Rob Shapland discusses how this works and what it means for multi-tenant cloud security.Continue Reading

• How to ensure a secure data transport of information in the cloud

  A secure data transport of information stored in the cloud can be challenging. Expert Frank Siemons explains the options available to companies for securing physical data movement.Continue Reading

• Is a malicious hypervisor a real security threat to enterprises?

  It's possible for hackers to use a malicious hypervisor to access data on virtual machines. Expert Ed Moyle discusses how this works and the potential threat it poses.Continue Reading

• A guide to cloud security certifications for infosec pros

  Both vendor-neutral and vendor-specific cloud security certifications have emerged as businesses shift toward cloud computing models that reduce TCO and expand computing capacity.Continue Reading

• How CASBs are broadening to address IaaS security

  CASBs have started extending their reach into IaaS platforms. Expert Rob Shapland looks at what they're doing and the effect they could have on IaaS security.Continue Reading

• Four common cloud attacks and how to prepare for them

  Cloud attacks are increasingly targeting service providers. Expert Frank Siemons looks at the different types of attacks from which service providers and enterprises should be protected.Continue Reading

• How hackers use Google cloud services to attack enterprises

  Hackers, such as the Carbanak group, use Google cloud services to infiltrate organizations' systems. Expert Rob Shapland explains how that works and what can be done to stop it.Continue Reading

• How to boost CDN security and protect enterprise data

  A recent Cloudflare bug highlights CDN security and the need for vigilance in protecting sensitive enterprise data. Expert Dave Shackleford discusses the flaw and what can be done.Continue Reading

• How a container escape vulnerability can threaten enterprises

  A container escape vulnerability can expose enterprise systems to attackers. Expert Rob Shapland explains how these flaws work and how to mitigate the threat.Continue Reading

• How to detect and mitigate malicious content from the cloud

  Malicious content hosted in the cloud is more common than you might think. Expert Ed Moyle looks at what enterprises need to know about cloud malware and how to stop it.Continue Reading

• What enterprises need to know about securing a multicloud deployment

  A multicloud deployment takes considerable planning for an enterprise, especially when it comes to security. Expert Dave Shackleford looks at the challenges of multicloud.Continue Reading

• How to detect and prevent a man-in-the-cloud attack

  A man-in-the-cloud attack is a newer threat to enterprise security and it's not always easy to detect. Expert Frank Siemons explains how the attacks work and what can be done.Continue Reading

• How does the Cisco CloudCenter Orchestrator vulnerability work?

  Cisco's CloudCenter Orchestrator was found to have a privilege escalation vulnerability. Expert Matthew Pascucci explains how it works and what enterprises need to know about it.Continue Reading

• How a RHEL virtual machine in Microsoft Azure can be exploited

  RHEL virtual machines hosted in Microsoft Azure were recently found to have significant security vulnerabilities. Expert Rob Shapland explains them and what enterprises can learn.Continue Reading

• Why CloudFanta malware poses an unusual threat to enterprises

  CloudFanta is a new kind of malware threatening enterprises. Expert Rob Shapland explains how it leverages cloud storage site SugarSync to infect users and enterprises.Continue Reading

• How the Flip Feng Shui technique undermines cloud security

  The Flip Feng Shui attack against hypervisors could have both short and long-term effects on enterprises. Expert Ed Moyle explains how the exploit works and how to deal with it.Continue Reading

• How to prepare for a cloud DDoS attack on an enterprise

  Suffering a cloud DDoS attack is now more likely than ever. Expert Frank Siemons discusses what enterprises need to know about these attacks and how to prevent them.Continue Reading

• Ownership of cloud risks gets lost in many cloud computing scenarios

  CISOs ensure that cloud services comply with IT security and risk management policies. But who has executive oversight of cloud-based technology and data?Continue Reading

• Legacy security tools challenge companies facing cloud migration

  Traditional security tools designed for data centers don't work well in cloud environments. New approaches are needed, according to security executives. Here's how to survive the chasm.Continue Reading

• Companies make the migration to cloud, security remains on premises

  While the effectiveness of traditional security controls depends on the cloud model, many security vendors still need to add cloud delivery to their tools.Continue Reading

• The security divide between on-premises and cloud infrastructures

  Fenwick & West LLP's IT services are delivered through a hybrid of on-premises, software-as-a-service and cloud infrastructures. "As we straddle the cloud and on premises, our security problems have just broadened," said CIO Matt Kesner.

  The ...Continue Reading

• Information security metrics: What to collect in the cloud

  Threat-related metrics that CISOs find useful often differ from what the C-suite wants to know. Here's how to communicate risk -- and return -- on cloud security investments.Continue Reading

• Data breach compensation: What enterprises need to know

  Data breach compensation amounts often fall short of covering the actual damages, especially in a cloud breach. Expert Frank Siemons discusses data breach settlement options.Continue Reading

• Why enterprise cloud IAM policies need to be stronger

  A cloud IAM policy is crucial to protecting an organization from external and internal threats. Expert Rob Shapland discusses how to bolster cloud IAM.Continue Reading

• How the cloud can help organizations with security log data

  Organizations often have to deal with copious amounts of security log data and that can be challenging. Expert Frank Siemons explains how the cloud can help manage log data.Continue Reading

• How cloud synchronization can facilitate the spread of malware

  Malware can spread from one user to many through cloud synchronization. Expert Rob Shapland explains what enterprise users should know about their synchronization folders.Continue Reading

• How to address redundant cloud security controls

  Overlapping security controls for cloud apps and services can be detrimental to enterprises. Expert Rob Shapland explains why that is, and what organizations can do about it.Continue Reading

• How to secure a cloud workload as it travels between CSPs

  Typically a cloud workload doesn't stay in one spot. Expert Dave Shackleford discusses the best ways to secure traveling cloud workloads as they move across environments.Continue Reading

• How to combat cloud-based gaming security risks

  There are many security risks for cloud-based gaming platforms. Expert Frank Siemons explains what's happened to gaming providers like Sony and Steam.Continue Reading

• How are cloud threats abusing public cloud services?

  Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks of these cloud threats.Continue Reading

• How to protect an origin IP address from attackers

  Cloud security providers protect enterprises from DDoS attacks, but attackers can still find the origin IP addresses. Expert Rob Shapland explains why that's a significant threat.Continue Reading

• Cloud DLP: What are the benefits for enterprises?

  Expert Dan Sullivan explains how enterprises can manage cloud DLP for data in cloud file storage services that offer offline synchronization.Continue Reading

• Which cloud security certifications should providers have?

  With numerous security standards and certifications available, evaluating a cloud provider can be tricky. Expert Dan Sullivan explains what to look for during evaluation.Continue Reading

• How can enterprises prevent shadow data leakage?

  The increased use of cloud applications has caused a parallel increase in shadow data loss. Expert Dan Sullivan explains how to prevent the risk.Continue Reading

• Protect cloud file sharing from a man-in-the-cloud attack

  Man-in-the-cloud attacks on file sharing services can lead to confidential data leakage. Expert Rob Shapland explains how to mitigate the threat.Continue Reading

• Can AWS security features help HealthCare.gov security?

  Moving HealthCare.gov onto AWS helped the government improve the safety of the site. Expert Dan Sullivan explains which AWS security features were most beneficial.Continue Reading

• CSA Guide to Cloud Computing

  In this excerpt of CSA Guide to Cloud Computing, authors Rai Samani, Brian Honan and Jim Reavis review cloud security threats based on research by the CSA's Top Threats Working Group.Continue Reading

• How can we mitigate the risks of cloud database services?

  Before utilizing cloud database services, there are several security considerations to keep in mind and prepare for. Expert Dan Sullivan explains.Continue Reading

• Regaining control of cloud compliance

  As assets are moved to the cloud, organizations must take steps to ensure that cloud compliance requirements are upheld by third-party vendors. This is a major undertaking that requires knowledge of federal, state and international law; changing ...Continue Reading

• Five ways CIOs build hybrid cloud security

  As CIOs adopt hybrid cloud strategies, some quickly learn that force-fitting traditional security methods to public and private clouds, or some combination, doesn't work. Whether it's migrating non-sensitive workloads to off-site data centers or ...Continue Reading

• Addressing the VENOM cloud vulnerability with cloud patch management

  The VENOM cloud vulnerability was called the next Heartbleed, but how bad is it? Expert Rob Shapland explains the affect it should have on your enterprise.Continue Reading

• Using a VMware firewall as part of a defense-in-depth strategy

  While it is not the Holy Grail of network security, VMware firewall technologies are critical components of protecting a virtual data center. Expert Paul Henry explains why.Continue Reading

• Qualys CEO discusses cloud computing threats, 'cloud without borders'

  Qualys CEO Philippe Courtot spoke at RSA Conference 2015 about why security firms need to take a page from Doctors Without Borders.Continue Reading

• Shadow cloud problem growing, SkyHigh Networks says

  Kamal Shah of SkyHigh Networks talks with SearchSecurity about the rapid adoption of shadow cloud apps and services in the enterprise.Continue Reading

• Key steps to reducing the shadow cloud threat

  Though shadow cloud threatens enterprise security, there are ways to lessen the risks and protect organizations' systems and applications.Continue Reading

• How can hybrid app security risks be mitigated?

  Despite their appeal, hybrid cloud apps come with a number of security risks. Expert Dan Sullivan explains what the challenges are and how to prevent them.Continue Reading

• Neglected cloud app security is among major SaaS security issues

  A report from Adallom highlights the lack of SaaS security in enterprises, but expert Dave Shackleford has ways to take back the cloud and lessen the risks, such as enhanced cloud app security.Continue Reading

• How to mitigate VPN security issues in the cloud

  VPN security issues in the cloud aren't uncommon, but they can be easily avoided with a few simple measures. Expert Dejan Lukan explains how.Continue Reading

• What policies should be in a cloud infrastructure security program?

  Expert Dan Sullivan explains which policies and security controls enterprises should include in their cloud infrastructure security program to prevent cloud security compromises.Continue Reading

• Can the Cloud Security Alliance help with comparing cloud providers?

  The Cloud Security Alliance published its Privacy Level Agreement for Europe v2 to help consumers compare cloud providers. Expert Dan Sullivan explains how it can help U.S. companies as well.Continue Reading

• How to achieve better cloud security for your enterprise

  Better security in the cloud is possible. Learn what national standards and the CSA can do, what they cannot and how to plug the security gap.Continue Reading

• Cloud discovery: Finding shadow cloud use in the enterprise

  Securing approved cloud applications is hard enough, but what about the apps it can't see? Expert Ed Moyle discusses three strategies for finding enterprise shadow cloud usage.Continue Reading

• Collaboration with Cloud Computing

  In this excerpt of Collaboration with Cloud Computing, author Ric Messier outlines how enterprises can evaluate risk management in the cloud.Continue Reading

• Best practices for cloud-based identity and access management

  While using the cloud for identity and access management can simplify the task, it is critical to consider a number of factors when implementing cloud IAM products and services. Expert Dave Shackleford explains.Continue Reading

• Applying zero-knowledge to data storage security in cloud computing

  Expert Dejan Lukan offers examples of why enterprises need cryptographically secure cloud applications based on the zero-knowledge principle.Continue Reading

• Cloud tokenization: Why it might replace cloud encryption

  Expert Dave Shackleford says cloud tokenization technology is becoming an attractive alternative to cloud encryption, but problems persist.Continue Reading

• Cloud-based application security: Preventing security breaches

  Cloud-based application security is becoming an increasingly prevalent concern. Uncover three key best practices for preventing security breaches.Continue Reading

• Cloud forensics: An intro to cloud network forensic data collection

  This introduction to cloud forensics explores the challenges of collecting cloud network forensic data and finding a provider to support the process.Continue Reading

• Multifactor authentication in the cloud: Assessing provider services

  Expert Dave Shackleford discusses authentication in the cloud, including details on the multifactor authentication services of major cloud providers.Continue Reading

• Avoiding privacy disclosures: Keep big data from prying eyes

  Continue Reading

• Cloud stack security: Understanding cloud VM risk scenarios

  Expert Dave Shackleford explains how cloud stack security must withstand a variety of a current and emerging threats, particularly cloud VM risk.Continue Reading

• How to assess cloud risk tolerance

  Assessing risk tolerance is a key part of a cloud risk management strategy. In this tip expert Ed Moyle explains how to assess cloud risk tolerance.Continue Reading

• Storing data in the cloud: Addressing data location security issues

  When storing data in the cloud, ignoring the physical location of cloud data is a major mistake. Learn how to prevent data location security issues.Continue Reading

• SOC 2 reports: The de facto cloud provider security standard

  They're not perfect, but SOC 2 reports are becoming the baseline for cloud provider security assessments. Expert Dave Shackleford discusses.Continue Reading

• Three practices to prevent cloud vendor lock-in

  Expert Ed Moyle offers three tips for preventing cloud lock-in long after contract negotiations are complete.Continue Reading

• Cloud data breach notification: Defining legal obligations

  Francoise Gilbert provides a cloud data breach notification overview for enterprises concerned about placing personal information in the cloud.Continue Reading

• Are FedRAMP security controls enough?

  Cloud service providers are working with authorized third-party auditors to meet FedRAMP security controls. The 3PAOs tell us how it’s going, so far.Continue Reading

• Amazon S3 encryption overview: How to secure data in the Amazon cloud

  Learn details for employing Amazon S3 encryption features. Expert Dave Shackleford compares S3 encryption to other cloud provider offerings.Continue Reading

• Cloud API security risks: How to assess cloud service provider APIs

  The CSA says cloud API security is a top threat to cloud environments. Expert Dave Shackleford explains how to assess the security of providers' APIs.Continue Reading

• Cloud application inventory tracking best practices

  Brien Posey discusses the pros and cons of application inventory tracking in the cloud, and advises enterprises on what to track in the cloud and why.Continue Reading

• SaaS, cloud computing vulnerability management: Choosing a provider

  Cloud-based vulnerability scanning is gaining market share. Learn how to decide if these services are a good fit for you and how to choose a provider.Continue Reading

• Cross-VM side-channel attacks: How to defend cloud infrastructures

  Expert Dave Shackleford analyzes the likelihood and effects of cross-VM side channel attacks in the cloud and offers mitigations for concerned users.Continue Reading

• CSA Certificate of Cloud Security Knowledge

  SearchCloudSecurity in partnership with CSA is providing professionals tools and resources to help earn the Certificate of Cloud Security Knowledge (CCSK).Continue Reading