Problem solve
Get help with specific problems with your technologies, process and projects.
Problem solve
Get help with specific problems with your technologies, process and projects.
Prevent cloud account hijacking with 3 key strategies
The ability to identify the various methods of cloud account hijacking is key to prevention. Explore three ways to limit potential consequences of cloud credential compromise. Continue Reading
An inside look at the CCSP cloud security cert
Get insights into the Certified Cloud Security Professional cert, cloud infrastructure and platform benefits and risks, and more from the author of a CCSP exam guide. Continue Reading
Hands-on guide to S3 bucket penetration testing
Attention AWS pen testers: The trick to understanding the indicators of AWS S3 bucket vulnerabilities is setting up an insecure bucket. Learn how in this actionable guide. Continue Reading
-
How to handle Amazon S3 bucket pen testing complexity
Security researcher Benjamin Caudill shares details from his book, 'Hands-On AWS Penetration Testing with Kali Linux,' and advice on Amazon S3 bucket pen testing for ethical hackers. Continue Reading
How to address and close the cloud security readiness gap
Cloud security readiness remains a shortcoming for companies despite the majority using cloud services. Here are three steps they can take to close the cloud security gap. Continue Reading
How to address and mitigate serverless security issues
There are two major security implications of serverless cloud infrastructure: secure coding and identity and access management. Uncover best practices to mitigate these risks.Continue Reading
Shared responsibility model transparency boosts cloud security
The shared responsibility model delineates where company and CSP security responsibilities start and end. This is critical not only for compliance, but also the big security picture.Continue Reading
Risks of container escape vulnerabilities and how to counter them
Container escape vulnerabilities create new challenges for security and risk management teams. Learn more about container escapes and how to prevent exploitation.Continue Reading
Research shows cloud security vulnerabilities grow
Recent research shows the number of cloud security incidents are growing. Here are the biggest contributors to the complicated cloud threat landscape facing modern enterprises.Continue Reading
As cloud complexities increase, cybersecurity skills gap worsens
Concerns about the lack of security expertise persist, according to respondents in a new CSA survey of IT and security professionals on complexities within native cloud, hybrid and multi-cloud environments.Continue Reading
-
3 best practices for cloud security monitoring
Cloud security monitoring can be laborious to set up, but organizations can make it easier. Learn about three best practices for cloud security monitoring and the available tools.Continue Reading
The top cloud security challenges are 'people problems'
Cloud security begins at home. Considering the human factor in cybersecurity is step one when it comes to addressing how to keep critical assets safe in cloud.Continue Reading
Three steps to secure function as a service
Securely setting up function as a service, or serverless computing, is complicated. Learn how to secure function-as-a-service cloud environments with three standard principles.Continue Reading
Protect your enterprise against shadow IT in the cloud
More technologies than ever are available to people now that the cloud is so pervasive, and, as a result, shadow IT has become a problem. Expert Michael Cobb explains what to do.Continue Reading
Container security awareness, planning required as threats persist
As container security vulnerabilities continue to emerge, companies should plan ahead and have strategies ready to defend against looming segmentation failures.Continue Reading
How to defend against malicious IP addresses in the cloud
Cybercriminals have found a way to use the cloud to mask their locations. Expert Rob Shapland looks at the options organizations have to deal with malicious IP addresses.Continue Reading
How to monitor and detect a cloud API vulnerability
A REST API vulnerability in Salesforce's Marketing Cloud service put users at risk of data disclosure. Learn how to detect cloud API vulnerabilities from expert Rob Shapland.Continue Reading
How to prevent cloud cryptojacking attacks on your enterprise
As the value of bitcoin has risen over the last year, so has the prevalence of cloud cryptojacking attacks. Expert Rob Shapland explains how enterprises can prevent these attacks.Continue Reading
How enterprises should handle GDPR compliance in the cloud
GDPR compliance in the cloud can be an intimidating concept for some enterprises, but it doesn't have to be. Rob Shapland explains why it's not so different from on premises.Continue Reading
How to prevent SQL injection attacks in your enterprise
SQL injection attacks threaten enterprise database security, but the use of cloud services can reduce the risk. Here's a look at some alternative SQL injection protection methods.Continue Reading
Secure cloud migration: What pitfalls should companies avoid?
Enterprises can ensure a secure cloud migration by avoiding specific risks. Expert Judith Myerson outlines what to look for and what mistakes not to make when moving to the cloud.Continue Reading
How to handle configuration management in the cloud without issue
Not handling configuration management in the cloud correctly can unintentionally expose sensitive enterprise data. Expert Ed Moyle explains how to make sure this doesn't happen.Continue Reading
How to prevent an insider data breach of the cloud
Enterprises using the cloud should be particularly careful to avoid an insider data breach. Expert Frank Siemons explains why it's important to stop insider threats in the cloud.Continue Reading
How can a hypervisor deployment avoid security risks?
A hypervisor deployment can put the security of an organization at risk, but there are ways to make it secure. Expert Judith Myerson outlines how to make the process safer.Continue Reading
How Docker APIs can be misused to plant malware
Researchers discovered how Docker APIs can be exploited to hide malware. Dave Shackleford explains the attack method and the threat it poses to container and virtual machines.Continue Reading
The security risks of HTTPS inspection in the cloud
Cloud service providers can perform HTTPS inspection, despite warnings from US-CERT. Expert Ed Moyle looks at what this technique does and what the security implications are.Continue Reading
How attackers can intercept iCloud Keychain data
A verification flaw in the synchronization service of iCloud Keychain enables attackers to intercept the data it transfers. Expert Frank Siemons explains what to do about it.Continue Reading
Applying proper cloud access control to prevent data exposures
Several recent data exposures have involved misconfigured Amazon S3 buckets. Dave Shackleford discusses the importance of proper cloud access control and how to implement it.Continue Reading
Solving cloud console fatigue for enterprises
Kamal Shah of Skyhigh Networks explains how his company is battling cloud console fatigue for enterprises and expanding its CASB model beyond cloud applications.Continue Reading
The security challenges of custom applications in the cloud
Securing custom applications in the cloud can be a hassle for enterprises. Expert Ed Moyle discusses how to make it easier to secure custom cloud apps.Continue Reading
How NetFlow data can be used for cloud environments
Collecting and analyzing NetFlow data can help organizations detect security incidents and figure out their cause. Expert Frank Siemons explains how NetFlow works.Continue Reading
Continuous monitoring in the cloud: Two steps to make it a reality
Enterprises can achieve continuous monitoring in the cloud if they focus on the two main elements of it. Expert Dave Shackleford discusses what those elements are.Continue Reading
What a CPU cache exploit means for multi-tenant cloud security
Researchers recently proved that it's possible to steal cloud data from a CPU cache. Expert Rob Shapland discusses how this works and what it means for multi-tenant cloud security.Continue Reading
How to ensure a secure data transport of information in the cloud
A secure data transport of information stored in the cloud can be challenging. Expert Frank Siemons explains the options available to companies for securing physical data movement.Continue Reading
Is a malicious hypervisor a real security threat to enterprises?
It's possible for hackers to use a malicious hypervisor to access data on virtual machines. Expert Ed Moyle discusses how this works and the potential threat it poses.Continue Reading
A guide to cloud security certifications for infosec pros
Both vendor-neutral and vendor-specific cloud security certifications have emerged as businesses shift toward cloud computing models that reduce TCO and expand computing capacity.Continue Reading
How CASBs are broadening to address IaaS security
CASBs have started extending their reach into IaaS platforms. Expert Rob Shapland looks at what they're doing and the effect they could have on IaaS security.Continue Reading
Four common cloud attacks and how to prepare for them
Cloud attacks are increasingly targeting service providers. Expert Frank Siemons looks at the different types of attacks from which service providers and enterprises should be protected.Continue Reading
How hackers use Google cloud services to attack enterprises
Hackers, such as the Carbanak group, use Google cloud services to infiltrate organizations' systems. Expert Rob Shapland explains how that works and what can be done to stop it.Continue Reading
How to boost CDN security and protect enterprise data
A recent Cloudflare bug highlights CDN security and the need for vigilance in protecting sensitive enterprise data. Expert Dave Shackleford discusses the flaw and what can be done.Continue Reading
How a container escape vulnerability can threaten enterprises
A container escape vulnerability can expose enterprise systems to attackers. Expert Rob Shapland explains how these flaws work and how to mitigate the threat.Continue Reading
How to detect and mitigate malicious content from the cloud
Malicious content hosted in the cloud is more common than you might think. Expert Ed Moyle looks at what enterprises need to know about cloud malware and how to stop it.Continue Reading
What enterprises need to know about securing a multicloud deployment
A multicloud deployment takes considerable planning for an enterprise, especially when it comes to security. Expert Dave Shackleford looks at the challenges of multicloud.Continue Reading
How to detect and prevent a man-in-the-cloud attack
A man-in-the-cloud attack is a newer threat to enterprise security and it's not always easy to detect. Expert Frank Siemons explains how the attacks work and what can be done.Continue Reading
How does the Cisco CloudCenter Orchestrator vulnerability work?
Cisco's CloudCenter Orchestrator was found to have a privilege escalation vulnerability. Expert Matthew Pascucci explains how it works and what enterprises need to know about it.Continue Reading
How a RHEL virtual machine in Microsoft Azure can be exploited
RHEL virtual machines hosted in Microsoft Azure were recently found to have significant security vulnerabilities. Expert Rob Shapland explains them and what enterprises can learn.Continue Reading
Why CloudFanta malware poses an unusual threat to enterprises
CloudFanta is a new kind of malware threatening enterprises. Expert Rob Shapland explains how it leverages cloud storage site SugarSync to infect users and enterprises.Continue Reading
How the Flip Feng Shui technique undermines cloud security
The Flip Feng Shui attack against hypervisors could have both short and long-term effects on enterprises. Expert Ed Moyle explains how the exploit works and how to deal with it.Continue Reading
How to prepare for a cloud DDoS attack on an enterprise
Suffering a cloud DDoS attack is now more likely than ever. Expert Frank Siemons discusses what enterprises need to know about these attacks and how to prevent them.Continue Reading
Ownership of cloud risks gets lost in many cloud computing scenarios
CISOs ensure that cloud services comply with IT security and risk management policies. But who has executive oversight of cloud-based technology and data?Continue Reading
Legacy security tools challenge companies facing cloud migration
Traditional security tools designed for data centers don't work well in cloud environments. New approaches are needed, according to security executives. Here's how to survive the chasm.Continue Reading
Companies make the migration to cloud, security remains on premises
While the effectiveness of traditional security controls depends on the cloud model, many security vendors still need to add cloud delivery to their tools.Continue Reading
The security divide between on-premises and cloud infrastructures
Fenwick & West LLP's IT services are delivered through a hybrid of on-premises, software-as-a-service and cloud infrastructures. "As we straddle the cloud and on premises, our security problems have just broadened," said CIO Matt Kesner.
The ...Continue Reading
Information security metrics: What to collect in the cloud
Threat-related metrics that CISOs find useful often differ from what the C-suite wants to know. Here's how to communicate risk -- and return -- on cloud security investments.Continue Reading
Data breach compensation: What enterprises need to know
Data breach compensation amounts often fall short of covering the actual damages, especially in a cloud breach. Expert Frank Siemons discusses data breach settlement options.Continue Reading
Why enterprise cloud IAM policies need to be stronger
A cloud IAM policy is crucial to protecting an organization from external and internal threats. Expert Rob Shapland discusses how to bolster cloud IAM.Continue Reading
How the cloud can help organizations with security log data
Organizations often have to deal with copious amounts of security log data and that can be challenging. Expert Frank Siemons explains how the cloud can help manage log data.Continue Reading
How cloud synchronization can facilitate the spread of malware
Malware can spread from one user to many through cloud synchronization. Expert Rob Shapland explains what enterprise users should know about their synchronization folders.Continue Reading
How to address redundant cloud security controls
Overlapping security controls for cloud apps and services can be detrimental to enterprises. Expert Rob Shapland explains why that is, and what organizations can do about it.Continue Reading
How to secure a cloud workload as it travels between CSPs
Typically a cloud workload doesn't stay in one spot. Expert Dave Shackleford discusses the best ways to secure traveling cloud workloads as they move across environments.Continue Reading
How to combat cloud-based gaming security risks
There are many security risks for cloud-based gaming platforms. Expert Frank Siemons explains what's happened to gaming providers like Sony and Steam.Continue Reading
How are cloud threats abusing public cloud services?
Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks of these cloud threats.Continue Reading
How to protect an origin IP address from attackers
Cloud security providers protect enterprises from DDoS attacks, but attackers can still find the origin IP addresses. Expert Rob Shapland explains why that's a significant threat.Continue Reading
Cloud DLP: What are the benefits for enterprises?
Expert Dan Sullivan explains how enterprises can manage cloud DLP for data in cloud file storage services that offer offline synchronization.Continue Reading
Which cloud security certifications should providers have?
With numerous security standards and certifications available, evaluating a cloud provider can be tricky. Expert Dan Sullivan explains what to look for during evaluation.Continue Reading
How can enterprises prevent shadow data leakage?
The increased use of cloud applications has caused a parallel increase in shadow data loss. Expert Dan Sullivan explains how to prevent the risk.Continue Reading
Protect cloud file sharing from a man-in-the-cloud attack
Man-in-the-cloud attacks on file sharing services can lead to confidential data leakage. Expert Rob Shapland explains how to mitigate the threat.Continue Reading
Can AWS security features help HealthCare.gov security?
Moving HealthCare.gov onto AWS helped the government improve the safety of the site. Expert Dan Sullivan explains which AWS security features were most beneficial.Continue Reading
CSA Guide to Cloud Computing
In this excerpt of CSA Guide to Cloud Computing, authors Rai Samani, Brian Honan and Jim Reavis review cloud security threats based on research by the CSA's Top Threats Working Group.Continue Reading
How can we mitigate the risks of cloud database services?
Before utilizing cloud database services, there are several security considerations to keep in mind and prepare for. Expert Dan Sullivan explains.Continue Reading
Regaining control of cloud compliance
As assets are moved to the cloud, organizations must take steps to ensure that cloud compliance requirements are upheld by third-party vendors. This is a major undertaking that requires knowledge of federal, state and international law; changing ...Continue Reading
Five ways CIOs build hybrid cloud security
As CIOs adopt hybrid cloud strategies, some quickly learn that force-fitting traditional security methods to public and private clouds, or some combination, doesn't work. Whether it's migrating non-sensitive workloads to off-site data centers or ...Continue Reading
Addressing the VENOM cloud vulnerability with cloud patch management
The VENOM cloud vulnerability was called the next Heartbleed, but how bad is it? Expert Rob Shapland explains the affect it should have on your enterprise.Continue Reading
Using a VMware firewall as part of a defense-in-depth strategy
While it is not the Holy Grail of network security, VMware firewall technologies are critical components of protecting a virtual data center. Expert Paul Henry explains why.Continue Reading
Qualys CEO discusses cloud computing threats, 'cloud without borders'
Qualys CEO Philippe Courtot spoke at RSA Conference 2015 about why security firms need to take a page from Doctors Without Borders.Continue Reading
Shadow cloud problem growing, SkyHigh Networks says
Kamal Shah of SkyHigh Networks talks with SearchSecurity about the rapid adoption of shadow cloud apps and services in the enterprise.Continue Reading
Key steps to reducing the shadow cloud threat
Though shadow cloud threatens enterprise security, there are ways to lessen the risks and protect organizations' systems and applications.Continue Reading
How can hybrid app security risks be mitigated?
Despite their appeal, hybrid cloud apps come with a number of security risks. Expert Dan Sullivan explains what the challenges are and how to prevent them.Continue Reading
Neglected cloud app security is among major SaaS security issues
A report from Adallom highlights the lack of SaaS security in enterprises, but expert Dave Shackleford has ways to take back the cloud and lessen the risks, such as enhanced cloud app security.Continue Reading
How to mitigate VPN security issues in the cloud
VPN security issues in the cloud aren't uncommon, but they can be easily avoided with a few simple measures. Expert Dejan Lukan explains how.Continue Reading
What policies should be in a cloud infrastructure security program?
Expert Dan Sullivan explains which policies and security controls enterprises should include in their cloud infrastructure security program to prevent cloud security compromises.Continue Reading
Can the Cloud Security Alliance help with comparing cloud providers?
The Cloud Security Alliance published its Privacy Level Agreement for Europe v2 to help consumers compare cloud providers. Expert Dan Sullivan explains how it can help U.S. companies as well.Continue Reading
How to achieve better cloud security for your enterprise
Better security in the cloud is possible. Learn what national standards and the CSA can do, what they cannot and how to plug the security gap.Continue Reading
Cloud discovery: Finding shadow cloud use in the enterprise
Securing approved cloud applications is hard enough, but what about the apps it can't see? Expert Ed Moyle discusses three strategies for finding enterprise shadow cloud usage.Continue Reading
Collaboration with Cloud Computing
In this excerpt of Collaboration with Cloud Computing, author Ric Messier outlines how enterprises can evaluate risk management in the cloud.Continue Reading
Best practices for cloud-based identity and access management
While using the cloud for identity and access management can simplify the task, it is critical to consider a number of factors when implementing cloud IAM products and services. Expert Dave Shackleford explains.Continue Reading
How to develop a business strategy for cloud security
Expert R.H. White walks through how to develop a business strategy that provides information security on the cloud.Continue Reading
Applying zero-knowledge to data storage security in cloud computing
Expert Dejan Lukan offers examples of why enterprises need cryptographically secure cloud applications based on the zero-knowledge principle.Continue Reading
Cloud tokenization: Why it might replace cloud encryption
Expert Dave Shackleford says cloud tokenization technology is becoming an attractive alternative to cloud encryption, but problems persist.Continue Reading
Cloud-based application security: Preventing security breaches
Cloud-based application security is becoming an increasingly prevalent concern. Uncover three key best practices for preventing security breaches.Continue Reading
Cloud forensics: An intro to cloud network forensic data collection
This introduction to cloud forensics explores the challenges of collecting cloud network forensic data and finding a provider to support the process.Continue Reading
Multifactor authentication in the cloud: Assessing provider services
Expert Dave Shackleford discusses authentication in the cloud, including details on the multifactor authentication services of major cloud providers.Continue Reading
Avoiding privacy disclosures: Keep big data from prying eyes
Cloud stack security: Understanding cloud VM risk scenarios
Expert Dave Shackleford explains how cloud stack security must withstand a variety of a current and emerging threats, particularly cloud VM risk.Continue Reading
How to assess cloud risk tolerance
Assessing risk tolerance is a key part of a cloud risk management strategy. In this tip expert Ed Moyle explains how to assess cloud risk tolerance.Continue Reading
Storing data in the cloud: Addressing data location security issues
When storing data in the cloud, ignoring the physical location of cloud data is a major mistake. Learn how to prevent data location security issues.Continue Reading
SOC 2 reports: The de facto cloud provider security standard
They're not perfect, but SOC 2 reports are becoming the baseline for cloud provider security assessments. Expert Dave Shackleford discusses.Continue Reading
Three practices to prevent cloud vendor lock-in
Expert Ed Moyle offers three tips for preventing cloud lock-in long after contract negotiations are complete.Continue Reading
Cloud data breach notification: Defining legal obligations
Francoise Gilbert provides a cloud data breach notification overview for enterprises concerned about placing personal information in the cloud.Continue Reading
Are FedRAMP security controls enough?
Cloud service providers are working with authorized third-party auditors to meet FedRAMP security controls. The 3PAOs tell us how it’s going, so far.Continue Reading