Problem solve
Get help with specific problems with your technologies, process and projects.
Problem solve
Get help with specific problems with your technologies, process and projects.
Are FedRAMP security controls enough?
Cloud service providers are working with authorized third-party auditors to meet FedRAMP security controls. The 3PAOs tell us how it’s going, so far. Continue Reading
Amazon S3 encryption overview: How to secure data in the Amazon cloud
Learn details for employing Amazon S3 encryption features. Expert Dave Shackleford compares S3 encryption to other cloud provider offerings. Continue Reading
Cloud API security risks: How to assess cloud service provider APIs
The CSA says cloud API security is a top threat to cloud environments. Expert Dave Shackleford explains how to assess the security of providers' APIs. Continue Reading
-
Cloud application inventory tracking best practices
Brien Posey discusses the pros and cons of application inventory tracking in the cloud, and advises enterprises on what to track in the cloud and why. Continue Reading
SaaS, cloud computing vulnerability management: Choosing a provider
Cloud-based vulnerability scanning is gaining market share. Learn how to decide if these services are a good fit for you and how to choose a provider. Continue Reading
Cross-VM side-channel attacks: How to defend cloud infrastructures
Expert Dave Shackleford analyzes the likelihood and effects of cross-VM side channel attacks in the cloud and offers mitigations for concerned users.Continue Reading
CSA Certificate of Cloud Security Knowledge
SearchCloudSecurity in partnership with CSA is providing professionals tools and resources to help earn the Certificate of Cloud Security Knowledge (CCSK).Continue Reading
How to overcome unique cloud-based patch management challenges
Expert Dave Shackleford discusses how patch management differs in a cloud environment and provides tips for dealing with new patching obstacles.Continue Reading
Evaluating cloud providers: Avoid security issues with cloud computing
Are security issues with cloud computing blocking an implementation? Expert Davi Ottenheimer offers tips for evaluating cloud providers for security.Continue Reading
Logging in the cloud: Assessing the options and key considerations
Expert Dave Shackleford considers a variety of options for logging in the cloud and determines which choice works best for enterprises.Continue Reading
-
Security incident management in the cloud: Tackling the challenges
Identifying security incidents in cloud environments isn't easy, but there are steps companies can take to ease the process.Continue Reading
An examination of PaaS security challenges
Organizations need to consider the security implications associated with data location, privileged access and a distributed architecture in the PaaS model.Continue Reading
Password-based authentication: A weak link in cloud authentication
Password cracking tools demonstrate the weakness of passwords for securing cloud services.Continue Reading
Intrusion detection in the cloud: Public cloud IDS considerations
Find out about key issues to weigh when implementing IDS in public cloud environments, and options available.Continue Reading
AWS firewall options for cloud network security
Organizations have limited choices for implementing firewall controls in Amazon's cloud.Continue Reading
DNS attacks: Compromising DNS in the cloud
An examination of DNS attack vectors in the IaaS environment.Continue Reading
Virtualization vulnerabilities and virtualization security threats
Vulnerabilities affecting VMware and other virtualization platforms underscore the need for patch management and risk management in virtual and cloud environments.Continue Reading
Vertical cloud providers and cloud transparency
An examination of some vertical-specific CSPs shows security details are hard to find.Continue Reading
Cloud DLP: Understanding how DLP works in virtual, cloud environments
Applying DLP technology to virtual machines can enable cloud computing with enhanced security and compliance.Continue Reading
Leveraging Microsoft Azure security features for PaaS security
Organizations can boost PaaS security late in the game by implementing these stopgap measures.Continue Reading
Cloud Security as a Service for secure cloud-based server hosting
Expert Joseph Granneman looks at cloud Security as a Service options, like encryption and IdM, for ensuring secure cloud-based server hosting.Continue Reading
Demystifying the Patriot Act: Cloud computing impact
An examination of the rules for federal data access shows that it’s actually a complex, difficult process.Continue Reading
Cloud computing and data protection
This cloud computing data protection guide offers advice on how to secure data in the cloud and acts as a cloud computing encryption tutorial.Continue Reading
Countering cloud computing threats: Malicious insiders
Learn the questions to ask in order to vet your cloud provider’s hiring practices and administrative controls.Continue Reading
Five steps for achieving PaaS security in the cloud
Securing PaaS requires implementing application security fundamentals.Continue Reading
Using SSAE 16 standard, SOC reports to assess cloud provider security
The SAS 70 report has been replaced by the SSAE 16, but how does it stack up as a tool to measure a provider’s security?Continue Reading
SaaS security: Weighing SaaS encryption options
A look at SaaS encryption techniques and challenges.Continue Reading
VMware configuration management, patching best practices
How to use vSphere 5 tools to streamline configuration and patch management.Continue Reading
How to evaluate virtual firewalls
Enterprises have a lot of choice when it comes to virtual firewalls. Here’s what you should look for.Continue Reading
Private cloud computing security issues
Don’t overlook the risks of private cloud deployments. Here are five security issues to consider.Continue Reading
Cloud computing encryption and IaaS security
Learn how to encrypt two kinds of IaaS storage for data protection.Continue Reading
Techniques for sensitive data discovery in the cloud
Tracking data is complex in cloud environments, but there are a number of tools and compliance activities organizations can leverage.Continue Reading
Network segmentation best practices in virtual and private cloud environments
Learn how to apply network isolation to ensure security in your virtualized infrastructure.Continue Reading
Cloud risk assessment and ISO 27000 standards
How do you measure the trustworthiness of a cloud service provider? The ISO 27000 security series can help.Continue Reading
Configuration management processes in virtualized environments
Patch and configuration management can be time consuming, but tools can streamline the process for virtual systems.Continue Reading
Amazon S3 security: Exploiting misconfigurations
A tool uses standard wordlists to expose vulnerabilities in Amazon S3 implementations.Continue Reading
A six-step virtualization risk assessment process
Learn how to perform a risk assessment on your virtual environments.Continue Reading
How to build a private cloud securely using OpenStack
Learn basic steps for deploying OpenStack securely when building a private cloud.Continue Reading
How to pen test cloud computing environments
Performing penetration tests in the cloud comes with unique considerations that organizations must take into account.Continue Reading
A framework for evaluating cloud computing risk
One approach for building a customized, due-diligence process for evaluating cloud provider risk and presenting the results to management.Continue Reading
Cloud computing disaster recovery: Best practices for DR in the cloud
The April Amazon outage underscored the need for enterprises to plan for failure.Continue Reading
Amazon EC2 security: Securing an EC2 instance
Learn the basics for ensuring your EC2 instance is properly secured in this tip by security expert Dave Shackleford.Continue Reading
Legacy application migration to the cloud and security
Check your assumptions about security when moving legacy applications to the cloud.Continue Reading
Detecting and managing unauthorized use of cloud computing
Want to know if developers or sales executives are moving data to the cloud? Here are three tools that can help.Continue Reading
Ten key provisions in cloud computing contracts
Cloud computing customers need to pay attention to contract terms, security requirements and other provisions.Continue Reading
Top virtualization security risks and how to prevent them
Virtual environments present unique security threats. Learn about the top risks and how to mitigate them.Continue Reading
Cloud flow: Network flow analysis and application traffic monitoring
How can you determine where and when your data is flowing to the cloud? In this tip, learn about network flow analysis and application traffic monitoring for cloud computing migrations.Continue Reading
Cloud encryption use cases
A look at how encryption is handled in some common cloud computing architectures.Continue Reading
Public cloud services security: Terremark and Rackspace
A look at some of the security capabilities in Terremark, Rackspace, and other hosting providers.Continue Reading
Cloud computing security concerns: How to audit cloud computing
This chapter discusses key controls to look for when you are auditing IT operations that have been outsourced to external companies.Continue Reading
Securing a multi-tenant environment
Learn some of the key elements for secure multi-tenancy.Continue Reading
Incident response process in a cloud environment
Cloud computing makes incident response much more complex. Here’s what you need to do to prepare.Continue Reading
Cloud computing legal issues: data location
Where in the world a cloud service provider keeps your data could result in legal complications.Continue Reading
How to handle PCI DSS requirements for log management in the cloud
Organizations that must comply with PCI and its log management requirements must be careful when using a cloud service.Continue Reading
The hypervisor security patch management process
Enterprises using virtualization must include hypervisor patching in their patch management process. Robbie Higgins explains why.Continue Reading
Cloud computing legal considerations
Cloud computing services present many legal issues. Organizations need to tread carefully and perform due diligence.Continue Reading
Developing cloud computing contracts
Learn the critical considerations for cloud computing contracts in order to protect your organization.Continue Reading
Digital forensic challenges in a cloud computing environment
Cloud computing creates difficulties for digital forensic investigators.Continue Reading
Ensuring data security with cloud encryption
Encryption is fundamental for protecting sensitive data but can be complicated in the cloud.Continue Reading
Cloud security standards provide assessment guidelines
The Cloud Security Alliance Cloud Controls Matrix helps cloud providers and customers to evaluate security controls.Continue Reading
Compensating controls can help boost cloud compliance
Cloud computing can be attractive for IT services, except when it's time to figure out a compliance strategy. Chenxi Wang of Forrester Research explains the cloud compliance complexities and offers four compensating controls that can help.Continue Reading
SaaS evaluation: Considerations for a SaaS service-level agreement
Before signing-on with a SaaS provider, it's important to thoroughly examine the impact that SaaS will have on your infrastructure. In this tip, Scott Crawford explains how to examine SaaS impact, and how to incorporate your findings into a ...Continue Reading
Simplifying cloud computing security audit procedures
As a channel partner, you're in the perfect spot to guide customers through the thicket of cloud services. Beth Cohen points out cloud computing security challenges and the best practices that can address them.Continue Reading
Cloud computing risks: Secure encryption key management on virtual machines
As cloud computing grows in popularity, secure encryption key management becomes more vital. Michael Cobb explains the security risk affecting cloud computing and virtualized computing and why encryption key management policies need to be included ...Continue Reading
Is Identity Management as a Service (IDaaS) a good idea?
Identity Management as a Service (IDaaS) is new on the managed security service provider scene, so how can you know which of these SaaS service providers to trust with your identity and management access tools? Find out in this expert response.Continue Reading
How secure is 'Platform as a Service (PaaS)?'
There's no doubt that companies will want to leverage cloud computing and platform as a service, but expert Michael Cobb explains why enterprises should proceed with caution.Continue Reading
Cloud computing security: Choosing a VPN type to connect to the cloud
How do VPNs interact with the cloud, and how can enterprises best utilize the combined technologies? In this tip, experts Diana Kelley and Char Sample lay out the devices to consider securing when connecting to the cloud, as well as possible VPN ...Continue Reading
Cloud computing security model overview: Network infrastructure issues
In this primer on cloud computing security, learn about the basics of data security in the cloud, how to secure network infrastructure and devices that interact with cloud-based services and the threats and attacks that pose a risk to enterprises.Continue Reading
Cloud computing security: Infrastructure issues
Cloud computing offers many benefits by cutting costs and enabling a distributed workforce, but learning how the cloud computing infrastructure operates is essential to ensuring secure services. Diana Kelley and Char Sample offer a primer on cloud ...Continue Reading
Security questions to ask SaaS vendors when outsourcing services
As financial-services firms turn to Software as a Service (SaaS) offerings to save money and increase efficiency, they need to make sure their SaaS providers implement strong data security. Someone providing SaaS is also supposed to be providing ...Continue Reading