Tips

Tips

Cloud Computing Compliance, Audit and Data Governance

• 3 steps to ensure data sovereignty in cloud computing

  Data sovereignty regulations combined with a tsunami of data growth and increased cloud usage have created a perfect storm for enterprises. Follow these steps to ensure compliance.  Continue Reading

• Privacy-preserving machine learning assuages infosec fears

  Implementing privacy-preserving machine learning controls, such as federated learning and homomorphic encryption, can address top cloud security and privacy concerns. Learn how.  Continue Reading

• Multi-cloud security strategies rely on visibility, uniformity

  More companies are instituting a multi-cloud strategy that creates unforeseen security challenges. In this tip, get answers to the top multi-cloud security strategy questions.  Continue Reading

• Istio service mesh security benefits microservices, developers

  Learn more about Istio service mesh security features and how the open source technology can enable developers to better run, control and secure a distributed microservices architecture.  Continue Reading

• Top 6 cloud security analytics use cases

  Security analytics use cases vary from fraud detection to threat intelligence analysis. Learn how deploying this technology in the cloud can improve enterprise infosec programs.  Continue Reading

• How to address and mitigate serverless security issues

  There are two major security implications of serverless cloud infrastructure: secure coding and identity and access management. Uncover best practices to mitigate these risks.  Continue Reading

• Comparing SASE vs. traditional network security architectures

  Today's dispersed environments need stronger networking and security architectures. Enter cloud-based Secure Access Service Edge -- a new model for secure network access.  Continue Reading

• Get to know the elements of Secure Access Service Edge

  Cloud services use cases continue to expand, but implementation challenges remain. Discover Secure Access Service Edge, or SASE, offerings and how they can simplify connectivity.  Continue Reading

• Boost security with a multi-cloud workload placement process

  IT must incorporate a multi-cloud workload placement process into its multi-cloud strategy in order to maintain or improve cloud security and cloud operations.  Continue Reading

• Benefits of cloud data discovery tools and services multiply

  With multi-cloud and privacy regulations becoming the new normal, infosec teams need data discovery tools and services to keep up. Learn more about available cloud options.  Continue Reading

• How to evaluate CASB tools for multi-cloud deployments

  When it comes to evaluating CASB tools, it's essential to be an informed customer. Identify your organization's usage and security goals to get the context you need before you buy.  Continue Reading

• Risks of container escape vulnerabilities and how to counter them

  Container escape vulnerabilities create new challenges for security and risk management teams. Learn more about container escapes and how to prevent exploitation.  Continue Reading

• 5 cloud storage privacy questions to ask potential providers

  Data confidentiality in cloud computing is a major enterprise concern, yet providers are often lacking in their details. Here are the questions to ask before adopting a service.  Continue Reading

• How to beef up S3 bucket security to prevent a breach

  Security teams have plenty of tools at their disposal to help their organizations achieve and maintain S3 bucket security. Learn about the threats and best practices to stay safe.  Continue Reading

• How to build and maintain a multi-cloud security strategy

  When using multiple cloud service providers, it's critical to consider your enterprise's cloud scope and the specifics of each cloud service to maintain security.  Continue Reading

• CASB market dynamics, from a customer perspective

  The CASB market is changing. Learn how the fluctuating threat landscape has led to a use case evolution and operational changes for the CASB in the enterprise.  Continue Reading

• 5 best cloud security certifications for IT professionals

  There are a few options for infosec professionals looking for the best cloud security certifications. Expert Frank Siemons outlines the top choices available with a cloud focus.  Continue Reading

• VMs vs. containers: Which is better for security?

  Security professionals make technology decisions every day. Learn about the important security properties of VMs vs. containers and how they affect an organization's security posture.  Continue Reading

• 3 best practices for cloud security monitoring

  Cloud security monitoring can be laborious to set up, but organizations can make it easier. Learn about three best practices for cloud security monitoring and the available tools.  Continue Reading

• Container security awareness, planning required as threats persist

  As container security vulnerabilities continue to emerge, companies should plan ahead and have strategies ready to defend against looming segmentation failures.  Continue Reading

• How to defend against malicious IP addresses in the cloud

  Cybercriminals have found a way to use the cloud to mask their locations. Expert Rob Shapland looks at the options organizations have to deal with malicious IP addresses.  Continue Reading

• How hackers use Docker APIs for cryptojacking

  Remote access puts Docker APIs in a vulnerable position. Expert Dave Shackleford explains how hackers abuse Docker APIs to carry out cryptojacking attacks.  Continue Reading

• What's different about Google Asylo for confidential computing?

  The Google Asylo framework is an open source alternative for confidential computing. Expert Rob Shapland explains how it works and how it's different from other offerings.  Continue Reading

• How do SLAs factor into cloud risk management?

  While you may not have much control over the infrastructure used by cloud service providers, you’re not completely at their mercy when it comes to cloud risk management.  Continue Reading

• Securing remote access for cloud-based systems

  Don't believe the hype: Access control in the cloud is not a lost cause. Read these tips to learn how you can better secure remote access to your cloud-based systems.  Continue Reading

• How online malware collection aids threat intelligence

  Threat intelligence can facilitate cloud-based malware collection, which has value for enterprise cybersecurity. Expert Frank Siemons discusses collecting and analyzing malware.  Continue Reading

• Harden cloud apps with a secure software development lifecycle

  Wouldn't it be nice if every application were 100% cloud-ready? Unfortunately, that's often not the case, which can lead to security risks down the line if not properly addressed.  Continue Reading

• Cloud risk management explained: Just how secure are you?

  There is no shortage of vulnerabilities in the cloud, but the same is true of any outsourcing arrangement. Practicing cloud risk management is essential to staying secure.  Continue Reading

• Are AWS certificate authority services trustworthy?

  AWS now operates as its own CA. What are the potential risks of the new AWS certificate authority services? Expert Dave Shackleford outlines the pros and cons of this new setup.  Continue Reading

• How to prevent cloud cryptojacking attacks on your enterprise

  As the value of bitcoin has risen over the last year, so has the prevalence of cloud cryptojacking attacks. Expert Rob Shapland explains how enterprises can prevent these attacks.  Continue Reading

• Developing a robust data protection procedure for the cloud

  How should the use of cloud services affect your data retention, deletion and archiving practices? Find out what guidelines enterprises should be following to protect cloud data.  Continue Reading

• How enterprises should handle GDPR compliance in the cloud

  GDPR compliance in the cloud can be an intimidating concept for some enterprises, but it doesn't have to be. Rob Shapland explains why it's not so different from on premises.  Continue Reading

• Nine cloud security threats you don't want to ignore

  While cloud computing has introduced remarkable efficiencies, cloud security threats continue to pose challenges. Learn where cloud vulnerabilities lie and how to mitigate them.  Continue Reading

• The security concerns of cloud cryptomining services

  Cloud cryptomining as a service is a security risk to users. Expert Frank Siemons discusses cloud mining service providers and what to look out for if you use one.  Continue Reading

• How to prevent SQL injection attacks in your enterprise

  SQL injection attacks threaten enterprise database security, but the use of cloud services can reduce the risk. Here's a look at some alternative SQL injection protection methods.  Continue Reading

• Cloud security lessons to learn from the Uber data breach

  Any organization that uses cloud services can learn something from the 2016 Uber data breach. Expert Ed Moyle explains the main takeaways from the massive breach.  Continue Reading

• Top five cloud security applications for infosec pros

  The top five cloud security applications for infosec pros cover a wide range of security issues. Expert Frank Siemons outlines the security reasons to use cloud services.  Continue Reading

• The 12 biggest cloud security threats, according to the CSA

  The Cloud Security Alliance reported what it found to be the biggest cloud security threats. Expert Rob Shapland looks at how cloud risks compare to on-premises risks.  Continue Reading

• How to handle configuration management in the cloud without issue

  Not handling configuration management in the cloud correctly can unintentionally expose sensitive enterprise data. Expert Ed Moyle explains how to make sure this doesn't happen.  Continue Reading

• Ransomware in the cloud: How to handle the threat

  Expert Ed Moyle looks at ransomware in the cloud and how it differs from traditional ransomware attacks. Find out how your organization can prepare for both.  Continue Reading

• How to use the NIST Cybersecurity Framework for the cloud

  Aligning the NIST Cybersecurity Framework with cloud services like AWS and Azure can improve cloud security. Expert Ed Moyle explains how to best use the framework for the cloud.  Continue Reading

• Four common cloud attacks and how to prepare for them

  Cloud attacks are increasingly targeting service providers. Expert Frank Siemons looks at the different types of attacks from which service providers and enterprises should be protected.  Continue Reading

• How hackers use Google cloud services to attack enterprises

  Hackers, such as the Carbanak group, use Google cloud services to infiltrate organizations' systems. Expert Rob Shapland explains how that works and what can be done to stop it.  Continue Reading

• How to detect and mitigate malicious content from the cloud

  Malicious content hosted in the cloud is more common than you might think. Expert Ed Moyle looks at what enterprises need to know about cloud malware and how to stop it.  Continue Reading

• How AWS Artifact tackles regulatory compliance for enterprises

  A new service called AWS Artifact aims to help enterprises simplify regulatory compliance. Expert Rob Shapland discusses the potential security benefits of Artifact.  Continue Reading

• How to effectively manage the cloud logs of security events

  Cloud logs of security events produce an abundance of data. Expert Dave Shackleford discusses how to filter through it and get to the important security events.  Continue Reading

• Cloud incident response: What enterprises need to include in a plan

  A cloud incident response plan can be difficult to assemble. Expert Rob Shapland discusses the basics of what to include in a response plan when the incident involves the cloud.  Continue Reading

• Cloud DDoS protection: What enterprises need to know

  DDoS attacks are a continuing problem, and enterprises should consider using cloud DDoS protection services. Expert Frank Siemons discusses the cloud options.  Continue Reading

• Lessons learned from the Microsoft Office 365 SAML 2.0 flaw

  The Microsoft Office 365 SAML flaw that allowed attackers to bypass authentication was resolved quickly, but offers enterprises some important lessons. Expert Ed Moyle discusses.  Continue Reading

• Data breach compensation: What enterprises need to know

  Data breach compensation amounts often fall short of covering the actual damages, especially in a cloud breach. Expert Frank Siemons discusses data breach settlement options.  Continue Reading

• Multi-tenant cloud security requires enterprise awareness

  Moving to a multi-tenant cloud environment can be daunting, but many of the usual risks are legacy issues. Expert Rob Shapland discusses what to know before moving.  Continue Reading

• DDoS mitigation services: What to consider before implementation

  Before implementing DDoS mitigation services, there are a few things enterprises should consider. Expert Ed Moyle discusses the steps to take to improve security.  Continue Reading

• Adding a cloud security policy to your overall IT defense strategy

  Enterprises should consider a cloud security policy in the wake of more services moving to the cloud. Expert Mike Chapple examines how IT security standards can be reworked.  Continue Reading

• Top AWS security features organizations need to know about

  As cloud security becomes more essential, Amazon security features become more important. Expert Matthew Pascucci takes a look at specific AWS security products available today.  Continue Reading

• Cloud pen testing: What testers need to consider

  Before starting cloud penetration testing, there a few things to keep in mind. Expert Frank Siemons discusses limitations and techniques for pen testing cloud platforms.  Continue Reading

• How to perform cloud-based application analysis

  Before using cloud-based applications, it's important for enterprises to know their implications. Here are some static and dynamic application analysis techniques that can help.  Continue Reading

• Cloud data residency: Addressing legal and regulatory risks

  Determining where cloud data is stored and what the legal, enterprise and regulatory requirements are can be a challenge. Expert Ed Moyle explains how to understand cloud data residency.  Continue Reading

• How to manage system logs using the ELK stack tool

  Centrally managing system logs is an important practice for enterprise security. Expert Dejan Lukan explains how to set up cloud servers, such as ELK stack, for this purpose.  Continue Reading

• How to craft an enterprise cloud change management policy

  Though few enterprises have one, a cloud change management policy can be a lifesaver when confronted with transitions and security risks.  Continue Reading

• A look at Microsoft Azure security features for enterprises

  Boosted Microsoft Azure security could give it a competitive edge in the cloud market. Here are the security features enterprises can take advantage of.  Continue Reading

• Protect cloud file sharing from a man-in-the-cloud attack

  Man-in-the-cloud attacks on file sharing services can lead to confidential data leakage. Expert Rob Shapland explains how to mitigate the threat.  Continue Reading

• Create a cloud exit strategy to prepare for the unknown

  What happens if your service provider unexpectedly shuts down? Or drops mission-critical services? Expert Ed Moyle explains the benefits of cloud exit strategies and how to build one for your enterprise.  Continue Reading

• How to use the ELK stack log monitoring tool

  Open source log monitoring tools are a budget-friendly way for organizations to increase network visibility and improve incident response times.  Continue Reading

• Who does what? Uncover the key to cloud security compliance

  SaaS vendors bear more of a compliance burden for cloud security. Enterprise responsibilities for services hosted in IaaS are little changed, however.  Continue Reading

• Why the security industry needs a standardized framework for CASBs

  The growth of CASBs has prompted the CSA and CipherCloud to team up to form the Cloud Security Open API Working Group. Expert Dave Shackleford explains the purpose and benefits of the group.  Continue Reading

• Three steps to secure cloud database services in the enterprise

  Database as a service may be easy to deploy and easy to manage, but it is not without its security challenges. Expert Ed Moyle outlines three major steps enterprises should take to secure cloud database services in the enterprise.  Continue Reading

• Authentication in the cloud: Are more open standards the answer?

  Using passwords to authenticate users has a long and troubled past. Expert Rob Shapland explains how open standards such as FIDO, SAML and OpenID can help solve the woes surrounding user authentication in the cloud.  Continue Reading

• Three steps to finding the ideal cloud data archiving services

  While cloud data archiving services can be highly beneficial, careful consideration must be taken to find the service that best suits an enterprise's needs. Expert Ed Moyle outlines three steps to find your ideal cloud data archiving service.  Continue Reading

• Keep credentials safe despite insecure mobile cloud backup services

  A recent study revealed app developers that use mobile cloud backup services put user credentials at risk. Expert Rob Shapland explains how to defend against the threat.  Continue Reading

• How does Google Cloud Platform affect merchant PCI compliance?

  Google announced its Google Cloud Platform is PCI-compliant -- but what does this mean for merchants? Expert Ed Moyle explains.  Continue Reading

• Addressing the VENOM cloud vulnerability with cloud patch management

  The VENOM cloud vulnerability was called the next Heartbleed, but how bad is it? Expert Rob Shapland explains the affect it should have on your enterprise.  Continue Reading

• Security considerations for putting e-commerce in the cloud

  As enterprises shift and put e-commerce in the cloud, security becomes an even more important consideration. Here's what you need to know before making the move.  Continue Reading

• Which cloud malware analysis tools suit you best?

  Deciding on cloud malware analysis tools can be a confusing process for organizations. Here's how to know which one is right for your business.  Continue Reading

• Comparing third-party vs. cloud providers' Web security scanners

  Google Cloud Platform has its own Web application security scanner, but are in-house scanners better than third-party scanners? Expert Dave Shackleford examines.  Continue Reading

• Key steps to reducing the shadow cloud threat

  Though shadow cloud threatens enterprise security, there are ways to lessen the risks and protect organizations' systems and applications.  Continue Reading

• Private cloud sprawl: How cloud consolidation can improve security

  Vast private cloud infrastructure can be detrimental to an organization. Expert Ed Moyle looks at how and when to consider cloud consolidation to reduce cloud creep.  Continue Reading

• Negotiating SLA requirements to ensure cloud regulatory compliance

  Outlining your enterprise regulatory compliance reporting needs and establishing these needs with cloud providers during SLA negotiations is critical. Ed Moyle outlines steps to help organizations get started.  Continue Reading

• How to use AWS to meet compliance standards' requirements

  Looking to make compliance an easier task? Expert Steven Weil explains how to use AWS to help meet compliance standards' requirements.  Continue Reading

• Using a software-defined perimeter to create an air-gapped network

  The Cloud Security Alliance's software-defined perimeter protocol can help enterprises achieve dynamic air-gapped networks. Expert Ed Moyle discusses how SDP works and the benefits it can provide.  Continue Reading

• How AWS PCI compliance affects enterprise PCI compliance

  Before deploying an AWS infrastructure, it is critical to understand how it will affect enterprise PCI compliance. Expert Rob Shapland discusses key factors to consider.  Continue Reading

• How to achieve better cloud security for your enterprise

  Better security in the cloud is possible. Learn what national standards and the CSA can do, what they cannot and how to plug the security gap.  Continue Reading

• Cloud security certifications: How important are they?

  More and more certifications are being created around cloud security. Expert Sean Martin looks at some of the more prominent certifications and examines their value.  Continue Reading

• Cloud discovery: Finding shadow cloud use in the enterprise

  Securing approved cloud applications is hard enough, but what about the apps it can't see? Expert Ed Moyle discusses three strategies for finding enterprise shadow cloud usage.  Continue Reading

• Secure cloud data storage services considerations for SMBs

  Secure cloud data storage services can help small businesses cost-effectively safeguard data. But before choosing a provider, read expert Joe Malec's five top considerations to keep in mind.  Continue Reading

• Desktop as a service: Enterprise security risks and rewards

  While the interest in desktop as a service has grown, there are a number of security concerns enterprises should also be aware of. Expert Ed Moyle discusses the risks and rewards of desktop as a service.  Continue Reading

• Best practices for cloud-based identity and access management

  While using the cloud for identity and access management can simplify the task, it is critical to consider a number of factors when implementing cloud IAM products and services. Expert Dave Shackleford explains.  Continue Reading

• Develop a secure API design in a cloud environment

  Developing a secure API design in a cloud environment can be challenging. Expert Dejan Lukan explains what enterprises need to remember when building a secure API.  Continue Reading

• An introduction to Microsoft Office 365 security

  The Microsoft Office 365 security features are robust, but may not offer the granularity some enterprises need. Expert Dave Shackleford reviews the security pros and cons of Microsoft's cloud-based productivity suite.  Continue Reading

• Cloud forensics: An intro to cloud network forensic data collection

  This introduction to cloud forensics explores the challenges of collecting cloud network forensic data and finding a provider to support the process.  Continue Reading

• Cloud stack security: Understanding cloud VM risk scenarios

  Expert Dave Shackleford explains how cloud stack security must withstand a variety of a current and emerging threats, particularly cloud VM risk.  Continue Reading

• How to assess cloud risk tolerance

  Assessing risk tolerance is a key part of a cloud risk management strategy. In this tip expert Ed Moyle explains how to assess cloud risk tolerance.  Continue Reading

• SOC 2 reports: The de facto cloud provider security standard

  They're not perfect, but SOC 2 reports are becoming the baseline for cloud provider security assessments. Expert Dave Shackleford discusses.  Continue Reading

• Three practices to prevent cloud vendor lock-in

  Expert Ed Moyle offers three tips for preventing cloud lock-in long after contract negotiations are complete.  Continue Reading

• Cloud data breach notification: Defining legal obligations

  Francoise Gilbert provides a cloud data breach notification overview for enterprises concerned about placing personal information in the cloud.  Continue Reading

• Amazon S3 encryption overview: How to secure data in the Amazon cloud

  Learn details for employing Amazon S3 encryption features. Expert Dave Shackleford compares S3 encryption to other cloud provider offerings.  Continue Reading

• Cloud API security risks: How to assess cloud service provider APIs

  The CSA says cloud API security is a top threat to cloud environments. Expert Dave Shackleford explains how to assess the security of providers' APIs.  Continue Reading

• How to overcome unique cloud-based patch management challenges

  Expert Dave Shackleford discusses how patch management differs in a cloud environment and provides tips for dealing with new patching obstacles.  Continue Reading

• Security incident management in the cloud: Tackling the challenges

  Identifying security incidents in cloud environments isn't easy, but there are steps companies can take to ease the process.  Continue Reading

• Demystifying the Patriot Act: Cloud computing impact

  An examination of the rules for federal data access shows that it’s actually a complex, difficult process.  Continue Reading

• Countering cloud computing threats: Malicious insiders

  Learn the questions to ask in order to vet your cloud provider’s hiring practices and administrative controls.  Continue Reading