Tips
Tips
-
Active cyber deception: Can it improve cloud security?
Fidelis Cybersecurity introduced a cloud security platform with active cyber deception features. Expert Dave Shackleford discusses how active deception techniques can work in the cloud. Continue Reading
-
Cloud risk management explained: Just how secure are you?
There is no shortage of vulnerabilities in the cloud, but the same is true of any outsourcing arrangement. Practicing cloud risk management is essential to staying secure. Continue Reading
-
Container orchestration: What security professionals need to know
Container orchestration is a service enterprises can implement to better manage cloud application security. Expert Ed Moyle reviews what security professionals should know about it. Continue Reading
-
Cloud endpoint security: Balance the risks with the rewards
While cloud endpoint security products, such as antivirus software, provide users with many benefits, the cloud connection also introduces risks. Expert Frank Siemons explains. Continue Reading
-
Are AWS certificate authority services trustworthy?
AWS now operates as its own CA. What are the potential risks of the new AWS certificate authority services? Expert Dave Shackleford outlines the pros and cons of this new setup. Continue Reading
-
How to prevent cloud cryptojacking attacks on your enterprise
As the value of bitcoin has risen over the last year, so has the prevalence of cloud cryptojacking attacks. Expert Rob Shapland explains how enterprises can prevent these attacks. Continue Reading
-
Developing a robust data protection procedure for the cloud
How should the use of cloud services affect your data retention, deletion and archiving practices? Find out what guidelines enterprises should be following to protect cloud data. Continue Reading
-
How a cloud backdoor poses a threat to the enterprise
Cloud backdoors pose a rising threat to enterprises, according to new research. Expert Ed Moyle explains what a cloud backdoor is and what mitigation options are available. Continue Reading
-
Cloud DDoS attacks: How to protect your enterprise
Protecting an organization against cloud DDoS attacks doesn't have to be expensive. Expert Frank Siemons discusses the options for cost-effective DDoS protection. Continue Reading
-
Considering cloud threat intelligence and detection services
Cloud threat intelligence and detection services can provide better security for enterprises. Expert Dave Shackleford discusses some offerings from the major cloud providers. Continue Reading
-
How enterprises should handle GDPR compliance in the cloud
GDPR compliance in the cloud can be an intimidating concept for some enterprises, but it doesn't have to be. Rob Shapland explains why it's not so different from on premises. Continue Reading
-
How TLS mutual authentication for cloud APIs bolsters security
Secure access to cloud APIs is necessary but challenging. One viable option to combat that is TLS mutual authentication, according to expert Ed Moyle. Continue Reading
-
Nine cloud security threats you don't want to ignore
While cloud computing has introduced remarkable efficiencies, cloud security threats continue to pose challenges. Learn where cloud vulnerabilities lie and how to mitigate them. Continue Reading
-
How EMC and VMware security vulnerabilities affect the cloud
Some EMC and VMware security vulnerabilities could be bad news for the cloud. Expert Dave Shackleford explains the flaws and their potential effect on cloud services. Continue Reading
-
The security concerns of cloud cryptomining services
Cloud cryptomining as a service is a security risk to users. Expert Frank Siemons discusses cloud mining service providers and what to look out for if you use one. Continue Reading
-
How Amazon GuardDuty could bolster enterprise cloud security
The new Amazon GuardDuty aims to secure enterprise AWS accounts and workloads, but does it? Expert Ed Moyle takes a closer look at the tool and whether it's effective. Continue Reading
-
What the Azure AD Connect vulnerability can teach enterprises
Enterprises should learn from a Microsoft Azure AD Connect vulnerability that security requires a hands-on approach. Expert Rob Shapland takes a closer look at the permissions flaw. Continue Reading
-
How the Meltdown vulnerability affects cloud services
The Meltdown vulnerability has far-reaching implications, including with cloud providers. Expert Dave Shackleford looks at the Meltdown CPU flaw and what it means for the cloud. Continue Reading
-
How cloud access security brokers have evolved
Cloud access security brokers keep being acquired by bigger security companies. Expert Rob Shapland looks at how these acquisitions have changed the CASB industry. Continue Reading
-
How to prevent SQL injection attacks in your enterprise
SQL injection attacks threaten enterprise database security, but the use of cloud services can reduce the risk. Here's a look at some alternative SQL injection protection methods. Continue Reading
-
Cloud security lessons to learn from the Uber data breach
Any organization that uses cloud services can learn something from the 2016 Uber data breach. Expert Ed Moyle explains the main takeaways from the massive breach. Continue Reading
-
What cloud storage security looks like for small businesses
Cloud storage security and compliance can be a challenge for smaller businesses. Expert Dave Shackleford outlines the most important parts of cloud security for SMBs. Continue Reading
-
Top five cloud security applications for infosec pros
The top five cloud security applications for infosec pros cover a wide range of security issues. Expert Frank Siemons outlines the security reasons to use cloud services. Continue Reading
-
TLS 1.3: What it means for enterprise cloud use
The latest draft version of TLS 1.3 is out, and it will likely affect enterprises that use cloud services. Expert Ed Moyle explains the impact on users and their monitoring controls. Continue Reading
-
The 12 biggest cloud security threats, according to the CSA
The Cloud Security Alliance reported what it found to be the biggest cloud security threats. Expert Rob Shapland looks at how cloud risks compare to on-premises risks. Continue Reading
-
Improve Kubernetes security to protect cloud instances
Strong Kubernetes security is important to keep out attackers looking to use compromised containers for malicious activities, like bitcoin mining. Expert Dave Shackleford explains. Continue Reading
-
How to handle configuration management in the cloud without issue
Not handling configuration management in the cloud correctly can unintentionally expose sensitive enterprise data. Expert Ed Moyle explains how to make sure this doesn't happen. Continue Reading
-
How to prevent an insider data breach of the cloud
Enterprises using the cloud should be particularly careful to avoid an insider data breach. Expert Frank Siemons explains why it's important to stop insider threats in the cloud. Continue Reading
-
How Microsoft uses secure enclaves to improve cloud security
The use of secure enclaves in the Microsoft Azure confidential computing update aims to improve cloud storage security. Expert Rob Shapland explains how it works. Continue Reading
-
Ransomware in the cloud: How to handle the threat
Expert Ed Moyle looks at ransomware in the cloud and how it differs from traditional ransomware attacks. Find out how your organization can prepare for both. Continue Reading
-
Is cloud microsegmentation secure enough for enterprise use?
The use of cloud microsegmentation in enterprises has been met with some hesitation. Expert Dave Shackleford discusses why there are reservations and what the benefits are. Continue Reading
-
How to use the NIST Cybersecurity Framework for the cloud
Aligning the NIST Cybersecurity Framework with cloud services like AWS and Azure can improve cloud security. Expert Ed Moyle explains how to best use the framework for the cloud. Continue Reading
-
How a cloud-based Kali Linux system helps with pen testing
Enterprises can use a Kali Linux system in the cloud for penetration testing. Expert Frank Siemons explains how it works and some alternative methods for testing. Continue Reading
-
Why web application attacks are a growing threat to the cloud
New research found that web application attacks present a significant threat to cloud environments. Rob Shapland explains the risks and what enterprises should do about them. Continue Reading
-
Understanding VM escape vulnerabilities and how to avoid them
In the last couple of years, VM escape vulnerabilities have popped up and caused problems for enterprises that rely on the cloud. Expert Ed Moyle explains how to handle these issues. Continue Reading
-
How Docker APIs can be misused to plant malware
Researchers discovered how Docker APIs can be exploited to hide malware. Dave Shackleford explains the attack method and the threat it poses to container and virtual machines. Continue Reading
-
Why cloud reconnaissance is crucial to a secure cloud environment
Knowledge is power, which is why cloud reconnaissance and enumeration are key when it comes to securing the cloud. Expert Frank Siemons explains why and how to do it. Continue Reading
-
Ransomware defense isn't necessarily stronger in the cloud
Storing data in the cloud isn't a sure-fire ransomware defense method. Expert Rob Shapland examines how the cloud helps and hurts when it comes to ransomware attacks. Continue Reading
-
The security risks of HTTPS inspection in the cloud
Cloud service providers can perform HTTPS inspection, despite warnings from US-CERT. Expert Ed Moyle looks at what this technique does and what the security implications are. Continue Reading
-
How to manage control inheritance in a hybrid cloud environment
Effective management of access control inheritance is important in a hybrid cloud environment. Expert Ravila White explains the challenges involved and how to overcome them. Continue Reading
-
How attackers can intercept iCloud Keychain data
A verification flaw in the synchronization service of iCloud Keychain enables attackers to intercept the data it transfers. Expert Frank Siemons explains what to do about it. Continue Reading
-
How Microsoft SRD uses AI to help developers with security
Microsoft SRD is a new cloud service that aims to detect vulnerabilities in software using artificial intelligence. Expert Dave Shackleford explains what that means. Continue Reading
-
Face the challenges of secure cloud access control
Don't store identity and access data in the cloud without first taking secure cloud access control seriously. Expert Rob Shapland explains the security considerations for enterprises. Continue Reading
-
A look at serverless applications and how to secure them
Serverless applications can be powerful tools, but they also require specific security tactics. Expert Ed Moyle explains how these applications work and how they can be secured. Continue Reading
-
Applying proper cloud access control to prevent data exposures
Several recent data exposures have involved misconfigured Amazon S3 buckets. Dave Shackleford discusses the importance of proper cloud access control and how to implement it. Continue Reading
-
How to keep an Amazon S3 bucket from becoming public
A public-facing Amazon S3 bucket caused problems for major organizations, including Booz Allen Hamilton. Expert Rob Shapland explains what happened and how to prevent it. Continue Reading
-
Zombie cloud infrastructures haunt enterprise security teams
Instances created, but then forgotten can cause zombie cloud infrastructures that threaten the security of enterprises. Expert Frank Siemons discusses how to handle these systems. Continue Reading
-
The security challenges of custom applications in the cloud
Securing custom applications in the cloud can be a hassle for enterprises. Expert Ed Moyle discusses how to make it easier to secure custom cloud apps. Continue Reading
-
Why the use of blockchain in the cloud is growing quickly
Blockchain cloud services may offer organizations the ability to shift away from traditional cryptography models. Expert Dave Shackleford discusses what options are available. Continue Reading
-
How to use a cloud-based sandbox to analyze malware
A cloud-based sandbox can be a helpful tool for enterprises looking to bolster their intrusion prevention systems. Expert Rob Shapland explains how to leverage this technology. Continue Reading
-
How NetFlow data can be used for cloud environments
Collecting and analyzing NetFlow data can help organizations detect security incidents and figure out their cause. Expert Frank Siemons explains how NetFlow works. Continue Reading
-
Continuous monitoring in the cloud: Two steps to make it a reality
Enterprises can achieve continuous monitoring in the cloud if they focus on the two main elements of it. Expert Dave Shackleford discusses what those elements are. Continue Reading
-
What a CPU cache exploit means for multi-tenant cloud security
Researchers recently proved that it's possible to steal cloud data from a CPU cache. Expert Rob Shapland discusses how this works and what it means for multi-tenant cloud security. Continue Reading
-
How to ensure a secure data transport of information in the cloud
A secure data transport of information stored in the cloud can be challenging. Expert Frank Siemons explains the options available to companies for securing physical data movement. Continue Reading
-
Is a malicious hypervisor a real security threat to enterprises?
It's possible for hackers to use a malicious hypervisor to access data on virtual machines. Expert Ed Moyle discusses how this works and the potential threat it poses. Continue Reading
-
How CASBs are broadening to address IaaS security
CASBs have started extending their reach into IaaS platforms. Expert Rob Shapland looks at what they're doing and the effect they could have on IaaS security. Continue Reading
-
Four common cloud attacks and how to prepare for them
Cloud attacks are increasingly targeting service providers. Expert Frank Siemons looks at the different types of attacks from which service providers and enterprises should be protected. Continue Reading
-
How DevOps tools can be used to integrate cloud automation
DevOps tools can be used to deploy secure cloud automation. Expert Dave Shackleford looks at how this works and which tools are the best bet for DevSecOps. Continue Reading
-
Cloud privacy: Baseline features and emerging techniques
Achieving cloud privacy can be a lofty task for enterprises, but it's not as impossible as it seems. Expert Ed Moyle outlines how to keep cloud data private with newer techniques. Continue Reading
-
How hackers use Google cloud services to attack enterprises
Hackers, such as the Carbanak group, use Google cloud services to infiltrate organizations' systems. Expert Rob Shapland explains how that works and what can be done to stop it. Continue Reading
-
How to boost CDN security and protect enterprise data
A recent Cloudflare bug highlights CDN security and the need for vigilance in protecting sensitive enterprise data. Expert Dave Shackleford discusses the flaw and what can be done. Continue Reading
-
How a container escape vulnerability can threaten enterprises
A container escape vulnerability can expose enterprise systems to attackers. Expert Rob Shapland explains how these flaws work and how to mitigate the threat. Continue Reading
-
How to detect and mitigate malicious content from the cloud
Malicious content hosted in the cloud is more common than you might think. Expert Ed Moyle looks at what enterprises need to know about cloud malware and how to stop it. Continue Reading
-
What enterprises need to know about cloud IAM before implementation
Cloud IAM services are growing in popularity among enterprises, but it's not a simple implementation. Expert Matthew Pascucci explains what to know before using a cloud IAM service. Continue Reading
-
How AWS Artifact tackles regulatory compliance for enterprises
A new service called AWS Artifact aims to help enterprises simplify regulatory compliance. Expert Rob Shapland discusses the potential security benefits of Artifact. Continue Reading
-
What enterprises need to know about securing a multicloud deployment
A multicloud deployment takes considerable planning for an enterprise, especially when it comes to security. Expert Dave Shackleford looks at the challenges of multicloud. Continue Reading
-
How to detect and prevent a man-in-the-cloud attack
A man-in-the-cloud attack is a newer threat to enterprise security and it's not always easy to detect. Expert Frank Siemons explains how the attacks work and what can be done. Continue Reading
-
Microsoft Azure Security Center: Successful or stagnated?
Now that Microsoft's Azure Security Center has been out and in use for a while, expert Ed Moyle takes a look at how successful it is and where it's headed in enterprise use. Continue Reading
-
How a RHEL virtual machine in Microsoft Azure can be exploited
RHEL virtual machines hosted in Microsoft Azure were recently found to have significant security vulnerabilities. Expert Rob Shapland explains them and what enterprises can learn. Continue Reading
-
How to make a cloud risk assessment easier with frameworks, standards
A cloud risk assessment can often fall by the wayside in an enterprise, but using a standard or framework can simplify it. Expert Dave Shackleford discusses the options available. Continue Reading
-
Building an intrusion detection and prevention system for the cloud
An intrusion detection and prevention system for cloud services is an important part of an enterprise's security stature. Expert Frank Siemons discusses IDS/IPS in the cloud. Continue Reading
-
How to strategically implement CASBs in the enterprise
CASBs can offer help for enterprises that leverage cloud services. Expert Ajay Kumar examines the use cases, functions and architectures of cloud access security brokers. Continue Reading
-
Why CloudFanta malware poses an unusual threat to enterprises
CloudFanta is a new kind of malware threatening enterprises. Expert Rob Shapland explains how it leverages cloud storage site SugarSync to infect users and enterprises. Continue Reading
-
How to effectively manage the cloud logs of security events
Cloud logs of security events produce an abundance of data. Expert Dave Shackleford discusses how to filter through it and get to the important security events. Continue Reading
-
How cloud endpoint protection products benefit enterprises
Cloud endpoint protection products are outpacing standard endpoint protections. Expert Frank Siemons discusses the evolution of these products and how they benefit enterprises. Continue Reading
-
How Microsoft's Secure Data Exchange bolsters cloud data security
Microsoft's new service, Secure Data Exchange, can help protect cloud data while in transit and at rest. Expert Rob Shapland looks at the service and how it works for enterprises. Continue Reading
-
VM isolation technique considerations for enterprises
VM isolation techniques are good strategies to prevent infections from spreading to the entire cloud environment. Ed Moyle explains what enterprises need to know about isolation. Continue Reading
-
How to handle privileged user management in the cloud
Privileged user management is important for enterprises operating on the cloud. Expert Dave Shackleford discusses some best practices to help secure cloud access control. Continue Reading
-
How to prepare for a cloud DDoS attack on an enterprise
Suffering a cloud DDoS attack is now more likely than ever. Expert Frank Siemons discusses what enterprises need to know about these attacks and how to prevent them. Continue Reading
-
Cloud incident response: What enterprises need to include in a plan
A cloud incident response plan can be difficult to assemble. Expert Rob Shapland discusses the basics of what to include in a response plan when the incident involves the cloud. Continue Reading
-
A look at the shared responsibility model of cloud providers
Many cloud providers now offer a shared responsibility model for their customers. Expert Dave Shackleford looks at the major providers' models and what they might be missing. Continue Reading
-
How bring your own encryption in the cloud works for enterprises
Bring your own encryption offerings for the cloud are more common now. Expert Ed Moyle discusses the benefits and drawback of BYOE and what to know before implementation. Continue Reading
-
Cloud DDoS protection: What enterprises need to know
DDoS attacks are a continuing problem, and enterprises should consider using cloud DDoS protection services. Expert Frank Siemons discusses the cloud options. Continue Reading
-
What to know about SIEM as a service before deployment
There's been increased interest in SIEM as a service and enterprises need to get to know the model before using it. Expert Frank Siemons explains what's different about it. Continue Reading
-
Lessons learned from the Microsoft Office 365 SAML 2.0 flaw
The Microsoft Office 365 SAML flaw that allowed attackers to bypass authentication was resolved quickly, but offers enterprises some important lessons. Expert Ed Moyle discusses. Continue Reading
-
PaaS security: Four rules for lowering enterprise risks
Securing a platform as a service can sometimes get overlooked within enterprises. Expert Char Sample offers four simple rules for improving PaaS security and lowering cloud risks. Continue Reading
-
How to handle cloud-based big data strategies according to the CSA
Assembling big data strategies is a nuanced process, but the Cloud Security Alliance offers guidance on some best practices. Expert Dave Shackleford looks at the highlights. Continue Reading
-
Data breach compensation: What enterprises need to know
Data breach compensation amounts often fall short of covering the actual damages, especially in a cloud breach. Expert Frank Siemons discusses data breach settlement options. Continue Reading
-
Multi-tenant cloud security requires enterprise awareness
Moving to a multi-tenant cloud environment can be daunting, but many of the usual risks are legacy issues. Expert Rob Shapland discusses what to know before moving. Continue Reading
-
How a cloud-based HSM can boost enterprise security with enough effort
There are both security benefits and risks to using a cloud-based HSM in an enterprise. Expert Dave Shackelford discusses the arguments for and against cloud HSMs. Continue Reading
-
Why the DROWN vulnerability requires constant vigilance
The DROWN vulnerability affected hundreds of SaaS applications, and they're not all completely fixed yet. Expert Ed Moyle discusses the SSLv2 vulnerability and how to manage it. Continue Reading
-
Why enterprise cloud IAM policies need to be stronger
A cloud IAM policy is crucial to protecting an organization from external and internal threats. Expert Rob Shapland discusses how to bolster cloud IAM. Continue Reading
-
Cloud data classification services: How they benefit organizations
Data classification services from CSPs are important for organizations strengthening their cloud security posture. Expert Dave Shackleford explains the perks of these services. Continue Reading
-
How the cloud can help organizations with security log data
Organizations often have to deal with copious amounts of security log data and that can be challenging. Expert Frank Siemons explains how the cloud can help manage log data. Continue Reading
-
DDoS mitigation services: What to consider before implementation
Before implementing DDoS mitigation services, there are a few things enterprises should consider. Expert Ed Moyle discusses the steps to take to improve security. Continue Reading
-
Cloud incident response and forensics: What enterprises need to know
Performing cloud incident response and forensics requires a different approach. Expert Matt Pascucci outlines the steps enterprises should take with cloud service providers. Continue Reading
-
How to mitigate shadow cloud services security risks
Shadow cloud services are an unavoidable part of the modern enterprise, but they present fresh security challenges. Expert Rob Shapland discusses some mitigation methods. Continue Reading
-
A look at the cloud migration challenges enterprises could face
One of the most common problems facing organizations is dealing with many cloud migration challenges. Expert Dave Shackleford discusses the challenges and how to deal with them. Continue Reading
-
Adding a cloud security policy to your overall IT defense strategy
Enterprises should consider a cloud security policy in the wake of more services moving to the cloud. Expert Mike Chapple examines how IT security standards can be reworked. Continue Reading
-
Top AWS security features organizations need to know about
As cloud security becomes more essential, Amazon security features become more important. Expert Matthew Pascucci takes a look at specific AWS security products available today. Continue Reading