Tips

Tips

• 'Federated' identity and access management tools

  Federated identity management has clear security advantages. Learn ways to use Microsoft's AD FS and AWS AD Connector as identity and access management tools in the cloud.  Continue Reading

• Distinguishing types of cloud services and their security risks

  The different type of cloud services -- public, private and hybrid -- all provide different security for enterprises. Here's an explanation of each kind and their security pros and cons.  Continue Reading

• How to test data analysis in virtual environments

  Security teams need to practice and test data analysis, but it can be challenging to do in small environments. Expert Frank Siemons explains some ways to make it work anyway.  Continue Reading

• Cloud malware: A growing problem for public CSPs

  High-profile cloud malware attacks are increasing and enterprises need to understand the threat. Expert Dave Shackleford explains these malware campaigns.  Continue Reading

• How to protect an origin IP address from attackers

  Cloud security providers protect enterprises from DDoS attacks, but attackers can still find the origin IP addresses. Expert Rob Shapland explains why that's a significant threat.  Continue Reading

• How the Lucky 13 attack affects Amazon s2n security

  Amazon's s2n was targeted by the Lucky 13 attack and the discovery unnerved the security community. Expert Dave Shackleford discusses open source SSL/TLS risks like the s2n flaw.  Continue Reading

• The rise of cloud-based application security vulnerabilities

  Enterprises can't avoid dealing with cloud-based application security any longer. Expert Dejan Lukan discusses the challenges and why they're not as bad as they seem.  Continue Reading

• Breaking down the risks of VM escapes

  The Xen hypervisor flaw highlighted the risks of VM escapes, but expert Ed Moyle explains why the flaw should serve as a warning for virtual containers as well.  Continue Reading

• Inside the new Microsoft Azure security features

  There are two new Microsoft Azure security features. Expert Rob Shapland breaks down how they aim to boost cloud security for enterprises.  Continue Reading

• How Azure Security Center boosts Microsoft cloud security

  Azure Security Center looks to enhance Microsoft's cloud platform by improving visibility and control. Expert Dave Shackleford outlines the features intended to do that.  Continue Reading

• How to perform cloud-based application analysis

  Before using cloud-based applications, it's important for enterprises to know their implications. Here are some static and dynamic application analysis techniques that can help.  Continue Reading

• How APT groups are conducting public cloud attacks

  Advanced persistent threat groups are using public cloud services to their advantage. Expert Ed Moyle explains how enterprises can protect themselves.  Continue Reading

• Breaking down the Amazon EC2 key recovery attack

  A research paper demonstrating a key recovery attack on Amazon Web Services' EC2 illustrates the risks of colocation and multi-tenancy in the cloud. Expert Rob Shapland explains.  Continue Reading

• Why BYOK is so attractive despite its risks

  BYOK encryption services are a new trend among enterprises, despite all the challenges and risks that accompany them. Expert Dave Shackleford explains the appeal of BYOK.  Continue Reading

• How enterprises can ensure a secure cloud migration

  Managing a secure cloud migration is an involved process for enterprises, but it can be made easier by carefully choosing what goes to the cloud and what stays on premises.  Continue Reading

• Cloud data residency: Addressing legal and regulatory risks

  Determining where cloud data is stored and what the legal, enterprise and regulatory requirements are can be a challenge. Expert Ed Moyle explains how to understand cloud data residency.  Continue Reading

• Stopping distributed denial-of-service attacks in the cloud

  Distributed denial-of-service attacks are a top threat to cloud security. And while they're impossible to prevent completely, there are steps enterprises can take to increase safety.  Continue Reading

• How the cloud access security broker space is evolving

  The cloud access security broker space is accelerating at a fast clip, but expert Rob Shapland explains some obstacles for enterprises to consider before selecting a CASB platform.  Continue Reading

• How to manage system logs using the ELK stack tool

  Centrally managing system logs is an important practice for enterprise security. Expert Dejan Lukan explains how to set up cloud servers, such as ELK stack, for this purpose.  Continue Reading

• How to craft an enterprise cloud change management policy

  Though few enterprises have one, a cloud change management policy can be a lifesaver when confronted with transitions and security risks.  Continue Reading

• A look at Microsoft Azure security features for enterprises

  Boosted Microsoft Azure security could give it a competitive edge in the cloud market. Here are the security features enterprises can take advantage of.  Continue Reading

• Protect cloud file sharing from a man-in-the-cloud attack

  Man-in-the-cloud attacks on file sharing services can lead to confidential data leakage. Expert Rob Shapland explains how to mitigate the threat.  Continue Reading

• Create a cloud exit strategy to prepare for the unknown

  What happens if your service provider unexpectedly shuts down? Or drops mission-critical services? Expert Ed Moyle explains the benefits of cloud exit strategies and how to build one for your enterprise.  Continue Reading

• How to use the ELK stack log monitoring tool

  Open source log monitoring tools are a budget-friendly way for organizations to increase network visibility and improve incident response times.  Continue Reading

• How to perform a forensic acquisition of a virtual machine disk

  Virtualization expert Paul Henry provides a step-by-step guide to imaging a virtual machine disk (*flat.vmdk) in a forensically sound manner.  Continue Reading

• Who does what? Uncover the key to cloud security compliance

  SaaS vendors bear more of a compliance burden for cloud security. Enterprise responsibilities for services hosted in IaaS are little changed, however.  Continue Reading

• An introduction to cloud container security

  While the benefits of cloud containers are readily apparent, there aren't clear guidelines on how to secure the technology. Expert Rob Shapland offers pointers on how to stay safe.  Continue Reading

• Why the security industry needs a standardized framework for CASBs

  The growth of CASBs has prompted the CSA and CipherCloud to team up to form the Cloud Security Open API Working Group. Expert Dave Shackleford explains the purpose and benefits of the group.  Continue Reading

• How to securely manage public/private keys for cloud authentication

  Managing public/private keys is crucial for enterprises to ensure secure cloud authentication. Here are four tips to harden security of cloud keys.  Continue Reading

• How hard is it to implement SSO with Microsoft Azure AD?

  David Strom tells you how to use Azure Active Directory and Azure Multifactor Authentication for hybrid cloud management.  Continue Reading

• Three steps to secure cloud database services in the enterprise

  Database as a service may be easy to deploy and easy to manage, but it is not without its security challenges. Expert Ed Moyle outlines three major steps enterprises should take to secure cloud database services in the enterprise.  Continue Reading

• Authentication in the cloud: Are more open standards the answer?

  Using passwords to authenticate users has a long and troubled past. Expert Rob Shapland explains how open standards such as FIDO, SAML and OpenID can help solve the woes surrounding user authentication in the cloud.  Continue Reading

• Why financial organizations need a strong cloud security strategy

  A cloud security strategy is critical for financial organizations, but many in the industry are dragging their feet. Expert Dave Shackleford explains why.  Continue Reading

• How enterprises can protect against weak cloud passwords

  Weak passwords are a common threat to enterprises relying on cloud services. Expert Dejan Lukan reviews some password best practices.  Continue Reading

• Three steps to finding the ideal cloud data archiving services

  While cloud data archiving services can be highly beneficial, careful consideration must be taken to find the service that best suits an enterprise's needs. Expert Ed Moyle outlines three steps to find your ideal cloud data archiving service.  Continue Reading

• Lack of secure APIs can create IaaS risks

  IaaS data security risks are a persistent problem for enterprises moving to the cloud, but there are specific issues to keep an eye on.  Continue Reading

• Keep credentials safe despite insecure mobile cloud backup services

  A recent study revealed app developers that use mobile cloud backup services put user credentials at risk. Expert Rob Shapland explains how to defend against the threat.  Continue Reading

• The benefits of remote debugging techniques in the cloud

  Sharpening debugging techniques can help IT professionals who need to remotely debug a system and can be useful across many different areas of technology.  Continue Reading

• How does Google Cloud Platform affect merchant PCI compliance?

  Google announced its Google Cloud Platform is PCI-compliant -- but what does this mean for merchants? Expert Ed Moyle explains.  Continue Reading

• Addressing the VENOM cloud vulnerability with cloud patch management

  The VENOM cloud vulnerability was called the next Heartbleed, but how bad is it? Expert Rob Shapland explains the affect it should have on your enterprise.  Continue Reading

• Why enterprises need data encryption in the cloud

  There are many risks associated with data sharing across devices and services, which is why using data encryption in the cloud is so important.  Continue Reading

• Security considerations for putting e-commerce in the cloud

  As enterprises shift and put e-commerce in the cloud, security becomes an even more important consideration. Here's what you need to know before making the move.  Continue Reading

• Using a VMware firewall as part of a defense-in-depth strategy

  While it is not the Holy Grail of network security, VMware firewall technologies are critical components of protecting a virtual data center. Expert Paul Henry explains why.  Continue Reading

• Which cloud malware analysis tools suit you best?

  Deciding on cloud malware analysis tools can be a confusing process for organizations. Here's how to know which one is right for your business.  Continue Reading

• Secure data in the cloud with AWS identity and access management

  The right security policies and technology can make or break an enterprise's identity and access management process. Learn why AWS IAM is crucial when protecting corporate data.  Continue Reading

• Comparing third-party vs. cloud providers' Web security scanners

  Google Cloud Platform has its own Web application security scanner, but are in-house scanners better than third-party scanners? Expert Dave Shackleford examines.  Continue Reading

• The benefits of cloud-based automated malware analysis tools

  Cloud-based automated malware analysis tools are growing in importance to enterprises. Here is a look at the different types of tools and their benefits.  Continue Reading

• Key steps to reducing the shadow cloud threat

  Though shadow cloud threatens enterprise security, there are ways to lessen the risks and protect organizations' systems and applications.  Continue Reading

• AWS penetration testing secrets for success

  AWS penetration testing must be done in both cloud and on-premises infrastructures. Cloud security expert Rob Shapland offers pointers for conducting a successful AWS pen test.  Continue Reading

• Private cloud sprawl: How cloud consolidation can improve security

  Vast private cloud infrastructure can be detrimental to an organization. Expert Ed Moyle looks at how and when to consider cloud consolidation to reduce cloud creep.  Continue Reading

• Neglected cloud app security is among major SaaS security issues

  A report from Adallom highlights the lack of SaaS security in enterprises, but expert Dave Shackleford has ways to take back the cloud and lessen the risks, such as enhanced cloud app security.  Continue Reading

• How to mitigate VPN security issues in the cloud

  VPN security issues in the cloud aren't uncommon, but they can be easily avoided with a few simple measures. Expert Dejan Lukan explains how.  Continue Reading

• Using NIST 800-125-A to understand hypervisor security threats

  Expert Paul Henry discusses how the draft NIST Special Publication 800-125-A can help enterprises better understand the threat landscape in a virtual realm.  Continue Reading

• Negotiating SLA requirements to ensure cloud regulatory compliance

  Outlining your enterprise regulatory compliance reporting needs and establishing these needs with cloud providers during SLA negotiations is critical. Ed Moyle outlines steps to help organizations get started.  Continue Reading

• How AWS Key Management Service bolsters cloud security

  The AWS Key Management Service is a good tool for cloud encryption key management. Expert Dave Shackleford examines AWS KMS and its benefits to enterprises.  Continue Reading

• How to use AWS to meet compliance standards' requirements

  Looking to make compliance an easier task? Expert Steven Weil explains how to use AWS to help meet compliance standards' requirements.  Continue Reading

• Using a software-defined perimeter to create an air-gapped network

  The Cloud Security Alliance's software-defined perimeter protocol can help enterprises achieve dynamic air-gapped networks. Expert Ed Moyle discusses how SDP works and the benefits it can provide.  Continue Reading

• How to strengthen SSH security in the cloud

  SSH security can be threatened by many kinds of attacks, but there are also several steps enterprises can take to protect against them. Expert Dejan Lukan explains.  Continue Reading

• How AWS PCI compliance affects enterprise PCI compliance

  Before deploying an AWS infrastructure, it is critical to understand how it will affect enterprise PCI compliance. Expert Rob Shapland discusses key factors to consider.  Continue Reading

• How to achieve better cloud security for your enterprise

  Better security in the cloud is possible. Learn what national standards and the CSA can do, what they cannot and how to plug the security gap.  Continue Reading

• Cloud security certifications: How important are they?

  More and more certifications are being created around cloud security. Expert Sean Martin looks at some of the more prominent certifications and examines their value.  Continue Reading

• Cloud discovery: Finding shadow cloud use in the enterprise

  Securing approved cloud applications is hard enough, but what about the apps it can't see? Expert Ed Moyle discusses three strategies for finding enterprise shadow cloud usage.  Continue Reading

• The importance of public cloud encryption for enterprise data storage

  Cloud storage providers have beefed up their encryption offerings, but are they enough? Expert Dave Shackleford explains the importance of public cloud encryption.  Continue Reading

• Secure cloud data storage services considerations for SMBs

  Secure cloud data storage services can help small businesses cost-effectively safeguard data. But before choosing a provider, read expert Joe Malec's five top considerations to keep in mind.  Continue Reading

• Implementing VMware border router ingress and egress filtering

  Implementing ingress and egress filtering at the border router can help greatly improve security in a VMware-based virtual data center. Expert Paul Henry explains how.  Continue Reading

• How to run a secure WordPress installation in an IaaS VM

  In the cloud, a secure WordPress installation is important to the safety of enterprises. Expert Dejan Lukan provides detailed advice on this process.  Continue Reading

• Understanding the cloud security threat modeling process

  The threat modeling process for cloud security is multifaceted. Expert Ravila Helen White breaks it down into a few key aspects.  Continue Reading

• Is iCloud authentication secure enough for enterprises?

  ICloud authentication was called into question after the hack of celebrity photos, so is it secure enough for enterprises? Expert Dave Shackleford explains.  Continue Reading

• An introduction to Docker and its effect on enterprise cloud security

  Docker provides improvements for application virtualization, but what does it mean for security? Expert Ed Moyle offers an intro to Docker and what it will mean for enterprise and cloud security.  Continue Reading

• The risks of cloud data loss prevention

  Cloud data loss prevention offers many advantages to enterprises today, but it is not without challenges. Expert Rob Shapland discusses the issues to be aware of.  Continue Reading

• Understanding VMware ESXi hypervisor security features

  The VMware ESXi hypervisor, particularly its kernel, offer several security features vital to a secure VMware cloud environment. Virtualization expert Paul Henry reviews the different levels of ESXi security.  Continue Reading

• Desktop as a service: Enterprise security risks and rewards

  While the interest in desktop as a service has grown, there are a number of security concerns enterprises should also be aware of. Expert Ed Moyle discusses the risks and rewards of desktop as a service.  Continue Reading

• The benefits of encryption key rotation for cloud users

  Encryption key rotation is suggested for enterprises working in the cloud. Expert Dave Shackleford discusses the benefits of key rotation, key management options and some best practices.  Continue Reading

• Best practices for cloud-based identity and access management

  While using the cloud for identity and access management can simplify the task, it is critical to consider a number of factors when implementing cloud IAM products and services. Expert Dave Shackleford explains.  Continue Reading

• Virtual DMZ security in the cloud

  Virtual DMZ cloud configurations require specific security tactics. Expert Dejan Lukan looks at the different types of virtual DMZs and how they differ from physical DMZs.  Continue Reading

• Develop a secure API design in a cloud environment

  Developing a secure API design in a cloud environment can be challenging. Expert Dejan Lukan explains what enterprises need to remember when building a secure API.  Continue Reading

• An introduction to Microsoft Office 365 security

  The Microsoft Office 365 security features are robust, but may not offer the granularity some enterprises need. Expert Dave Shackleford reviews the security pros and cons of Microsoft's cloud-based productivity suite.  Continue Reading

• The security pros and cons of a cloud email service

  Moving enterprise email to the cloud has its benefits but also its risks. Here's how to weigh the two so your migration succeeds.  Continue Reading

• How to limit security risks during cloud computing virtualization

  Expert Dejan Lukan takes a look at some of the potential threats to cloud virtualization, and reviews the best security controls to prevent them.  Continue Reading

• Doing it right: Cloud encryption key management best practices

  Expert Dave Shackleford takes a look at what cloud encryption key management is like today and what to know about cloud security providers' processes.  Continue Reading

• Introduction to cloud email security: Business case, key features

  Cloud-based email security is a top SaaS initiative for many firms, but is it really better than traditional email security? Ed Moyle offers a primer.  Continue Reading

• Applying zero-knowledge to data storage security in cloud computing

  Expert Dejan Lukan offers examples of why enterprises need cryptographically secure cloud applications based on the zero-knowledge principle.  Continue Reading

• Cloud tokenization: Why it might replace cloud encryption

  Expert Dave Shackleford says cloud tokenization technology is becoming an attractive alternative to cloud encryption, but problems persist.  Continue Reading

• Cloud-based application security: Preventing security breaches

  Cloud-based application security is becoming an increasingly prevalent concern. Uncover three key best practices for preventing security breaches.  Continue Reading

• Cloud forensics: An intro to cloud network forensic data collection

  This introduction to cloud forensics explores the challenges of collecting cloud network forensic data and finding a provider to support the process.  Continue Reading

• Multifactor authentication in the cloud: Assessing provider services

  Expert Dave Shackleford discusses authentication in the cloud, including details on the multifactor authentication services of major cloud providers.  Continue Reading

• Cloud stack security: Understanding cloud VM risk scenarios

  Expert Dave Shackleford explains how cloud stack security must withstand a variety of a current and emerging threats, particularly cloud VM risk.  Continue Reading

• How to assess cloud risk tolerance

  Assessing risk tolerance is a key part of a cloud risk management strategy. In this tip expert Ed Moyle explains how to assess cloud risk tolerance.  Continue Reading

• Storing data in the cloud: Addressing data location security issues

  When storing data in the cloud, ignoring the physical location of cloud data is a major mistake. Learn how to prevent data location security issues.  Continue Reading

• SOC 2 reports: The de facto cloud provider security standard

  They're not perfect, but SOC 2 reports are becoming the baseline for cloud provider security assessments. Expert Dave Shackleford discusses.  Continue Reading

• Three practices to prevent cloud vendor lock-in

  Expert Ed Moyle offers three tips for preventing cloud lock-in long after contract negotiations are complete.  Continue Reading

• Cloud data breach notification: Defining legal obligations

  Francoise Gilbert provides a cloud data breach notification overview for enterprises concerned about placing personal information in the cloud.  Continue Reading

• Amazon S3 encryption overview: How to secure data in the Amazon cloud

  Learn details for employing Amazon S3 encryption features. Expert Dave Shackleford compares S3 encryption to other cloud provider offerings.  Continue Reading

• Cloud API security risks: How to assess cloud service provider APIs

  The CSA says cloud API security is a top threat to cloud environments. Expert Dave Shackleford explains how to assess the security of providers' APIs.  Continue Reading

• Cloud application inventory tracking best practices

  Brien Posey discusses the pros and cons of application inventory tracking in the cloud, and advises enterprises on what to track in the cloud and why.  Continue Reading

• SaaS, cloud computing vulnerability management: Choosing a provider

  Cloud-based vulnerability scanning is gaining market share. Learn how to decide if these services are a good fit for you and how to choose a provider.  Continue Reading

• Cross-VM side-channel attacks: How to defend cloud infrastructures

  Expert Dave Shackleford analyzes the likelihood and effects of cross-VM side channel attacks in the cloud and offers mitigations for concerned users.  Continue Reading

• How to overcome unique cloud-based patch management challenges

  Expert Dave Shackleford discusses how patch management differs in a cloud environment and provides tips for dealing with new patching obstacles.  Continue Reading

• Logging in the cloud: Assessing the options and key considerations

  Expert Dave Shackleford considers a variety of options for logging in the cloud and determines which choice works best for enterprises.  Continue Reading

• Security incident management in the cloud: Tackling the challenges

  Identifying security incidents in cloud environments isn't easy, but there are steps companies can take to ease the process.  Continue Reading