Tips

Tips

• Amazon CloudTrail: How it could change cloud logging

  The new Amazon CloudTrail cloud logging service could make event management much simpler for security teams. Expert Dave Shackleford explains how.  Continue Reading

• The security pros and cons of a cloud email service

  Moving enterprise email to the cloud has its benefits but also its risks. Here's how to weigh the two so your migration succeeds.  Continue Reading

• How to limit security risks during cloud computing virtualization

  Expert Dejan Lukan takes a look at some of the potential threats to cloud virtualization, and reviews the best security controls to prevent them.  Continue Reading

• Doing it right: Cloud encryption key management best practices

  Expert Dave Shackleford takes a look at what cloud encryption key management is like today and what to know about cloud security providers' processes.  Continue Reading

• Introduction to cloud email security: Business case, key features

  Cloud-based email security is a top SaaS initiative for many firms, but is it really better than traditional email security? Ed Moyle offers a primer.  Continue Reading

• Hybrid IT services in the cloud age: What CISOs should do now

  To keep enterprise IT secure, chief information security officers must fit cloud services into risk-management and governance frameworks. Here's how.  Continue Reading

• How to develop a business strategy for cloud security

  Expert R.H. White walks through how to develop a business strategy that provides information security on the cloud.  Continue Reading

• Cloud tokenization: Why it might replace cloud encryption

  Expert Dave Shackleford says cloud tokenization technology is becoming an attractive alternative to cloud encryption, but problems persist.  Continue Reading

• Cloud-based application security: Preventing security breaches

  Cloud-based application security is becoming an increasingly prevalent concern. Uncover three key best practices for preventing security breaches.  Continue Reading

• Cloud forensics: An intro to cloud network forensic data collection

  This introduction to cloud forensics explores the challenges of collecting cloud network forensic data and finding a provider to support the process.  Continue Reading

• Multifactor authentication in the cloud: Assessing provider services

  Expert Dave Shackleford discusses authentication in the cloud, including details on the multifactor authentication services of major cloud providers.  Continue Reading

• How to assess cloud risk tolerance

  Assessing risk tolerance is a key part of a cloud risk management strategy. In this tip expert Ed Moyle explains how to assess cloud risk tolerance.  Continue Reading

• Storing data in the cloud: Addressing data location security issues

  When storing data in the cloud, ignoring the physical location of cloud data is a major mistake. Learn how to prevent data location security issues.  Continue Reading

• SOC 2 reports: The de facto cloud provider security standard

  They're not perfect, but SOC 2 reports are becoming the baseline for cloud provider security assessments. Expert Dave Shackleford discusses.  Continue Reading

• Three practices to prevent cloud vendor lock-in

  Expert Ed Moyle offers three tips for preventing cloud lock-in long after contract negotiations are complete.  Continue Reading

• Amazon S3 encryption overview: How to secure data in the Amazon cloud

  Learn details for employing Amazon S3 encryption features. Expert Dave Shackleford compares S3 encryption to other cloud provider offerings.  Continue Reading

• Cloud API security risks: How to assess cloud service provider APIs

  The CSA says cloud API security is a top threat to cloud environments. Expert Dave Shackleford explains how to assess the security of providers' APIs.  Continue Reading

• Cloud application inventory tracking best practices

  Brien Posey discusses the pros and cons of application inventory tracking in the cloud, and advises enterprises on what to track in the cloud and why.  Continue Reading

• Cross-VM side-channel attacks: How to defend cloud infrastructures

  Expert Dave Shackleford analyzes the likelihood and effects of cross-VM side channel attacks in the cloud and offers mitigations for concerned users.  Continue Reading

• How to overcome unique cloud-based patch management challenges

  Expert Dave Shackleford discusses how patch management differs in a cloud environment and provides tips for dealing with new patching obstacles.  Continue Reading

• Logging in the cloud: Assessing the options and key considerations

  Expert Dave Shackleford considers a variety of options for logging in the cloud and determines which choice works best for enterprises.  Continue Reading

• Security incident management in the cloud: Tackling the challenges

  Identifying security incidents in cloud environments isn't easy, but there are steps companies can take to ease the process.  Continue Reading

• An examination of PaaS security challenges

  Organizations need to consider the security implications associated with data location, privileged access and a distributed architecture in the PaaS model.  Continue Reading

• Password-based authentication: A weak link in cloud authentication

  Password cracking tools demonstrate the weakness of passwords for securing cloud services.  Continue Reading

• AWS firewall options for cloud network security

  Organizations have limited choices for implementing firewall controls in Amazon's cloud.  Continue Reading

• DNS attacks: Compromising DNS in the cloud

  An examination of DNS attack vectors in the IaaS environment.  Continue Reading

• Virtualization vulnerabilities and virtualization security threats

  Vulnerabilities affecting VMware and other virtualization platforms underscore the need for patch management and risk management in virtual and cloud environments.  Continue Reading

• Vertical cloud providers and cloud transparency

  An examination of some vertical-specific CSPs shows security details are hard to find.  Continue Reading

• Cloud DLP: Understanding how DLP works in virtual, cloud environments

  Applying DLP technology to virtual machines can enable cloud computing with enhanced security and compliance.  Continue Reading

• Demystifying the Patriot Act: Cloud computing impact

  An examination of the rules for federal data access shows that it’s actually a complex, difficult process.  Continue Reading

• Five steps for achieving PaaS security in the cloud

  Securing PaaS requires implementing application security fundamentals.  Continue Reading

• Emerging PaaS security tactics for cloud application security

  Securing cloud applications via PaaS can be tricky when providers hold much of the control. Diana Kelley examines emerging PaaS security tactics.  Continue Reading

• VMware configuration management, patching best practices

  How to use vSphere 5 tools to streamline configuration and patch management.  Continue Reading

• How to evaluate virtual firewalls

  Enterprises have a lot of choice when it comes to virtual firewalls. Here’s what you should look for.  Continue Reading

• Cloud computing encryption and IaaS security

  Learn how to encrypt two kinds of IaaS storage for data protection.  Continue Reading

• Network segmentation best practices in virtual and private cloud environments

  Learn how to apply network isolation to ensure security in your virtualized infrastructure.  Continue Reading

• Cloud risk assessment and ISO 27000 standards

  How do you measure the trustworthiness of a cloud service provider? The ISO 27000 security series can help.  Continue Reading

• Configuration management processes in virtualized environments

  Patch and configuration management can be time consuming, but tools can streamline the process for virtual systems.  Continue Reading

• A six-step virtualization risk assessment process

  Learn how to perform a risk assessment on your virtual environments.  Continue Reading

• How to build a private cloud securely using OpenStack

  Learn basic steps for deploying OpenStack securely when building a private cloud.  Continue Reading

• How to pen test cloud computing environments

  Performing penetration tests in the cloud comes with unique considerations that organizations must take into account.  Continue Reading

• A framework for evaluating cloud computing risk

  One approach for building a customized, due-diligence process for evaluating cloud provider risk and presenting the results to management.  Continue Reading

• Cloud computing disaster recovery: Best practices for DR in the cloud

  The April Amazon outage underscored the need for enterprises to plan for failure.  Continue Reading

• Amazon EC2 security: Securing an EC2 instance

  Learn the basics for ensuring your EC2 instance is properly secured in this tip by security expert Dave Shackleford.  Continue Reading

• Legacy application migration to the cloud and security

  Check your assumptions about security when moving legacy applications to the cloud.  Continue Reading

• Detecting and managing unauthorized use of cloud computing

  Want to know if developers or sales executives are moving data to the cloud? Here are three tools that can help.  Continue Reading

• Ten key provisions in cloud computing contracts

  Cloud computing customers need to pay attention to contract terms, security requirements and other provisions.  Continue Reading

• Cloud flow: Network flow analysis and application traffic monitoring

  How can you determine where and when your data is flowing to the cloud? In this tip, learn about network flow analysis and application traffic monitoring for cloud computing migrations.  Continue Reading

• Cloud encryption use cases

  A look at how encryption is handled in some common cloud computing architectures.  Continue Reading

• Securing a multi-tenant environment

  Learn some of the key elements for secure multi-tenancy.  Continue Reading

• Incident response process in a cloud environment

  Cloud computing makes incident response much more complex. Here’s what you need to do to prepare.  Continue Reading

• Public cloud security: AWS security and Microsoft Azure

  A look at the security capabilities offered in AWS and Microsoft’s hosted services.  Continue Reading

• Cloud computing legal issues: data location

  Where in the world a cloud service provider keeps your data could result in legal complications.  Continue Reading

• How to handle PCI DSS requirements for log management in the cloud

  Organizations that must comply with PCI and its log management requirements must be careful when using a cloud service.  Continue Reading

• The hypervisor security patch management process

  Enterprises using virtualization must include hypervisor patching in their patch management process. Robbie Higgins explains why.  Continue Reading

• Cloud computing legal considerations

  Cloud computing services present many legal issues. Organizations need to tread carefully and perform due diligence.  Continue Reading

• Developing cloud computing contracts

  Learn the critical considerations for cloud computing contracts in order to protect your organization.  Continue Reading

• Digital forensic challenges in a cloud computing environment

  Cloud computing creates difficulties for digital forensic investigators.  Continue Reading

• Cloud security standards provide assessment guidelines

  The Cloud Security Alliance Cloud Controls Matrix helps cloud providers and customers to evaluate security controls.  Continue Reading

• Compensating controls can help boost cloud compliance

  Cloud computing can be attractive for IT services, except when it's time to figure out a compliance strategy. Chenxi Wang of Forrester Research explains the cloud compliance complexities and offers four compensating controls that can help.  Continue Reading

• Simplifying cloud computing security audit procedures

  As a channel partner, you're in the perfect spot to guide customers through the thicket of cloud services. Beth Cohen points out cloud computing security challenges and the best practices that can address them.  Continue Reading

• Cloud computing security: Choosing a VPN type to connect to the cloud

  How do VPNs interact with the cloud, and how can enterprises best utilize the combined technologies? In this tip, experts Diana Kelley and Char Sample lay out the devices to consider securing when connecting to the cloud, as well as possible VPN ...  Continue Reading

• Cloud computing security model overview: Network infrastructure issues

  In this primer on cloud computing security, learn about the basics of data security in the cloud, how to secure network infrastructure and devices that interact with cloud-based services and the threats and attacks that pose a risk to enterprises.  Continue Reading

• Cloud computing security: Infrastructure issues

  Cloud computing offers many benefits by cutting costs and enabling a distributed workforce, but learning how the cloud computing infrastructure operates is essential to ensuring secure services. Diana Kelley and Char Sample offer a primer on cloud ...  Continue Reading

• Security questions to ask SaaS vendors when outsourcing services

  As financial-services firms turn to Software as a Service (SaaS) offerings to save money and increase efficiency, they need to make sure their SaaS providers implement strong data security. Someone providing SaaS is also supposed to be providing ...  Continue Reading