Tips

Tips

• Overcoming big data security challenges in cloud environments

  Expert Dave Shackleford distills advice from the CSA on the most pressing big data security challenges for enterprises in cloud environments.  Continue Reading

• VMware NSX platform: Implications for network virtualization security

  Expert Paul Kirvan discusses the debut of the VMware NSX platform and what it means to both network virtualization security and cloud security.  Continue Reading

• Ensuring cloud application security amid a cloud application migration

  Expert Paul Kirvan explains how to conduct a security profiling exercise to ensure application security is part of a cloud application migration plan.  Continue Reading

• Five things you can learn from the NASA cloud computing audit report

  NASA recently released a cloud computing audit report with best practices enterprises can use to assess and improve their cloud governance practices.  Continue Reading

• Cloud stack security: Understanding cloud VM risk scenarios

  Expert Dave Shackleford explains how cloud stack security must withstand a variety of a current and emerging threats, particularly cloud VM risk.  Continue Reading

• How to assess cloud risk tolerance

  Assessing risk tolerance is a key part of a cloud risk management strategy. In this tip expert Ed Moyle explains how to assess cloud risk tolerance.  Continue Reading

• Gauging cloud forensics: Ten questions to ask cloud providers

  Drawing from recent CSA guidance, expert Dave Shackleford lists key questions to ask cloud providers to determine their cloud forensics capabilities.  Continue Reading

• Storing data in the cloud: Addressing data location security issues

  When storing data in the cloud, ignoring the physical location of cloud data is a major mistake. Learn how to prevent data location security issues.  Continue Reading

• An introduction to enterprise hybrid cloud security

  A custom cloud infrastructure requires a special set of security controls. Get advice on how to implement hybrid cloud security the right way.  Continue Reading

• SOC 2 reports: The de facto cloud provider security standard

  They're not perfect, but SOC 2 reports are becoming the baseline for cloud provider security assessments. Expert Dave Shackleford discusses.  Continue Reading

• Cloud endpoint security considerations: Deployment, alerts and reports

  Key functions are missing in many cloud-based endpoint security services. Kevin Tolly of The Tolly Group reviews deployment, alerting and reporting.  Continue Reading

• Cloud endpoint security considerations: Endpoint security management

  Kevin Tolly of The Tolly Group compares the management functionality of five cloud endpoint security services.  Continue Reading

• Rogue cloud computing: Reining in ad hoc cloud usage in the enterprise

  Rogue cloud usage increases enterprise information security risk. Paul Kirvan explains why and covers how to find and manage ad hoc cloud computing.  Continue Reading

• Three practices to prevent cloud vendor lock-in

  Expert Ed Moyle offers three tips for preventing cloud lock-in long after contract negotiations are complete.  Continue Reading

• Cloud data breach notification: Defining legal obligations

  Francoise Gilbert provides a cloud data breach notification overview for enterprises concerned about placing personal information in the cloud.  Continue Reading

• Amazon S3 encryption overview: How to secure data in the Amazon cloud

  Learn details for employing Amazon S3 encryption features. Expert Dave Shackleford compares S3 encryption to other cloud provider offerings.  Continue Reading

• Cloud computing insider threats: Exploring risk scenarios, mitigations

  Do cloud computing insider threats seem unlikely? Think again. Paul Kirvan offers scenarios and key questions for providers to reduce the risk.  Continue Reading

• Can self-managed cloud security controls ease enterprise concerns?

  Expert Dave Shackleford details how enterprises can increasingly manage their own cloud security controls with private virtual cloud offerings.  Continue Reading

• How to use PCI SSC supplement to achieve PCI compliance in the cloud

  Ed Moyle examines highlights of the recently released PCI SSC information supplement that offers new details on achieving PCI compliance in the cloud.  Continue Reading

• Cloud API security risks: How to assess cloud service provider APIs

  The CSA says cloud API security is a top threat to cloud environments. Expert Dave Shackleford explains how to assess the security of providers' APIs.  Continue Reading

• How to implement a standards-based cloud risk assessment strategy

  Learn how to how to choose, develop and begin implementing a standards-based framework for enterprise cloud computing risk assessments.  Continue Reading

• The other cloud atlas: Building a cloud service provider inventory

  Struggling with rogue cloud usage? Ed Moyle explains how and why a cloud service provider inventory can help manage multiple cloud service providers.  Continue Reading

• How to develop cloud applications based on Web app security lessons

  Expert Dave Shackleford details how to build cloud applications based on typical Web app security flaws and cloud provider tools and platforms.  Continue Reading

• Cloud application inventory tracking best practices

  Brien Posey discusses the pros and cons of application inventory tracking in the cloud, and advises enterprises on what to track in the cloud and why.  Continue Reading

• SaaS, cloud computing vulnerability management: Choosing a provider

  Cloud-based vulnerability scanning is gaining market share. Learn how to decide if these services are a good fit for you and how to choose a provider.  Continue Reading

• Cross-VM side-channel attacks: How to defend cloud infrastructures

  Expert Dave Shackleford analyzes the likelihood and effects of cross-VM side channel attacks in the cloud and offers mitigations for concerned users.  Continue Reading

• How do international data privacy laws compare to the Patriot Act?

  What level of data privacy exists in the global cloud? Expert Francoise Gilbert compares international data privacy laws with the Patriot Act.  Continue Reading

• How cloud management consoles aid enterprise cloud security management

  Ajay Kumar explains what cloud management consoles are and how they can help enterprises keep cloud systems and data secure.  Continue Reading

• How to overcome unique cloud-based patch management challenges

  Expert Dave Shackleford discusses how patch management differs in a cloud environment and provides tips for dealing with new patching obstacles.  Continue Reading

• NIST cloud security spec addresses cloud geolocation, data security

  The new NIST cloud security proof-of-concept implementation details how to manage workloads based on cloud geolocation data.  Continue Reading

• Evaluating cloud-based disaster recovery service options

  What considerations should be made when adopting a cloud-based disaster recovery service? Expert Dave Shackleford provides guidance.  Continue Reading

• Developing a cloud SLA: Key security and compliance issues

  Organizations need to cover key risk areas when writing cloud provider service level agreements.  Continue Reading

• Logging in the cloud: Assessing the options and key considerations

  Expert Dave Shackleford considers a variety of options for logging in the cloud and determines which choice works best for enterprises.  Continue Reading

• Post-implementation virtualization security issues

  Security pros must be aware of complications that can develop after a virtualization deployment.  Continue Reading

• Cloud management platforms key for cloud security

  A new breed of tools eases the complexities of managing cloud infrastructures, including security.  Continue Reading

• Security incident management in the cloud: Tackling the challenges

  Identifying security incidents in cloud environments isn't easy, but there are steps companies can take to ease the process.  Continue Reading

• An examination of PaaS security challenges

  Organizations need to consider the security implications associated with data location, privileged access and a distributed architecture in the PaaS model.  Continue Reading

• Email security best practices for email Security as a Service

  Cloud-based email security services offer many advantages, but to avoid problems organizations must follow best practices when evaluating providers.  Continue Reading

• Password-based authentication: A weak link in cloud authentication

  Password cracking tools demonstrate the weakness of passwords for securing cloud services.  Continue Reading

• Intrusion detection in the cloud: Public cloud IDS considerations

  Find out about key issues to weigh when implementing IDS in public cloud environments, and options available.  Continue Reading

• Software license management in the cloud: A complex process

  Managing software licenses in virtual environments is complicated. Find out strategies for tackling this challenge.  Continue Reading

• AWS firewall options for cloud network security

  Organizations have limited choices for implementing firewall controls in Amazon's cloud.  Continue Reading

• DNS in the cloud: Building a secure DNS architecture

  Cloud customers need to make sure cloud providers are taking steps to secure their DNS infrastructure, including DNSSEC signed zones.  Continue Reading

• DNS attacks: Compromising DNS in the cloud

  An examination of DNS attack vectors in the IaaS environment.  Continue Reading

• Article 29 Working Party cloud computing opinion: Blow to Safe Harbor?

  European Union data protection authorities cast doubt on Safe Harbor self-certification for cloud providers.  Continue Reading

• Community cloud not a cure-all for cloud compliance

  Using the community cloud model helps address compliance concerns, but, in the end, organizations are still responsible for meeting their compliance obligations.  Continue Reading

• Virtualization vulnerabilities and virtualization security threats

  Vulnerabilities affecting VMware and other virtualization platforms underscore the need for patch management and risk management in virtual and cloud environments.  Continue Reading

• IaaS security puts spotlight on hypervisor security, tenant management

  Virtualization security is at the core of IaaS security.  Continue Reading

• Vertical cloud providers and cloud transparency

  An examination of some vertical-specific CSPs shows security details are hard to find.  Continue Reading

• Cloud computing vendor lock-in: Avoiding security pitfalls

  Unscrupulous cloud providers can use security controls to make it hard to switch vendors. Know the questions to ask to avoid cloud lock-in.  Continue Reading

• Windows Server 8 Hyper-V security: A look at the new features

  Microsoft’s upcoming new Hyper-V platform features new security capabilities.  Continue Reading

• Cloud DLP: Understanding how DLP works in virtual, cloud environments

  Applying DLP technology to virtual machines can enable cloud computing with enhanced security and compliance.  Continue Reading

• Leveraging Microsoft Azure security features for PaaS security

  Organizations can boost PaaS security late in the game by implementing these stopgap measures.  Continue Reading

• Cloud Security as a Service for secure cloud-based server hosting

  Expert Joseph Granneman looks at cloud Security as a Service options, like encryption and IdM, for ensuring secure cloud-based server hosting.  Continue Reading

• Demystifying the Patriot Act: Cloud computing impact

  An examination of the rules for federal data access shows that it’s actually a complex, difficult process.  Continue Reading

• Countering cloud computing threats: Malicious insiders

  Learn the questions to ask in order to vet your cloud provider’s hiring practices and administrative controls.  Continue Reading

• Five steps for achieving PaaS security in the cloud

  Securing PaaS requires implementing application security fundamentals.  Continue Reading

• Windows 8 authentication: An examination of the new cloud-based option

  A look at the new cloud-based authentication feature included in the latest version of Microsoft’s operating system.  Continue Reading

• Emerging PaaS security tactics for cloud application security

  Securing cloud applications via PaaS can be tricky when providers hold much of the control. Diana Kelley examines emerging PaaS security tactics.  Continue Reading

• PCI virtualization compliance: Three steps for PCI compliance in the cloud

  PCI compliance in the cloud is tough but implementing these strategies can help.  Continue Reading

• Development of NIST cloud security guidelines a complex process

  Several public-private partnerships are working to develop specifications to support the NIST roadmap.  Continue Reading

• Using SSAE 16 standard, SOC reports to assess cloud provider security

  The SAS 70 report has been replaced by the SSAE 16, but how does it stack up as a tool to measure a provider’s security?  Continue Reading

• Massachusetts 201 CMR 17.00 and cloud services

  Organizations face a March 1 deadline for ensuring their cloud and other service providers comply with Massachusetts’ data protection regulation.  Continue Reading

• Are cloud providers HIPAA business associates?

  Deciding whether your cloud provider is a business associate comes down to a judgment call based on the type of cloud usage.  Continue Reading

• SaaS security: Weighing SaaS encryption options

  A look at SaaS encryption techniques and challenges.  Continue Reading

• The proposed EU data protection regulation and its impact on cloud users

  Cloud customers and cloud providers would face stricter data security requirements under draft European regulation.  Continue Reading

• Cloud content security: Understanding SaaS data protection options

  Forrester Research's Rick Holland examines transitioning to a cloud content security model, and explores today's SaaS data protection options.  Continue Reading

• VMware configuration management, patching best practices

  How to use vSphere 5 tools to streamline configuration and patch management.  Continue Reading

• Detecting VM sprawl in a private cloud

  Learn techniques and tools to track rogue images and inappropriate use.  Continue Reading

• Cloud outages and cloud computing breaches: Lessons learned

  Recent incidents illustrate the need for redundancy and provider security reviews.  Continue Reading

• Stepping carefully into health care cloud computing

  Health care providers must plan any cloud migration carefully to protect patient safety and maintain HIPAA compliance.  Continue Reading

• Cloud computing and security: It’s all about automation

  An API-driven strategy could streamline cloud security and improve security overall.  Continue Reading

• NIST guidance cites cloud security gaps, need for standards

  The NIST roadmap was designed to foster government cloud adoption but is helpful for private businesses as well.  Continue Reading

• How to evaluate virtual firewalls

  Enterprises have a lot of choice when it comes to virtual firewalls. Here’s what you should look for.  Continue Reading

• Cloud contracts: Cloud computing pricing

  The unpredictability of cloud service pricing can make budgeting difficult for CIOs and CISOs.  Continue Reading

• Testing IaaS security

  An experiment using Rackspace illustrates the risks to unsecured IaaS servers.  Continue Reading

• Private cloud computing security issues

  Don’t overlook the risks of private cloud deployments. Here are five security issues to consider.  Continue Reading

• Cloud computing encryption and IaaS security

  Learn how to encrypt two kinds of IaaS storage for data protection.  Continue Reading

• ESXi firewall functionality in vSphere 5

  vSphere 5 offers new capabilities for enterprises to bolster their virtualization security.  Continue Reading

• Techniques for sensitive data discovery in the cloud

  Tracking data is complex in cloud environments, but there are a number of tools and compliance activities organizations can leverage.  Continue Reading

• Security SaaS pros and cons

  Security Software as a Service can streamline security but there are some risks that organizations should consider.  Continue Reading

• Planning for cloud e-discovery: functions and procedures

  Companies need to plan ahead for how they will gather evidence in the cloud.  Continue Reading

• Network segmentation best practices in virtual and private cloud environments

  Learn how to apply network isolation to ensure security in your virtualized infrastructure.  Continue Reading

• Using DLP tools for cloud computing security

  A look at some ways that data loss prevention technology can help address cloud security issues.  Continue Reading

• Cloud authentication: Avoiding SSO land mines in the cloud

  Companies that have invested in SSO need to address authentication issues before moving to the cloud.  Continue Reading

• Cloud risk assessment and ISO 27000 standards

  How do you measure the trustworthiness of a cloud service provider? The ISO 27000 security series can help.  Continue Reading

• E-Discovery Cloud Considerations

  What happens if your company needs to preserve evidence stored with a cloud provider?  Continue Reading

• Configuration management processes in virtualized environments

  Patch and configuration management can be time consuming, but tools can streamline the process for virtual systems.  Continue Reading

• Cloud computing and health care DR planning

  Downtime is bad for any company, but in health care it can have devastating consequences. Understand how the cloud impacts your disaster recovery plans.  Continue Reading

• Amazon S3 security: Exploiting misconfigurations

  A tool uses standard wordlists to expose vulnerabilities in Amazon S3 implementations.  Continue Reading

• A six-step virtualization risk assessment process

  Learn how to perform a risk assessment on your virtual environments.  Continue Reading

• Cloud IAM: Creating connectors for dynamic cloud provisioning of users

  Implementing dynamic provisioning between an enterprise and a cloud service provider takes a lot of work, but as expert Phil Cox explains, it can result in both cost and time savings.  Continue Reading

• What the PCI virtualization guidance means for PCI compliance in the cloud

  The PCI council’s recent guidance on virtualization shows that PCI compliance is a shared responsibility in the cloud.  Continue Reading

• Cloud risk assessment: Data center security and resiliency

  How do you determine if a cloud provider’s data center has the level of redundancy and resiliency your company needs?  Continue Reading

• Cloud risk management: Managing the risk of cloud outages

  Companies need to prepare for the eventuality of cloud service interruptions.  Continue Reading

• How to build a private cloud securely using OpenStack

  Learn basic steps for deploying OpenStack securely when building a private cloud.  Continue Reading

• How to pen test cloud computing environments

  Performing penetration tests in the cloud comes with unique considerations that organizations must take into account.  Continue Reading

• A framework for evaluating cloud computing risk

  One approach for building a customized, due-diligence process for evaluating cloud provider risk and presenting the results to management.  Continue Reading

• Cloud risk management requires revisiting risk assumptions

  Cloud computing concentrates risk, requiring organizations re-examine their risk assumptions.  Continue Reading

• VM sprawl and how to control it

  Learn about key steps for preventing an unmanageable proliferation of virtual machines.  Continue Reading