Tips

Tips

• Cloud forensics: An intro to cloud network forensic data collection

  This introduction to cloud forensics explores the challenges of collecting cloud network forensic data and finding a provider to support the process.  Continue Reading

• Multifactor authentication in the cloud: Assessing provider services

  Expert Dave Shackleford discusses authentication in the cloud, including details on the multifactor authentication services of major cloud providers.  Continue Reading

• Cloud stack security: Understanding cloud VM risk scenarios

  Expert Dave Shackleford explains how cloud stack security must withstand a variety of a current and emerging threats, particularly cloud VM risk.  Continue Reading

• How to assess cloud risk tolerance

  Assessing risk tolerance is a key part of a cloud risk management strategy. In this tip expert Ed Moyle explains how to assess cloud risk tolerance.  Continue Reading

• Storing data in the cloud: Addressing data location security issues

  When storing data in the cloud, ignoring the physical location of cloud data is a major mistake. Learn how to prevent data location security issues.  Continue Reading

• SOC 2 reports: The de facto cloud provider security standard

  They're not perfect, but SOC 2 reports are becoming the baseline for cloud provider security assessments. Expert Dave Shackleford discusses.  Continue Reading

• Three practices to prevent cloud vendor lock-in

  Expert Ed Moyle offers three tips for preventing cloud lock-in long after contract negotiations are complete.  Continue Reading

• Cloud data breach notification: Defining legal obligations

  Francoise Gilbert provides a cloud data breach notification overview for enterprises concerned about placing personal information in the cloud.  Continue Reading

• Amazon S3 encryption overview: How to secure data in the Amazon cloud

  Learn details for employing Amazon S3 encryption features. Expert Dave Shackleford compares S3 encryption to other cloud provider offerings.  Continue Reading

• Cloud API security risks: How to assess cloud service provider APIs

  The CSA says cloud API security is a top threat to cloud environments. Expert Dave Shackleford explains how to assess the security of providers' APIs.  Continue Reading

• Cloud application inventory tracking best practices

  Brien Posey discusses the pros and cons of application inventory tracking in the cloud, and advises enterprises on what to track in the cloud and why.  Continue Reading

• SaaS, cloud computing vulnerability management: Choosing a provider

  Cloud-based vulnerability scanning is gaining market share. Learn how to decide if these services are a good fit for you and how to choose a provider.  Continue Reading

• Cross-VM side-channel attacks: How to defend cloud infrastructures

  Expert Dave Shackleford analyzes the likelihood and effects of cross-VM side channel attacks in the cloud and offers mitigations for concerned users.  Continue Reading

• How to overcome unique cloud-based patch management challenges

  Expert Dave Shackleford discusses how patch management differs in a cloud environment and provides tips for dealing with new patching obstacles.  Continue Reading

• Logging in the cloud: Assessing the options and key considerations

  Expert Dave Shackleford considers a variety of options for logging in the cloud and determines which choice works best for enterprises.  Continue Reading

• Security incident management in the cloud: Tackling the challenges

  Identifying security incidents in cloud environments isn't easy, but there are steps companies can take to ease the process.  Continue Reading

• An examination of PaaS security challenges

  Organizations need to consider the security implications associated with data location, privileged access and a distributed architecture in the PaaS model.  Continue Reading

• Password-based authentication: A weak link in cloud authentication

  Password cracking tools demonstrate the weakness of passwords for securing cloud services.  Continue Reading

• Intrusion detection in the cloud: Public cloud IDS considerations

  Find out about key issues to weigh when implementing IDS in public cloud environments, and options available.  Continue Reading

• AWS firewall options for cloud network security

  Organizations have limited choices for implementing firewall controls in Amazon's cloud.  Continue Reading

• DNS attacks: Compromising DNS in the cloud

  An examination of DNS attack vectors in the IaaS environment.  Continue Reading

• Virtualization vulnerabilities and virtualization security threats

  Vulnerabilities affecting VMware and other virtualization platforms underscore the need for patch management and risk management in virtual and cloud environments.  Continue Reading

• Vertical cloud providers and cloud transparency

  An examination of some vertical-specific CSPs shows security details are hard to find.  Continue Reading

• Cloud DLP: Understanding how DLP works in virtual, cloud environments

  Applying DLP technology to virtual machines can enable cloud computing with enhanced security and compliance.  Continue Reading

• Leveraging Microsoft Azure security features for PaaS security

  Organizations can boost PaaS security late in the game by implementing these stopgap measures.  Continue Reading

• Cloud Security as a Service for secure cloud-based server hosting

  Expert Joseph Granneman looks at cloud Security as a Service options, like encryption and IdM, for ensuring secure cloud-based server hosting.  Continue Reading

• Demystifying the Patriot Act: Cloud computing impact

  An examination of the rules for federal data access shows that it’s actually a complex, difficult process.  Continue Reading

• Countering cloud computing threats: Malicious insiders

  Learn the questions to ask in order to vet your cloud provider’s hiring practices and administrative controls.  Continue Reading

• Five steps for achieving PaaS security in the cloud

  Securing PaaS requires implementing application security fundamentals.  Continue Reading

• Emerging PaaS security tactics for cloud application security

  Securing cloud applications via PaaS can be tricky when providers hold much of the control. Diana Kelley examines emerging PaaS security tactics.  Continue Reading

• Using SSAE 16 standard, SOC reports to assess cloud provider security

  The SAS 70 report has been replaced by the SSAE 16, but how does it stack up as a tool to measure a provider’s security?  Continue Reading

• SaaS security: Weighing SaaS encryption options

  A look at SaaS encryption techniques and challenges.  Continue Reading

• VMware configuration management, patching best practices

  How to use vSphere 5 tools to streamline configuration and patch management.  Continue Reading

• How to evaluate virtual firewalls

  Enterprises have a lot of choice when it comes to virtual firewalls. Here’s what you should look for.  Continue Reading

• Private cloud computing security issues

  Don’t overlook the risks of private cloud deployments. Here are five security issues to consider.  Continue Reading

• Cloud computing encryption and IaaS security

  Learn how to encrypt two kinds of IaaS storage for data protection.  Continue Reading

• Techniques for sensitive data discovery in the cloud

  Tracking data is complex in cloud environments, but there are a number of tools and compliance activities organizations can leverage.  Continue Reading

• Network segmentation best practices in virtual and private cloud environments

  Learn how to apply network isolation to ensure security in your virtualized infrastructure.  Continue Reading

• Cloud risk assessment and ISO 27000 standards

  How do you measure the trustworthiness of a cloud service provider? The ISO 27000 security series can help.  Continue Reading

• Configuration management processes in virtualized environments

  Patch and configuration management can be time consuming, but tools can streamline the process for virtual systems.  Continue Reading

• Amazon S3 security: Exploiting misconfigurations

  A tool uses standard wordlists to expose vulnerabilities in Amazon S3 implementations.  Continue Reading

• A six-step virtualization risk assessment process

  Learn how to perform a risk assessment on your virtual environments.  Continue Reading

• How to build a private cloud securely using OpenStack

  Learn basic steps for deploying OpenStack securely when building a private cloud.  Continue Reading

• How to pen test cloud computing environments

  Performing penetration tests in the cloud comes with unique considerations that organizations must take into account.  Continue Reading

• A framework for evaluating cloud computing risk

  One approach for building a customized, due-diligence process for evaluating cloud provider risk and presenting the results to management.  Continue Reading

• Cloud computing disaster recovery: Best practices for DR in the cloud

  The April Amazon outage underscored the need for enterprises to plan for failure.  Continue Reading

• Amazon EC2 security: Securing an EC2 instance

  Learn the basics for ensuring your EC2 instance is properly secured in this tip by security expert Dave Shackleford.  Continue Reading

• Legacy application migration to the cloud and security

  Check your assumptions about security when moving legacy applications to the cloud.  Continue Reading

• Detecting and managing unauthorized use of cloud computing

  Want to know if developers or sales executives are moving data to the cloud? Here are three tools that can help.  Continue Reading

• Ten key provisions in cloud computing contracts

  Cloud computing customers need to pay attention to contract terms, security requirements and other provisions.  Continue Reading

• Top virtualization security risks and how to prevent them

  Virtual environments present unique security threats. Learn about the top risks and how to mitigate them.  Continue Reading

• Cloud flow: Network flow analysis and application traffic monitoring

  How can you determine where and when your data is flowing to the cloud? In this tip, learn about network flow analysis and application traffic monitoring for cloud computing migrations.  Continue Reading

• Cloud encryption use cases

  A look at how encryption is handled in some common cloud computing architectures.  Continue Reading

• Public cloud services security: Terremark and Rackspace

  A look at some of the security capabilities in Terremark, Rackspace, and other hosting providers.  Continue Reading

• Cloud computing security concerns: How to audit cloud computing

  This chapter discusses key controls to look for when you are auditing IT operations that have been outsourced to external companies.  Continue Reading

• Securing a multi-tenant environment

  Learn some of the key elements for secure multi-tenancy.  Continue Reading

• Incident response process in a cloud environment

  Cloud computing makes incident response much more complex. Here’s what you need to do to prepare.  Continue Reading

• Public cloud security: AWS security and Microsoft Azure

  A look at the security capabilities offered in AWS and Microsoft’s hosted services.  Continue Reading

• Cloud computing legal issues: data location

  Where in the world a cloud service provider keeps your data could result in legal complications.  Continue Reading

• How to handle PCI DSS requirements for log management in the cloud

  Organizations that must comply with PCI and its log management requirements must be careful when using a cloud service.  Continue Reading

• The hypervisor security patch management process

  Enterprises using virtualization must include hypervisor patching in their patch management process. Robbie Higgins explains why.  Continue Reading

• Cloud computing legal considerations

  Cloud computing services present many legal issues. Organizations need to tread carefully and perform due diligence.  Continue Reading

• Developing cloud computing contracts

  Learn the critical considerations for cloud computing contracts in order to protect your organization.  Continue Reading

• Digital forensic challenges in a cloud computing environment

  Cloud computing creates difficulties for digital forensic investigators.  Continue Reading

• Ensuring data security with cloud encryption

  Encryption is fundamental for protecting sensitive data but can be complicated in the cloud.  Continue Reading

• Cloud security standards provide assessment guidelines

  The Cloud Security Alliance Cloud Controls Matrix helps cloud providers and customers to evaluate security controls.  Continue Reading

• Compensating controls can help boost cloud compliance

  Cloud computing can be attractive for IT services, except when it's time to figure out a compliance strategy. Chenxi Wang of Forrester Research explains the cloud compliance complexities and offers four compensating controls that can help.  Continue Reading

• SaaS evaluation: Considerations for a SaaS service-level agreement

  Before signing-on with a SaaS provider, it's important to thoroughly examine the impact that SaaS will have on your infrastructure. In this tip, Scott Crawford explains how to examine SaaS impact, and how to incorporate your findings into a ...  Continue Reading

• Simplifying cloud computing security audit procedures

  As a channel partner, you're in the perfect spot to guide customers through the thicket of cloud services. Beth Cohen points out cloud computing security challenges and the best practices that can address them.  Continue Reading

• Cloud computing security: Choosing a VPN type to connect to the cloud

  How do VPNs interact with the cloud, and how can enterprises best utilize the combined technologies? In this tip, experts Diana Kelley and Char Sample lay out the devices to consider securing when connecting to the cloud, as well as possible VPN ...  Continue Reading

• Cloud computing security model overview: Network infrastructure issues

  In this primer on cloud computing security, learn about the basics of data security in the cloud, how to secure network infrastructure and devices that interact with cloud-based services and the threats and attacks that pose a risk to enterprises.  Continue Reading

• Cloud computing security: Infrastructure issues

  Cloud computing offers many benefits by cutting costs and enabling a distributed workforce, but learning how the cloud computing infrastructure operates is essential to ensuring secure services. Diana Kelley and Char Sample offer a primer on cloud ...  Continue Reading

• Security questions to ask SaaS vendors when outsourcing services

  As financial-services firms turn to Software as a Service (SaaS) offerings to save money and increase efficiency, they need to make sure their SaaS providers implement strong data security. Someone providing SaaS is also supposed to be providing ...  Continue Reading