Tips

Tips

• VM sprawl and how to control it

  Learn about key steps for preventing an unmanageable proliferation of virtual machines.  Continue Reading

• Book chapter: Cloud security assessment techniques

  In this book chapter from Securing the Cloud, author J.R. “Vic” Winkler provides tools that can be used to evaluate the security of a cloud provider.  Continue Reading

• Cloud computing disaster recovery: Best practices for DR in the cloud

  The April Amazon outage underscored the need for enterprises to plan for failure.  Continue Reading

• Amazon EC2 security: Securing an EC2 instance

  Learn the basics for ensuring your EC2 instance is properly secured in this tip by security expert Dave Shackleford.  Continue Reading

• Cloud computing contracts and cloud outages

  An examination of what cloud providers offer customers in the event of service interruption.  Continue Reading

• Are dedicated EC2 instances enough for compliance?

  A review of Amazon’s new dedicated instances and whether they make the cloud safe for highly regulated companies.  Continue Reading

• Legacy application migration to the cloud and security

  Check your assumptions about security when moving legacy applications to the cloud.  Continue Reading

• Detecting and managing unauthorized use of cloud computing

  Want to know if developers or sales executives are moving data to the cloud? Here are three tools that can help.  Continue Reading

• Cloud security services: WAFs and DDoS attack prevention

  A look at some of the Web application firewall and distributed denial-of-service protection services offered in the cloud and via the cloud.  Continue Reading

• Ten key provisions in cloud computing contracts

  Cloud computing customers need to pay attention to contract terms, security requirements and other provisions.  Continue Reading

• Top virtualization security risks and how to prevent them

  Virtual environments present unique security threats. Learn about the top risks and how to mitigate them.  Continue Reading

• Cloud flow: Network flow analysis and application traffic monitoring

  How can you determine where and when your data is flowing to the cloud? In this tip, learn about network flow analysis and application traffic monitoring for cloud computing migrations.  Continue Reading

• Maintaining compliance with HIPAA security requirements in the cloud

  What do you do if you discover after the fact that PHI has already been moved to a cloud provider?  Continue Reading

• Evaluating IaaS providers: security risks

  There are a lot of cloud-based infrastructure services to choose from but companies need to weigh the associated risks.  Continue Reading

• Cloud encryption use cases

  A look at how encryption is handled in some common cloud computing architectures.  Continue Reading

• Public cloud services security: Terremark and Rackspace

  A look at some of the security capabilities in Terremark, Rackspace, and other hosting providers.  Continue Reading

• Managing hybrid cloud computing risks

  Learn about the top security considerations for hybrid cloud computing.  Continue Reading

• Cloud computing security concerns: How to audit cloud computing

  This chapter discusses key controls to look for when you are auditing IT operations that have been outsourced to external companies.  Continue Reading

• Meeting the PCI requirement for Web security in the cloud

  Moving to a cloud environment complicates compliance with PCI DSS Requirement 6.6.  Continue Reading

• Securing a multi-tenant environment

  Learn some of the key elements for secure multi-tenancy.  Continue Reading

• Incident response process in a cloud environment

  Cloud computing makes incident response much more complex. Here’s what you need to do to prepare.  Continue Reading

• The SAS 70 report and cloud service providers

  Is the SAS 70 a viable way to evaluate cloud providers’ security?  Continue Reading

• Public cloud security: AWS security and Microsoft Azure

  A look at the security capabilities offered in AWS and Microsoft’s hosted services.  Continue Reading

• Cloud computing access control: Access management services in the cloud

  Organizations should position themselves for cloud services by using open standards for access management.  Continue Reading

• Cloud computing legal issues: data location

  Where in the world a cloud service provider keeps your data could result in legal complications.  Continue Reading

• How to handle PCI DSS requirements for log management in the cloud

  Organizations that must comply with PCI and its log management requirements must be careful when using a cloud service.  Continue Reading

• Cloud computing legal considerations

  Cloud computing services present many legal issues. Organizations need to tread carefully and perform due diligence.  Continue Reading

• Developing cloud computing contracts

  Learn the critical considerations for cloud computing contracts in order to protect your organization.  Continue Reading

• Managing PCI DSS requirements compliance when moving to the cloud

  Despite the challenges, organizations can maintain PCI compliance when migrating to a cloud computing service with careful analysis and strategic planning. Ed Moyle explains how.  Continue Reading

• The hypervisor security patch management process

  Enterprises using virtualization must include hypervisor patching in their patch management process. Robbie Higgins explains why.  Continue Reading

• Digital forensic challenges in a cloud computing environment

  Cloud computing creates difficulties for digital forensic investigators.  Continue Reading

• How to assess cloud computing risks

  Organizations should ask six risk assessment questions before moving an application or process to the cloud.  Continue Reading

• Ensuring data security with cloud encryption

  Encryption is fundamental for protecting sensitive data but can be complicated in the cloud.  Continue Reading

• Top cloud identity management considerations

  Organizations looking to use cloud computing services need to integrate identity management mechanisms into their plans.  Continue Reading

• Cloud security standards provide assessment guidelines

  The Cloud Security Alliance Cloud Controls Matrix helps cloud providers and customers to evaluate security controls.  Continue Reading

• Moving log management to a cloud computing provider

  Cloud-based log management comes with benefits and challenges.  Continue Reading

• Compensating controls can help boost cloud compliance

  Cloud computing can be attractive for IT services, except when it's time to figure out a compliance strategy. Chenxi Wang of Forrester Research explains the cloud compliance complexities and offers four compensating controls that can help.  Continue Reading

• SaaS evaluation: Considerations for a SaaS service-level agreement

  Before signing-on with a SaaS provider, it's important to thoroughly examine the impact that SaaS will have on your infrastructure. In this tip, Scott Crawford explains how to examine SaaS impact, and how to incorporate your findings into a ...  Continue Reading

• Simplifying cloud computing security audit procedures

  As a channel partner, you're in the perfect spot to guide customers through the thicket of cloud services. Beth Cohen points out cloud computing security challenges and the best practices that can address them.  Continue Reading

• Secure cloud computing how-to documents

  Ernie Hayden explains where providers should go to obtain the guidance necessary to manage security in a cloud computing project.  Continue Reading

• Cloud computing compliance: Exploring data security in the cloud

  If you're looking to outsource sensitive data with a cloud service provider, you'll want to ask the right questions regarding cloud computing compliance and security issues. Learn more about the questions to ask providers about cloud computing data ...  Continue Reading

• Maintaining security after a cloud computing implementation

  You've just migrated your organization's applications and data in the cloud. The task of ensuring ongoing security has only just begun. Michael Cobb reviews how to work with your cloud provider.  Continue Reading

• Four things to remember about server virtualization security concerns

  While security issues in virtual server farms are fundamentally the same as an existing physical environment, there are several details you need to be aware of.  Continue Reading

• Preparing the network for a cloud computing implementation

  Although a cloud provider may offer specific defenses, you are ultimately responsible for the security of your data. Michael Cobb explains how to prepare when your network infrastructure extends to the cloud.  Continue Reading

• How to justify information security spending on cloud computing

  In part 1 of this chapter excerpt from The Shortcut Guide to Prioritizing Security Spending, author Dan Sullivan reviews the data security and compliance measures that must be established between you and your cloud provider.  Continue Reading

• How to choose hosted Web security services

  Hosted Web security services that analyze Web traffic for malware are an attractive alternative to on-premise Web security gateways.  Continue Reading

• Software-as-a-service a good choice for fighting spam

  SaaS allows midmarket companies with small IT staffs to offload the workload and expertise needed to fight the flood of spam inundating their email servers.  Continue Reading

• Cloud computing security: Infrastructure issues

  Cloud computing offers many benefits by cutting costs and enabling a distributed workforce, but learning how the cloud computing infrastructure operates is essential to ensuring secure services. Diana Kelley and Char Sample offer a primer on cloud ...  Continue Reading

• Cloud computing security: Choosing a VPN type to connect to the cloud

  How do VPNs interact with the cloud, and how can enterprises best utilize the combined technologies? In this tip, experts Diana Kelley and Char Sample lay out the devices to consider securing when connecting to the cloud, as well as possible VPN ...  Continue Reading

• Cloud computing security: Routing and DNS security threats

  Outsourcing services to the cloud can reduce IT spending, but it's important to account for the security risks. Learn about the routing and DNS security threats that exist in the cloud, including evil twin attacks, the re-routing of Internet traffic...  Continue Reading

• Cloud computing security model overview: Network infrastructure issues

  In this primer on cloud computing security, learn about the basics of data security in the cloud, how to secure network infrastructure and devices that interact with cloud-based services and the threats and attacks that pose a risk to enterprises.  Continue Reading

• Security questions to ask SaaS vendors when outsourcing services

  As financial-services firms turn to Software as a Service (SaaS) offerings to save money and increase efficiency, they need to make sure their SaaS providers implement strong data security. Someone providing SaaS is also supposed to be providing ...  Continue Reading