Practical Advice to Harden Multi-Cloud Environments
By Paul South
Jeremy Snyder traveled the globe for several years learning how companies large and small secured their multi-cloud environments. The result of this international listening tour? A list of 10 recommendations for how to improve your multi-cloud security posture—a goal that’s now more important than ever with the shift to remote work and bad actors seeking novel ways to infiltrate public, private and hybrid cloud infrastructures accessed from so many more entry points. Read More
The Evolution of Vulnerability Management on Cloud Endpoints
By Oscar Monge España, CISSP, CCSP
One of the most common challenges when securing the cloud is not having full visibility of all resources deployed. This exponentially increases the exposure factor, which could lead to a possible breach.
Six to eight years ago, when organizations started moving to the cloud, the main goal was a smooth transition in order to quickly reap the benefits of cloud to deploy workloads and reduce capital expenditures. Security came later. Read More
Is It Time to Buy into Cloud Security Posture Management?
By Anne Saita
Mistakes happen. When it comes to cloud services, it’s important to know who is responsible when a mistake causes financial and reputational damage. With so many “shared responsibility models” currently being rewritten, now is an opportune time to consider the liabilities from cloud misconfigurations and technical solutions to help minimize them. Read More
Survey: Security Lags as Cloud Use Rapidly Grows More Complex
By Shawna McAlearney
Offering flexibility, convenience and speed to drive business initiatives, the cloud continues to present unrivaled opportunities for innovation—if it can be properly secured. Unfortunately, security efforts are still coming up short in many environments.
“Between the use of multiple cloud platforms and heterogeneous security solutions, to the lack of qualified personnel needed to implement and manage them, enterprises find themselves compromising security to achieve their business objectives,” according to FireMon’s The 2020 State of Hybrid Cloud Security survey of 522 IT and security professionals. Read More
Building a Hardened Container Infrastructure—In and Outside of the Cloud
By Matt Gillespie
Bank vaults, mainframes and mountain fortresses are desirable for their lack of subtlety. Protection of their contents is ensured by sheer heft, so proprietors can focus elsewhere.
That calculus changes when low overhead is paramount. For instance, Linux containers epitomize lightweight, ephemeral infrastructure. And workloads that by design exist with only fleeting ties to physical systems must rely elsewhere for protection. Read More
Bringing PKI to the Cloud May Be Easier than You Think—And Already Happening
Most cybersecurity professionals are familiar with public key infrastructure (PKI) as it relates to creating and managing digital identities for people, platforms and devices across an enterprise. That increasingly includes building or outsourcing PKI within the cloud.
“We have always consumed PKI in the cloud, we just haven’t called it that because we have gone out and bought SSL certs that are publicly-rooted from the vendors,” explained Chris Hickman, the chief security officer for PKI-as-a-service provider Keyfactor, during an (ISC)2 roundtable discussion. “If we look at the history of certificates and how they were used, one could easily argue that PKI was actually one of the first applications in the cloud, by virtue of needing a certificate to protect my e-commerce website or my website. In general, that was what I did: I went out and bought a cert. That cert was from somebody who was providing PKI in the cloud. It is actually not a new concept.” Read More