InfoQ Homepage Cloud Security Content on InfoQ
-
Diving into Zero Trust Security
The Zero Trust approach involves a combination of more-secure authentication approaches, such as MFA with profiling and posturing of the client device, along with some stronger encryption checks. This article shares some insights on Zero Trust Security for your organization and your customers, and how you can get started with it.
-
Evolving DevSecOps to Include Policy Management
A thorough implementation of policy management tools is required for effective compliance and security management in a DevOps environment. Companies that accept policy management in DevSecOps as a way of development and have adopted some level of policy management best practices tend to operate more efficiently.
-
The Role of DevOps in Cloud Security Management
Different areas of cloud security must be examined to strengthen security in the cloud versus security of the cloud. This includes identifying requirements, defining the architecture, analyzing controls, and identifying gaps. Security must be both proactive and reactive, so it needs to be considered in every step of development.
-
Designing Secure Tenant Isolation in Python for Serverless Apps
Software as a Service (SaaS) has become a very common way to deliver software today. While providing the benefits of easy access to users without the overhead of having to manage the operations themselves, this flips the paradigm and places the responsibility on software providers for maintaining ironclad SLAs, as well as all of the security and data privacy requirements.
-
Strategies for Assessing and Prioritizing Security Risks Such as Log4j
The evolving threat landscape requires a comprehensive approach to mitigation. An effective strategy is built on visibility, assessing vulnerabilities in context, effective use of filtering technologies, and monitoring for evidence of intrusion.
-
Insights into the Emerging Prevalence of Software Vulnerabilities
The software exploit landscape is constantly evolving and organizations need to be structured to stay ahead of these risks. A solid platform built on software best practices, education, and a good understanding of the threat landscape is critical to a strong defensive posture.
-
Is Docker Secure Enough? Advice for Configuring Secure Container Images and Runtimes
Ensure that Docker is secure enough by fine-tuning the security approach to meet your use cases. It is important to have an understanding of the differences between the Docker image and the Docker runtime and the security implications and priorities for each. This article covers a number of techniques for ensuring appropriate security for Docker.
-
Using Cloud Native Buildpacks to Address Security Requirements for the Software Supply Chain
Software supply chain attacks are increasing in severity and frequency, with no clear path laid out towards its mitigation. A simple way to trace the origin of vulnerable components is available in the form of Software Bill Of Materials (SBOMs), generated automatically when using Buildpacks.
-
Virtual Panel: DevSecOps and Shifting Security Left
Recent attacks, that targeted SolarWinds, Colonial Pipeline, and others, have shown that development environments come ever more frequently on the radar of malicious actors. A virtual panel on the value of shifting left security, how to take responsibility for it, and the time-to-market pitfalls.
-
DevSecOps: the Key to Securing Your Supply Chain in a Multi-Cloud Threatscape
Recent supply chain attacks require businesses to re-evaluate their approach to DevOps, specifically as it relates to security. The DevSecOps focus CI/CD platforms, testing and scanning across the SDLC, and a focus on minimizing manual efforts can not only improve security postures but also improve delivery of business value.
-
Q&A with Eveline Oerhlich on Building an Effective DevOps Culture
The DevOps Institute recently released their latest report entitled "Upskilling 2021: Enterprise DevOps Skills Report". The report found that automation and security remain vital to business success. A focus on building the human skills of DevOps was also identified as companies with the best learning cultures were most likely to succeed.
-
A Reference Architecture for Fine-Grained Access Management on the Cloud
In this article, we will define a new reference architecture for cloud-native companies that are looking for a simplified access management solution for their cloud resources, from SSH hosts, databases, data warehouses, to message pipelines and cloud storage endpoints.