BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
Register Sign in

Unlock the full InfoQ experience

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources.

Log In
or

Don't have an InfoQ account?

Register
News Articles Presentations Podcasts Guides

Topics

Choose your language

QCon AI New York - image
QCon AI New York 2025

Go from AI demos to real engineering impact. Learn to embed LLMs, govern & scale securely.

SOLD OUT!

 QCon London - image
QCon London 2026

Learn what works in AI, architecture, data, security & FinTech.

Early Bird ends Dec 9.

 QCon AI Boston - image
QCon AI Boston

Learn how leading engineering teams run AI in production—reliably, securely, and at scale.

Launch pricing ends Dec 9.

InfoQ Homepage Cloud Security Content on InfoQ

Articles

RSS Feed
Newer Older

  • A Pragmatic Approach to Scaling Security in the Cloud

    Security. Cloud. Two words that are almost always together but rarely happily. Read on to learn why that isn’t the case and what you need to known about securing your critical infrastructure in the cloud.

    Mark Nunnikhoven
    on Jun 06, 2014

  • Securing Servers in the Cloud: An Interview With Trend Micro

    What’s the best way to protect servers in the cloud? How can you account for the transient nature of cloud servers and provide the same protection in the cloud as on on-premises? To find out, InfoQ spoke with Mark Nunnikhoven, a Principal Engineer in the Cloud & Emerging Technologies division at Trend Micro. You can find Mark on Twitter as @marknca.

    Richard Seroter
    on Nov 13, 2013

  • Automating Data Protection Across the Enterprise

    This article builds on the foundational Regulatory Compliant Cloud Computing (RC3) architecture for application security in the cloud by defining a Data Encryption Infrastructure(DEI) which is not application specific. DEI encompasses technology components and an application architecture that governs the protection of sensitive data within an enterprise.

    Arshad Noor
    on Feb 07, 2013

  • Don't SCIM over your Data Model

    This opinion piece discusses three specific suggestions for improving the SCIM data model: 1. Both the enterprise client and cloud provider should map their internal IDs to a shared External ID, which is the only ID exposed through the API. 2. Multi-valued attributes of a resource must be converted from an array into a dictionary with unique keys. 3. 3 ways to improve the PATCH command

    Ganesh Prasad
    on Aug 08, 2012

  • Standardizing the Cloud for Security

    Orlando Scott-Cowley discusses security in the cloud and the need for industry standards to lower the barriers to entry while ensuring that customer data is safe.

    Orlando Scott-Cowley
    on Jul 05, 2012

  • A Distributed Access Control Architecture for Cloud Computing

    Cloud computing’s multitenancy and virtualization features pose unique security and access control challenges. In this article, authors discuss a distributed architecture based on the principles from security management and software engineering to address cloud computing’s security challenges.

    Arif Ghafoor Walid G. Aref Abdulrahman A. Almutairi Saleh Basalamah Muhammad I. Sarfraz
    on Jun 12, 2012

  • Managing Security Requirements in Agile Projects

    Managing security requirements from early phases of software development is critical. Most security requirements fall under the scope of Non-Functional Requirements (NFRs). In this article, author Rohit Sethi discusses how to map NFRs to feature-driven user stories and also how to make security requirements more visible to the stakeholders.

    Rohit Sethi
    on Jun 04, 2012

  • Software Engineering Meets Services and Cloud Computing

    In this IEEE article, authors Stephen Yau and Ho An talk about application development using service-oriented architecture and cloud computing technologies. They also discuss application development challenges like security in a multi-tenant environment, quality-of-service monitoring, and mobile computing.

    Stephen S. Yau Ho G. An
    on Jan 04, 2012

  • Regulatory Compliant Cloud Computing: Rethinking web application architectures for the cloud

    Not all data is sensitive and hence an equal and balanced investment in securing all data categories is not justified. This article presents an architecture that leverages cloud-computing, cloud-storage and enterprise key-management Infrastructure(EKMI) to lower costs while complying to data-security regulations.

    Arshad Noor
    on Dec 16, 2011

  • Introduction to Cloud Security Architecture from a Cloud Consumer's Perspective

    Security concerns are the number one barrier to cloud services adoption. How do we evaluate a vendor's solution? What is an optimal security architecture? What are consumer versus provider responsibilities? What are industry standard patterns in this regard? This article answers some of these questions based on first hand experience dealing with large scale cloud adoption.

    Subra Kumaraswamy
    on Dec 07, 2011

  • Architecting a Cloud-Scale Identity Fabric

    In this IEEE article, author Eric Olden discusses an identity fabric that links multiple applications to a single identity to manage the volume of user identities that network administrators must secure and to enable a full-scale cloud adoption.

    Eric Olden
    on Jun 29, 2011

  • Cloud Computing Roundtable

    In this IEEE panel discussion article, guest editors Ivan Arce and Anup Ghosh facilitated the discussion on cloud computing security risks. The panelists are Eric Grosse (Google Security), John Howie (Microsoft), James Ransome (Cisco), Jim Reavis (Cloud Security Alliance) and Stephen Schmidt (Amazon Web Services).

    Anup Ghosh Ivan Arce
    on Apr 11, 2011
Newer Articles
Older Articles
BT