InfoQ Homepage Security Content on InfoQ
-
/articles/devops-cloud-security/en/smallimage/iLukXSvI-1650439607166.jpg)
The Role of DevOps in Cloud Security Management
Different areas of cloud security must be examined to strengthen security in the cloud versus security of the cloud. This includes identifying requirements, defining the architecture, analyzing controls, and identifying gaps. Security must be both proactive and reactive, so it needs to be considered in every step of development.
-
/articles/serverless-tenant-isolation/en/smallimage/logo-1650311080845.jpg)
Designing Secure Tenant Isolation in Python for Serverless Apps
Software as a Service (SaaS) has become a very common way to deliver software today. While providing the benefits of easy access to users without the overhead of having to manage the operations themselves, this flips the paradigm and places the responsibility on software providers for maintaining ironclad SLAs, as well as all of the security and data privacy requirements.
-
/articles/assessing-security-risks/en/smallimage/logo-1648281937034.jpg)
Strategies for Assessing and Prioritizing Security Risks Such as Log4j
The evolving threat landscape requires a comprehensive approach to mitigation. An effective strategy is built on visibility, assessing vulnerabilities in context, effective use of filtering technologies, and monitoring for evidence of intrusion.
-
/articles/emerging-software-vulnerabilities/en/smallimage/logo-1648107648928.jpg)
Insights into the Emerging Prevalence of Software Vulnerabilities
The software exploit landscape is constantly evolving and organizations need to be structured to stay ahead of these risks. A solid platform built on software best practices, education, and a good understanding of the threat landscape is critical to a strong defensive posture.
-
/articles/securing-docker/en/smallimage/logo-1645479973420.jpg)
Is Docker Secure Enough? Advice for Configuring Secure Container Images and Runtimes
Ensure that Docker is secure enough by fine-tuning the security approach to meet your use cases. It is important to have an understanding of the differences between the Docker image and the Docker runtime and the security implications and priorities for each. This article covers a number of techniques for ensuring appropriate security for Docker.
-
/articles/post-quantum-cryptography-introduction/en/smallimage/logo-1644350327923.jpg)
An Introduction to Post-Quantum Public Key Cryptography
Though quantum computers are in their infancy, their further development could make them commercially available. When that day comes, all public and private keys will be exposed to quantum threats, a massive risk for every organization. Understanding quantum computing growth and the impact it would have on cryptography is key for everyone, irrespective of their role.
-
/articles/insider-security-threats-zero-trust/en/smallimage/logo-1641193907181.jpg)
Mitigating Inside and Outside Threats with Zero Trust Security
As ransomware and phishing attacks increase, it is evident that attack vectors can be found on the inside in abundance. Zero Trust Security can be thought of as a new security architecture approach where the main goals are: verifying endpoints before any network communications take place, giving least privilege to endpoints, and continuously evaluating the endpoints throughout the communication.
-
/articles/next-evolution-of-database-sharding-architecture/en/smallimage/logo-1641827655282.jpg)
The Next Evolution of the Database Sharding Architecture
In this article, author Juan Pan discusses the data sharding architecture patterns in a distributed database system. She explains how Apache ShardingSphere project solves the data sharding challenges. Also discussed are two practical examples of how to create a distributed database and an encrypted table with DistSQL.
-
/articles/cloud-infra-complexity/en/smallimage/logo-1636716177680.jpg)
Reducing Cloud Infrastructure Complexity
Cloud computing adoption has taken the world by storm, and is accelerating unabated. According to Flexera’s annual State of the Cloud Report for 2020, 93% of respondents used multi or hybrid cloud strategies. This article examines different aspects of cloud infrastructure complexity, and approaches to mitigate it.
-
/articles/bias-application-security/en/smallimage/logo-1636125761437.jpg)
Failing Fast: the Impact of Bias When Speeding up Application Security
This article deals with three biases people can have with establishing application security while trying to move fast in building them, attitude which can cost the organization later, showing how to spot the biases, and providing advice on what to do about them.
-
/articles/reduce-burnout-security-teams/en/smallimage/logo-1635976036000.jpg)
How to Reduce Burnout in IT Security Teams
Burnout isn't a selfcare problem. The information security industry needs to take a deeper examination and create changes to allow for workers to have more flexibility and the ability to have balanced personal and work life. This article serves as a starting point by breaking down why burnout exists in InfoSec, why past solutions don’t work anymore, and how to actually reduce burnout in teams.
-
/articles/hardening-iiot-best-practices/en/smallimage/how-to-harden-applications-against-IIoT-security-threats-small-1635778643071.jpg)
How to Harden Applications against IIoT Security Threats
This article will explore two sides of the IIoT security equation: understanding how and why IIoT systems can become vulnerable to hacking attempts, and which solutions and strategies are available to harden them. It will provide also a set of best practices to address IoT security concerns.