Welcome!


Latest Blogs from Cloud Security
Whether you like it or not, DevOps is on track for a remarkable alliance with security. The SEC didn’t approve the merger. And your boss hasn’t heard anything about it. Yet, this unruly triumvirate will soon dominate and deliver DevSecOps faster, cheaper, better, and on an unprecedente...
In their Live Hack” presentation at 17th Cloud Expo, Stephen Coty and Paul Fletcher, Chief Security Evangelists at Alert Logic, will provide the audience with a chance to see a live demonstration of the common tools cyber attackers use to attack cloud and traditional IT systems. This...
You can never be too careful. Security is on everyone’s mind. Not too long ago, we talked about how beefed up security impacts load testing and we want to continue the conversation. How do you keep yourself and your company safe in the age of industrial and state-sponsored hacking? In ...
Disaster Recovery isn’t a new concept for IT folks. We’ve been backing up data for years to offsite locations, and used in-house data duplication in order to prevent the risks of losing data stores. But now that cloud adoption has increased, there have been some shifts in how tradition...
In 2011, then United States CIO Vivek Kundra released the US Federal Cloud Computing Strategy [1]. In the executive summary he pointed to cloud computing as a key component of the US Federal Government’s information technology modernization efforts: “Cloud computing has the potential ...
Cloud security is at the top of every CIO’s list. It is also the first subject that comes up when you engage in a discussion about the cloud. For those of us who followed the recent Ashley Madison story (from a tech perspective), you would agree that while the breach happened for so ma...
Organizations from small to large are increasingly adopting cloud solutions to deliver essential business services at a much lower cost. According to cyber security experts, the frequency and severity of cyber-attacks are on the rise, causing alarm to businesses and customers across a ...
In 2011 the US Federal Government issued a Cloud First policy mandating that agencies take full advantage of cloud computing benefits to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize cost. Cloud computing is a design style that allows for effici...
After the deluge of data breaches in 2014 and more emerging every day, security is without a doubt a top strategic initiative for just about every enterprise in 2015. Along with top-notch security, it is imperative for organizations – particularly cloud-driven ones – to also have leadi...
Ski helmets, seat belts, and encryption. What comes to your mind when you read these words? You may immediately think “safety,” and you’d be right, but how about “speed enablers”? At first blush, that may not be the first concept that comes to mind, but there’s a pretty compelling c...
Many organizations’ virtualization strategies begin and end with deploying VMware vSphere or Microsoft Hyper-V to virtualize as many servers as possible. But there’s so much more that an enterprise can do to extend the benefits of virtualization. In addition to virtualizing, a workflow...
One of the first considerations that IT managers struggle with is how to handle security and compliance. Both security and compliance are aspects of a larger, more strategic concern: governance. Governance essentially represents a set of processes for creating, communicating, and enfor...
It seems like every time I write a blog, a new breach has occurred (for an up-to-date look at local, state and federal breaches I suggest you periodically review the Identity Theft Resource Center’s running list). Since I last penned a post, we’ve seen breaches of the Mayo Clinic, Citi...
Most home security systems have a panic button - if you hear something go bump in the night you can push a panic button to starts the sirens wailing, call the cops and hopefully sends the bad guys scurrying. As useful as this is for home owners, enterprises need a security panic button...
Picking up a newspaper and turning on the TV, one is instantly confronted with news of yet another cyber hack. With cyber attacks headlining the news, millions of people are concerned with whether their personal information has been breached. These attacks are becoming more and more so...
Recent unauthorized access to a U.S. government database led to thecompromise of information on at least 21.5 million individuals. This massive background investigation data breach also compromised usernames, passwords, mental health records and financial information. Although a securi...
RackWare and WSM International have announced an agreement that brings together RackWare automated cloud management software and WSM migration services specialists to assist customers with transitioning workloads to public cloud computing resources. WSM is now a certified RackWare Par...
Do the ‘darker’ channels and means that exist for searching the web in anonymity ultimately spell doom for the wider march towards open data? So-called ‘open data’ is supposed to be an instrument for breaking down information gaps across industries and letting companies share benchmar...
SYS-CON Events announced today that Logz.io has been named a “Bronze Sponsor” of SYS-CON's @DevOpsSummit Silicon Valley, which will take place November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Logz.io provides open-source software ELK turned into a log analy...
It's been three years since I compared medieval security to web security, and a few things have happened. Mobile and wireless have evolved as the dominant platforms, while the life between personal computing and business computing has continued to fray. And, of course, thanks to web se...
Brand owners are caught in a digital crossfire. From one direction comes intense competitive pressure to innovate or to at least follow very, very quickly. From the precisely opposite direction comes the potentially existential threat of an app very publicly flopping or – even worse –...
The cyber security, resiliency and accountability of IT systems at financial services organizations is rarely out of national headlines. Firms that operate in the financial space hold extremely sensitive data, so therefore attackers usually consider the effort and risk of attacking th...
The Federal Government’s “Cloud First” policy mandates that agencies take full advantage of cloud computing benefits to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize cost. The Federal Risk and Authorization Management Program (FedRAMP) is a mand...
I spent a few days in New York City last week attending a couple of meetups, including speaking at a New York City Web Performance Meetup on Thursday night. I had several great conversations around real user monitoring, data science and analytics, and, of course, testing in production ...
A recent purchase of mine was a 2015 Jeep. Until now, I thought it was a safe and reliable car, but that is not the case anymore. As technology advances and cars become smarter and more technologically savvy, they become another target for hackers. Imagine speeding down the highway,...
Access is everything. It is the fundamental pillar that determines whether critical enterprise assets are safe or exposed. Knowing the answers to the questions of who is accessing what, where they are accessing that information from, why they are accessing that information and, finally...
Here at the XebiaLabs we care a lot about quality. That means we have to do a lot of testing for our products. Since we have a relatively small development team, and a code base that grows rapidly, that means we have to automate our tests. To get an impression, for XL Deploy, we have a...
Malicious agents are moving faster than the speed of business. Even more worrisome, most companies are relying on legacy approaches to security that are no longer capable of meeting current threats. In the modern cloud, threat diversity is rapidly expanding, necessitating more sophisti...
How do you securely enable access to your applications in AWS without exposing any attack surfaces? The answer is usually very complicated because application environments morph over time in response to growing requirements from your employee base, your partners and your customers. ...
Today’s case of Ashley Madison getting hacked and literally being kept at ransom is a classic case of something not very new, but something we need to take a look at with a fresh set of eyes. It’s not all the trouble all their customers will get into that I’m talking about, but the mer...
Even as cloud and managed services grow increasingly central to business strategy and performance, challenges remain. The biggest sticking point for companies seeking to capitalize on the cloud is data security. Keeping data safe is an issue in any computing environment, and it has bee...
It’s easy to invent additional C-suite job title designations. We might conjure up Chief Data Analytics-Insight Officer (CDAIO - pronounced “see-day-oh”) for example. Equally, we can see that the role of the CIO quickly gained additional layers some time ago – and we now see the CSO (...
"We provide a service that allows our customers to keep bad guys out and let good guys into their applications running in the public cloud, private cloud or in a classic data center," explained Haseeb Budhani, co-founder and CEO of Soha, in this SYS-CON.tv interview at Cloud Expo, held...
How do you securely enable access to your applications in AWS without exposing any attack surfaces? The answer is usually very complicated because application environments morph over time in response to growing requirements from your employee base, your partners and your customers. I...
SYS-CON Events announced today that Alert Logic, the leading provider of Security-as-a-Service solutions for the cloud, has been named “Bronze Sponsor” of SYS-CON's 17th International Cloud Expo® and DevOps Summit 2015 Silicon Valley, which will take place November 3–5, 2015, at the Sa...
Cyber warfare is not a futuristic theory being discussed on one of the military channels by some obscure software architect anymore. It is a common occurrence in today’s global economy and it appears some are trying to test the electronic defenses we have set up on the Internet. The q...
The concept of "shifting left" for appropriate IT concerns is growing. The notion is basically to shift more into the app dev delivery pipeline functions that, when applied earlier, can result in greater stability and security of the resulting code. Security is one of those functions t...
In his session at 16th Cloud Expo, Simone Brunozzi, VP and Chief Technologist of Cloud Services at VMware, reviewed the changes that the cloud computing industry has gone through over the last five years and shared insights into what the next five will bring. He also chronicled the cha...
The cloud isn’t a fad. Businesses that don’t make the move are falling behind the competition. According to a recent ComputerWorld study, more than 40% of IT executives said that their organizations will spend more on Software as a Service (SaaS) and a mix of public, private hybrid and...
SQL injections are unique compared to other cyberattacks. These threats are very common and have been around for a while. One would think that this would mean businesses should have an idea of how to stop these incidents from happening, right? Unfortunately, SQL security remains a thor...