Welcome!


Latest Blogs from Cloud Security
The Federal Government’s “Cloud First” policy mandates that agencies take full advantage of cloud computing benefits to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize cost. The Federal Risk and Authorization Management Program (FedRAMP) is a mand...
Do the ‘darker’ channels and means that exist for searching the web in anonymity ultimately spell doom for the wider march towards open data? So-called ‘open data’ is supposed to be an instrument for breaking down information gaps across industries and letting companies share benchmar...
It's been three years since I compared medieval security to web security, and a few things have happened. Mobile and wireless have evolved as the dominant platforms, while the life between personal computing and business computing has continued to fray. And, of course, thanks to web se...
SYS-CON Events announced today that Logz.io has been named a “Bronze Sponsor” of SYS-CON's @DevOpsSummit Silicon Valley, which will take place November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Logz.io provides open-source software ELK turned into a log analy...
Brand owners are caught in a digital crossfire. From one direction comes intense competitive pressure to innovate or to at least follow very, very quickly. From the precisely opposite direction comes the potentially existential threat of an app very publicly flopping or – even worse –...
A recent purchase of mine was a 2015 Jeep. Until now, I thought it was a safe and reliable car, but that is not the case anymore. As technology advances and cars become smarter and more technologically savvy, they become another target for hackers. Imagine speeding down the highway,...
Access is everything. It is the fundamental pillar that determines whether critical enterprise assets are safe or exposed. Knowing the answers to the questions of who is accessing what, where they are accessing that information from, why they are accessing that information and, finally...
Here at the XebiaLabs we care a lot about quality. That means we have to do a lot of testing for our products. Since we have a relatively small development team, and a code base that grows rapidly, that means we have to automate our tests. To get an impression, for XL Deploy, we have a...
Malicious agents are moving faster than the speed of business. Even more worrisome, most companies are relying on legacy approaches to security that are no longer capable of meeting current threats. In the modern cloud, threat diversity is rapidly expanding, necessitating more sophisti...
How do you securely enable access to your applications in AWS without exposing any attack surfaces? The answer is usually very complicated because application environments morph over time in response to growing requirements from your employee base, your partners and your customers. ...
Today’s case of Ashley Madison getting hacked and literally being kept at ransom is a classic case of something not very new, but something we need to take a look at with a fresh set of eyes. It’s not all the trouble all their customers will get into that I’m talking about, but the mer...
Even as cloud and managed services grow increasingly central to business strategy and performance, challenges remain. The biggest sticking point for companies seeking to capitalize on the cloud is data security. Keeping data safe is an issue in any computing environment, and it has bee...
It’s easy to invent additional C-suite job title designations. We might conjure up Chief Data Analytics-Insight Officer (CDAIO - pronounced “see-day-oh”) for example. Equally, we can see that the role of the CIO quickly gained additional layers some time ago – and we now see the CSO (...
"We provide a service that allows our customers to keep bad guys out and let good guys into their applications running in the public cloud, private cloud or in a classic data center," explained Haseeb Budhani, co-founder and CEO of Soha, in this SYS-CON.tv interview at Cloud Expo, held...
How do you securely enable access to your applications in AWS without exposing any attack surfaces? The answer is usually very complicated because application environments morph over time in response to growing requirements from your employee base, your partners and your customers. I...
SYS-CON Events announced today that Alert Logic, the leading provider of Security-as-a-Service solutions for the cloud, has been named “Bronze Sponsor” of SYS-CON's 17th International Cloud Expo® and DevOps Summit 2015 Silicon Valley, which will take place November 3–5, 2015, at the Sa...
Cyber warfare is not a futuristic theory being discussed on one of the military channels by some obscure software architect anymore. It is a common occurrence in today’s global economy and it appears some are trying to test the electronic defenses we have set up on the Internet. The q...
The concept of "shifting left" for appropriate IT concerns is growing. The notion is basically to shift more into the app dev delivery pipeline functions that, when applied earlier, can result in greater stability and security of the resulting code. Security is one of those functions t...
In his session at 16th Cloud Expo, Simone Brunozzi, VP and Chief Technologist of Cloud Services at VMware, reviewed the changes that the cloud computing industry has gone through over the last five years and shared insights into what the next five will bring. He also chronicled the cha...
The cloud isn’t a fad. Businesses that don’t make the move are falling behind the competition. According to a recent ComputerWorld study, more than 40% of IT executives said that their organizations will spend more on Software as a Service (SaaS) and a mix of public, private hybrid and...
SQL injections are unique compared to other cyberattacks. These threats are very common and have been around for a while. One would think that this would mean businesses should have an idea of how to stop these incidents from happening, right? Unfortunately, SQL security remains a thor...
At this year’s Cisco Partner Summit in Montreal, Canada, CANCOM was awarded “Security Partner of the Year” for the Central Europe and Germany regions. Cisco recognized CANCOM’s successes in the development, implementation, and marketing of IT security solutions based on Cisco technolog...
A panel of experts examines how The Open Group Trusted Technology Forum standards and accreditation activities enhance the security of global supply chains and improve the integrity of openly available IT products and components.
"A lot of the enterprises that have been using our systems for many years are reaching out to the cloud - the public cloud, the private cloud and hybrid," stated Reuven Harrison, CTO and Co-Founder of Tufin, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the ...
SiteLock business website security solutions, is the only web security solution to offer complete, cloud-based website protection. Its 360-degree monitoring finds and fixes threats, prevents future attacks, accelerates website performance and meets PCI compliance standards for business...
Data security breaches and hacker attacks on private businesses, health organizations and government agencies in the U.S. have grabbed headlines with increasing frequency, it seems. There is zero doubt about the damage these events cause. Cybercriminals and hackers walk away with custo...
SYS-CON Events announced today that Secure Infrastructure & Services will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Secure Infrastructure & Services (SIAS) is a managed ser...
My daughter has been asking for a puppy for over a year. A Chow puppy. I’ve had Chow Chows my entire life and our current Chow, Max, is a big 72lb cinnamon boy. He’s also the medical alert dog for our daughter. Max, a rescue, is about 5 years old and we wanted to get a puppy so Max-Boy...
Security has long been the No. 1 cloud computing business concern. Although the apprehension is absolutely valid, cloud computing business decision and strategies are all too often driven by the many broadly shared misconceptions and misunderstandings. Although every one of these sta...
Log data provides the most granular view into what is happening across your systems, applications, and end users. Logs can show you where the issues are in real-time, and provide a historical trending view over time. Logs give you the whole picture. A June 2014 Gartner Report on Secu...
Maintaining network security has never been more challenging than it is right now. Traditional network perimeters are beginning to blur in the face of consumerization, the rise of mobility, migration to the cloud, and the Internet of Things. The pursuit of business agility has driven t...
The Open Group panel discusses what constitutes a good standard, or set of standards, and how organizations can work to better detect misdeeds. How can global enterprise cybersecurity be improved for better enterprise integrity and risk mitigation? What constitutes a good standard, or...
On March 18, 2015, system administrators and developers received ominous news: two high severity vulnerabilities in OpenSSL would be announced the next day. Since Heartbleed, OpenSSL had been on a bad streak, and it looked like things were only going to get worse. Operations, developme...
No, this isn't a tirade on the security of IoT. It's about story about change. Specifically, change and its implications on security. Change is constant. There's a million different axioms and proverbs about change, so it's really hard to choose just one to sum up how it impacts sec...
If cloud computing benefits are so clear, why have so few enterprises migrated their mission-critical apps? The answer is often inertia and FUD. No one ever got fired for not moving to the cloud - not yet. In his session at 15th Cloud Expo, Michael Hoch, SVP, Cloud Advisory Service at...
CIOs are increasingly concerned about cloud security. And they should be: with the recent outbreak of visible breaches at high-profile organizations like Target, Anthem, and others, and the subsequent damage they cause, corporations are scrambling to make sure their cloud applications,...
Avito, a Russian eCommerce site and portal, uses big data technology to improve fraud detection, as well as better understand how their users adapt to new advertising approaches. This BriefingsDirect big data innovation discussion examines how Avito, a Russian eCommerce site and porta...
Gareau: In the past few months we have seen the proliferation of “commercialized cyber attack services,” notably Lizard Squad and the tool that they used to take down Xbox Live and Playstation during the Holidays. As these services become more popular, large-scale DDoS attacks will be ...
We found all manner of interesting practices and trends as it relates to cloud and security in our State of Application Delivery 2015 report. One of the more fascinating data points was a relationship between security posture and cloud adoption. That is, it appears that the more applic...
Privileged Identity Management (PIM) is the lowest common denominator in today’s most treacherous corporate and governmental security breaches. Or more accurately: Privilege Mismanagement. Sony, Target, Anthem, JP Morgan Chase, the city of San Francisco and many others succumbed to the...