Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Docker recently resolved a runc privilege escalation vulnerability that could be exploited by a malicious program to escape container and access the host. [Read More]
Google has launched a beta version of a new Cloud Key Management System (KMS) to supplement the existing Google-managed server-side encryption and customer-controlled on-premise key management. [Read More]
A second variant of the Shamoon 2 malware targets virtualization products, likely in an effort to make recovery more difficult and increase the impact of the attack [Read More]
An open source tool called “Truffle Hog” helps developers check if they’ve accidentally leaked any secret keys on GitHub [Read More]
Bitglass, a Silicon Valley-based provider of mobile and cloud data protection solutions, today announced that it has secured $45 million in a Series C funding round. [Read More]
Cisco patches actively exploited privilege escalation vulnerability in CloudCenter Orchestrator [Read More]
VMware patches important XSS in ESXi and critical authentication flaw in vSphere Data Protection (VDP) [Read More]
Symantec on Monday filed a patent infringement lawsuit against cloud-based security firm Zscaler, Inc., accusing Zscaler of violating seven of Symantec’s patents within Zscaler products. [Read More]
Vulnerabilities in Microsoft’s Azure cloud platform could have been exploited to gain access to RHEL virtual machines and storage accounts [Read More]
On average, an enterprise now uses 1,427 cloud services. Although enterprises are attempting to control their use of cloud apps, this has clearly not yet been achieved. [Read More]

FEATURES, INSIGHTS // Cloud Security

rss icon

David Holmes's picture
How do you secure application components when they’re shifting from cloud to cloud? Any traffic traversing from one public cloud to another is by definition crossing the Internet and should therefore not be trusted.
Alan Cohen's picture
Traditional incident management approaches that rely on network monitoring and detection of attacks are also falling short in today’s agile and distributed computing world.
Alan Cohen's picture
Now that we are coming up on the second “year of the hack”—who said good things only come around once, right?
Marc Solomon's picture
To ensure you understand and can address the main security challenges cloud apps can introduce to your organization, you need additional visibility and context.
Marc Solomon's picture
How do we handle the responsibility that cloud computing brings? It’s a responsibility that must be shared among vendors, users, business leaders, and IT security professionals and involves three key aspects.
Alan Cohen's picture
Like other forms of technical debt, security debt must be paid down, which ultimately leads to a more agile and secure enterprise.
Danelle Au's picture
If your organization is not equipped to deal with the security of Emergent IT, it is probably not equipped to deal with the security of mainstream applications sanctioned by IT.
Joshua Goldfarb's picture
When moving to the cloud, companies must understand the implications, enumerate the risks, and mitigate those risks accordingly.
Alan Cohen's picture
Today’s network perimeter is increasingly not a single physical or virtual place, yet much of the industry debate is still focused on the perimeter.
David Holmes's picture
Will containers replace traditional operating system virtualization in the same way that virtualization has replaced much of the physical, bare-metal world? And how secure are containers, anyway?