Security Management Strategies for the CIO
Email Alerts
-
Seven Outstanding Security Pros in 2012
Find out who won this year’s Security 7 Award, which honors outstanding security professionals in seven vertical markets. Also in this issue, we examine the pros and cons of the Metasploit penetration testing framework, and ways to overcome cloud com... E-Zine
-
Setting up for BYOD success with enterprise mobile management and mobile application security
Bring your own device is quickly becoming a popular practice and unfortunately, it's often misused. Access this informative e-zine to learn more about protection and mobile management. Find out how mobility is really changing the enterprise and what ... E-Zine
-
Software as a Service: Top things to know when moving to SaaS
Tough economic times are forcing some organizations to take a closer look at Software as a Service (SaaS). But does SaaS have the speed and security you need? Check out this expert e-book and learn about the current trends in the SaaS market and find... E-Book
-
Seven questions to ask before committing to SaaS
Learn the seven questions you need to ask before committing to SaaS. Also in this issue, Schneier and Ranum debate vulnerability research, and Dave Shackleford covers the importance of change management to security. E-Zine
-
Security Warrior for Cloud Transparency
Ron Knode, who passed away earlier this year, was a tireless advocate for cloud security transparency. Feature
-
Security School: Cloud app security best practices
In this Security School lesson, expert Diana Kelley examines what enterprises need to know about application security in the cloud. AIOG
-
Phil Agcaoili: Consumerization of IT and enterprise evolution
Consumer devices in the workplace and the shift to cloud services require new security standards and heightened security awareness. Feature
-
Mitigating Web 2.0 threats
As companies look to cut costs, Software as a Service has gained ground in the enterprise. Similarly, social networking sites like Facebook and LinkedIn are must-haves in today's workplace. David Sherry reviews how to secure these services and defend... partOfGuideSeries
-
Gartner: Negotiate cloud contracts with detailed security, control
When negotiating with cloud providers, enterprises must demand cloud contracts with specific security and control provisions, Gartner analysts say. News | 14 Jun 2013
-
CSA offers new initiatives to address SMB cloud security issues
In response to growing SMB cloud security issues, the Cloud Security Alliance announced a new working group and membership level focused on SMBs. News | 26 Apr 2013
-
Report suggests cloud security concerns are overblown
A study by Alert Logic downplays cloud security concerns when compared to traditional IT infrastructure, but indicates Web app attacks are a problem. News | 26 Mar 2013
-
Cloud security panel discusses transparency, Notorious Nine at RSA
A panel of cloud security experts fielded questions on cloud provider transparency, the CSA's Notorious Nine report and more at RSA Conference 2013. News | 01 Mar 2013
-
Dell SecureWorks adds vulnerability management services for cloud
Dell SecureWorks is bringing security vulnerability management services to its cloud customers, along with its Global Threat Intelligence Service. News | 11 Jan 2013
-
For U.S. Mint, cloud computing security transparency effort pays off
U.S. Mint CISO Chris Carpenter said his cloud provider wasn't ready for either his security questions or to share continuous monitoring and log data. News | 03 Oct 2012
-
AWS outage doesn't discourage Netflix
Netflix says it remains bullish on the cloud despite major Amazon outage. News | 11 Jul 2012
-
Gary McGraw on cloud computing pros and cons for security
Cloud computing can help improve SMB security operations but doesn’t bode well for software security. News | 19 Jun 2012
-
Gary McGraw on cloud computing pros and cons for security
Cloud computing can help improve SMB security operations but doesn’t bode well for software security. Opinion | 19 Jun 2012
-
Azure boosts CSA’s STAR
Cloud Security Alliance transparency effort expands with addition of Windows Azure. News | 11 Apr 2012
- See more News on Secure SaaS: Cloud services and systems
-
Converting to cloud: Ranum Q&A with Lee Heath
Not down with Dropbox? Lee Heath embraced shadow IT and improved his company's data security practices in the process. Column
-
Gauging cloud forensics: Ten questions to ask cloud providers
Drawing from recent CSA guidance, expert Dave Shackleford lists key questions to ask cloud providers to determine their cloud forensics capabilities. Tip
-
Gauging cloud forensics: Ten questions to ask cloud providers
Drawing from recent CSA guidance, expert Dave Shackleford lists key questions to ask cloud providers to determine their cloud forensics capabilities. Tip
-
Can self-managed cloud security controls ease enterprise concerns?
Expert Dave Shackleford details how enterprises can increasingly manage their own cloud security controls with private virtual cloud offerings. Tip
-
Cloud API security risks: How to assess cloud service provider APIs
The CSA says cloud API security is a top threat to cloud environments. Expert Dave Shackleford explains how to assess the security of providers' APIs. Tip
-
How to develop cloud applications based on Web app security lessons
Expert Dave Shackleford details how to build cloud applications based on typical Web app security flaws and cloud provider tools and platforms. Tip
-
Software patching 2.0: Cutting costs with virtual patching, automation
Struggling to bring the cost of the patch management process down? Expert Michael Cobb suggests virtual patching and automated tools can play a role. Tip
-
Monitoring cloud services requires business support, existing tools
Existing security tools and business relationships are often the best methods for monitoring cloud services to spot rogue clouds in the enterprise. Tip
-
Compensating controls can help boost cloud compliance
Cloud computing can be attractive for IT services, except when it's time to figure out a compliance strategy. Chenxi Wang of Forrester Research explains the cloud compliance complexities and offers four compensating controls that can help. Tip
-
Analyzing MSSP providers' log files for IT security events
Analyzing firewall, Windows server and antivirus log files can seem like an endless and tedious task, especially for an understaffed security team, but it's extremely important for detecting IT security events. Read more in this network security expe... Tip
-
Cloud computing compliance: Exploring data security in the cloud
If you're looking to outsource sensitive data with a cloud service provider, you'll want to ask the right questions regarding cloud computing compliance and security issues. Learn more about the questions to ask providers about cloud computing data s... Tip
- See more Tips on Secure SaaS: Cloud services and systems
-
Is IDaaS viable for a hybrid enterprise identity management system?
Is IDaaS a wise choice for managing access to cloud and on-premise systems? Randall Gamby discusses hybrid identity management systems. AtE
-
SaaS access management: Finding the best single sign-on technology
Expert Randall Gamby details key strategies for SaaS access management and contemporary single sign-on technology that's truly interoperable. Answer
-
Cloud endpoint security: Considerations for cloud security services
Mike Chapple details discuses considerations for using cloud security services, specifically cloud endpoint security. Answer
-
Enterprise antivirus comparison: Is cloud-based antivirus better?
Cloud-based antivirus has pros and cons, but, on the whole, can it be more effective than regular antivirus products? Learn more from expert Nick Lewis. Answer
-
What is SQL Server Atlanta?
Have you heard about Microsoft’s cloud-based SQL Server Atlanta service? Expert Michael Cobb discusses how Atlanta can help improve performance and security. Answer
-
Will Certificate of Cloud Security Knowledge boost cloud security best practices?
The Cloud Security Alliance has created a new certification to help promote cloud security best practices. Platform security expert Michael Cobb explains whether it's worth obtaining. Ask the Expert
-
Is Internet hijacking one of the main cloud computing threats?
Does cloud computing lend itself particularly to Internet traffic hijacking, or are there other more serious cloud computing threats that infosec pros should address first? In this expert response, Michael Cobb discusses what threats to be on the loo... Ask the Expert
-
Cloud computing risks: Secure encryption key management on virtual machines
As cloud computing grows in popularity, secure encryption key management becomes more vital. Michael Cobb explains the security risk affecting cloud computing and virtualized computing and why encryption key management policies need to be included in... Ask the Expert
-
Is Identity Management as a Service (IDaaS) a good idea?
Identity Management as a Service (IDaaS) is new on the managed security service provider scene, so how can you know which of these SaaS service providers to trust with your identity and management access tools? Find out in this expert response. Ask the Expert
-
How secure is 'Platform as a Service (PaaS)?'
There's no doubt that companies will want to leverage cloud computing and platform as a service, but expert Michael Cobb explains why enterprises should proceed with caution. Ask the Expert
- See more Expert Advice on Secure SaaS: Cloud services and systems
-
Security as a Service (SaaS)
Security-as-a-service (SaaS) is an outsourcing model for security management. Typically, Security as a Service involves applications such as anti-virus software delivered over the Internet but the term can also refer to security management provided i... Definition
-
Software as a Service (SaaS)
Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet. Definition
-
Software security podcast library
SearchSecurity.com is pleased to partner with Gary McGraw to feature his monthly Silver Bullet software security podcasts, which discuss best practices in software security. Podcast
-
Security, cloud monitoring tools viewed as cloud adoption barriers
Video: Eric Chiu, president of HyTrust, explains why subpar cloud monitoring tools are a top barrier to cloud adoption in the enterprise. Video
-
Eric Chiu analyzes version 2 of the PCI DSS cloud computing guidelines
Video: Eric Chiu, president of HyTrust, examines v. 2 of the PCI DSS cloud computing guidelines and offers guidance on cloud customer responsibility. Video
-
John Howie discusses CSA initiatives, cloud adoption issues at RSA
Video: John Howie, COO of the Cloud Security Alliance, discusses the ongoing initiatives at the CSA and how to overcome cloud adoption issues. Video
-
Evaluating cloud providers: Avoid security issues with cloud computing
Are security issues with cloud computing blocking an implementation? Expert Davi Ottenheimer offers tips for evaluating cloud providers for security. Video
-
Can enterprises really count on cloud computing cost savings?
Video: Enterprises counting on cloud computing cost savings may be in for an unpleasant surprise, plus learn about often-overlooked cloud risks. Video
-
Video: Founder of Common Assurance Maturity Model on CSP rating system
CAMM founder Raj Samani describes CAMM’s vision of a cloud service provider rating system to match customer organizations with CSPs. Video
-
Q&A: Forrester's Chenxi Wang discusses cloud compliance
Forrester's Chenxi Wang discusses cloud compliance and the issues involved with maintaining compliance with PCI, SOX and HIPAA and using cloud-based services. Video
-
Social media and cloud computing for financial services
Paul Smocer of BITS discusses the use of social media and cloud computing by financial services firms, including the inherent risks, and what you can do to mitigate them Video
-
Noted cryptographer on SSL, encryption and cloud computing
Cryptographer, Taher Elgamal of Axway Inc., the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks. Video
- See more Multimedia on Secure SaaS: Cloud services and systems
-
Converting to cloud: Ranum Q&A with Lee Heath
Not down with Dropbox? Lee Heath embraced shadow IT and improved his company's data security practices in the process. Column
-
Gauging cloud forensics: Ten questions to ask cloud providers
Drawing from recent CSA guidance, expert Dave Shackleford lists key questions to ask cloud providers to determine their cloud forensics capabilities. Tip
-
Gauging cloud forensics: Ten questions to ask cloud providers
Drawing from recent CSA guidance, expert Dave Shackleford lists key questions to ask cloud providers to determine their cloud forensics capabilities. Tip
-
Gartner: Negotiate cloud contracts with detailed security, control
When negotiating with cloud providers, enterprises must demand cloud contracts with specific security and control provisions, Gartner analysts say. News
-
Can self-managed cloud security controls ease enterprise concerns?
Expert Dave Shackleford details how enterprises can increasingly manage their own cloud security controls with private virtual cloud offerings. Tip
-
Cloud API security risks: How to assess cloud service provider APIs
The CSA says cloud API security is a top threat to cloud environments. Expert Dave Shackleford explains how to assess the security of providers' APIs. Tip
-
CSA offers new initiatives to address SMB cloud security issues
In response to growing SMB cloud security issues, the Cloud Security Alliance announced a new working group and membership level focused on SMBs. News
-
Software security podcast library
SearchSecurity.com is pleased to partner with Gary McGraw to feature his monthly Silver Bullet software security podcasts, which discuss best practices in software security. Podcast
-
How to develop cloud applications based on Web app security lessons
Expert Dave Shackleford details how to build cloud applications based on typical Web app security flaws and cloud provider tools and platforms. Tip
-
Report suggests cloud security concerns are overblown
A study by Alert Logic downplays cloud security concerns when compared to traditional IT infrastructure, but indicates Web app attacks are a problem. News
- See more All on Secure SaaS: Cloud services and systems
About Secure SaaS: Cloud services and systems
In this free resource you will learn how to secure Software as a Service (SaaS) systems and applications to prevent attack. Information on cloud computing security systems and applications is also offered, as well as vendor pricing and costs.