As businesses increasingly migrate to the cloud, chief information security officers (CISOs) face numerous critical challenges in ensuring robust cloud security. Don’t believe me? Experts highlighted this at the recent Gartner Security & Risk Management Summit. Gartner projects a significant 24% increase in spending on cloud security, positioning it as the fastest-growing segment within the global security and risk management market. Adapt, adjust, execute The bottom line is that shifting to cloud computing necessitates fundamentally rethinking security. Organizations strive to integrate t ..read more

The recent discourse around the security of cloud computing in the banking sector, highlighted by Nicholas Fearn’s piece in the Financial Times, paints a somewhat grim picture of the cybersecurity landscape when it comes to banks moving to cloud computing. Not to pick on just this article, but I’ve seen this as a trend in the past few years, as the value of cloud computing has been called into question more and more. This is a change from just a few years ago when it was verboten to criticize “the cloud.”  What happened between then and now? Enterprises saw the weaknesses of cloud computi ..read more

The benefits of developing software in the cloud include increased flexibility and reliability, greater efficiency, and reduced costs. But cloud-based development also presents a host of challenges. Knowing what to watch out for is the first step to protecting your applications and development efforts. Here, are 10 pitfalls to consider before developing, testing, or deploying applications in the cloud. 10 reasons to think twice before developing in the cloud Performance and latency issues Cybersecurity and data protection threats Vendor lock-in Runaway costs Regulatory compliance require ..read more

Cloud finops is the discipline of accounting for and optimizing cloud computing spending. It’s a reaction to years of undisciplined cloud spending or a way to bring order back to using cloud resources. Overall, it is a step in the right direction. However, it’s rarely discussed as a path to enhanced security. The links to cloud security Effective cloud finops requires a strong understanding of cloud usage patterns. What occurs during normal operations? By identifying and tracking cloud usage, finops teams can detect anomalies. They can also see most misconfigurations of cloud security and, thu ..read more

Most security issues in the cloud can be traced back to someone doing something stupid. Sorry to be that blunt, but I don’t see ingenious hackers out there. I do see misconfigured cloud resources, such as storage and databases, that lead to vulnerabilities that could easily be avoided. I always teach how your first line of defense is not cool security tools but training. This is often ignored, considering that budgets are directed at new tools rather than teaching admins how not to do dumb things. It is frustrating considering the investment needed versus the value gained. Oh well. To read thi ..read more

One of the biggest challenges facing any enterprise using the public cloud is the fact that it’s public. Yes, your applications run in isolated virtual machines and your data sits in its own virtual storage appliances, but there’s still a risk of data exposure. In a multitenant environment, you can’t be certain that memory is freed up safely, so that your data isn’t leaking across the boundaries between your systems and others. That’s why businesses keep close watch on their regulatory compliance, and often keep sensitive data on premises. That allows them to feel sure that they’re managing pe ..read more

One of the biggest challenges facing any enterprise using the public cloud is the fact that it’s public. Yes, your applications run in isolated virtual machines and your data sits in its own virtual storage appliances, but there’s still a risk of data exposure. In a multitenant environment, you can’t be certain that memory is freed up safely, so that your data isn’t leaking across the boundaries between your systems and others. That’s why businesses keep close watch on their regulatory compliance, and often keep sensitive data on premises. That allows them to feel sure that they’re managing pe ..read more

It’s been over 10 years since Shannon Lietz introduced the term DevSecOps, aiming to get security a seat at the table with IT developers and operators. The question is, how far has security come since then? Do DevSecOps teams have the culture, practices, and tooling they need to release technology into production faster but also reliably and securely? The recently published SANS DevSecOps Survey shows significant traction. More organizations are looking to shift-left security to ensure that security is prominent in their development practices. Over 50% of respondents claimed they resolved crit ..read more

Cloud computing has become synonymous with enterprise IT, but let’s not get ahead of ourselves. Though enterprises now spend roughly $545 billion annually on cloud infrastructure, according to IDC, and 41% of that spend goes to the top five cloud providers, the reality is that a substantial amount of money, even “cloud” money, isn’t being spent with the big hyperscalers. Instead, it’s being plowed into other companies pitching Kubernetes and associated infrastructure. “Open and approachable” may define the future of the $500 billion cloud infrastructure market. To read this article in full, pl ..read more

It’s budget time for many enterprises, and the question that I get most this time of year is: What should we work on in 2024 to improve our cloud computing deployments? I came up with my top three, with the understanding that these are general concepts and you need to consider your own state of cloud within your enterprise. Let’s get started. Security and compliance always need a refresh As the volume and sensitivity of data being stored and processed in the cloud increase, security and compliance remain critical concerns. In 2024, this means evaluating and enhancing cloud security in both obv ..read more