Every organization that develops or integrates software needs a software security initiative (SSI)—that has been true for years. Security is, or ought to be, as important as function and features.
Posted in Cloud Security | Comments Off on How to integrate cloud security into your SSI
It might not be the best thing to have your head in the clouds. But it has become a very good thing, or at least a very popular thing, to have your business in the cloud—multiple surveys confirm it.
Posted in Cloud Security | Comments Off on How and why business is migrating to the cloud
Moving virtualized workloads to the cloud is either a reality or a near-term goal for an overwhelming majority—90%—of 170 organizations surveyed during July and August by Druva, a cloud data management and security company.
Posted in Cloud Security, General | Comments Off on Survey: Data management is an afterthought in cloud migration
Security researcher Robert Wiggins recently uncovered a serious security issue in the TeenSafe “secure” monitoring product for Android and iOS platforms.
Posted in Cloud Security, Data Breach, Software Architecture and Design | Comments Off on How does the TeenSafe data leak present a classic false sense of security?
Small and medium-size businesses (SMBs) are nonsubsidiary, independent firms that employ fewer than a given number of employees. This number varies from country to country: Gartner defines an SMB as having fewer than 1,000 employees, but the European Union defines an SMB as having fewer than 250 employees.
Managing an SMB budget
Many factors affect the management of any budget. For an SMB, these factors include (but aren’t limited to) these:
Posted in Cloud Security, Data Breach, General, Static Analysis (SAST) | Comments Off on How can SMBs maximize AppSec returns on an SMB budget?
Here are 7 key considerations to securely transition your apps to the cloud: cloud configuration, IAM, microservices, automation, microsegmentation, APIs, and DevSecOps. Written in coordination with Ugochukwu Enyioha.
Posted in Agile, CI/CD & DevOps, Cloud Security | Comments Off on 7 things to consider when transitioning your applications to the cloud
Being the most innovative and successful cloud monitoring company on the market, developing new features to production every day, it’s not only crucial to deliver the best user experience, performance and high reliability, but also guarantee the highest SECURITY for our customers.
Posted in Agile, CI/CD & DevOps, Cloud Security, Static Analysis (SAST), Web Application Security | Comments Off on The 4 most important secure development disciplines
Supporting data confidentiality, including encryption keys and certificates, is a critical task. In cloud-hosted workloads, the requirements are even more complex as different actors need to mediate access to sensitive material. According to the Ponemon Institute’s 2015 Cost of Failed Trust Report, “Security professionals believe that, over the next two years, the risk facing every Global 5000 from attacks on keys and certificates is at least $53M.” The report also notes that “54 percent of organizations admit to not knowing where all keys and certificates are located, which means they do not understand how they are being used or what should be trusted.”
Posted in Cloud Security | Comments Off on A primer on protecting keys and secrets in Microsoft Azure
Today we’re happy to announce the release of Black Duck CoPilot by Synopsys (https://copilot.blackducksoftware.com/), a new cloud service that helps open source project teams catalog and report on their project’s dependencies and vulnerabilities.
What is CoPilot and what does it do?
Black Duck CoPilot is FREE for open source developers who use GitHub.com (the #1 open source repository in the world today) as the repository for their projects. It connects to your GitHub repositories and provides you with security risk information for your open source project’s dependencies (i.e. the open source components used to build your project).
Posted in Agile, CI/CD & DevOps, Cloud Security | Comments Off on Introducing Black Duck CoPilot
The CORD® platform uses leading-edge SDN, NFV, and cloud technologies to build nimble inline data centers at the edge of operator networks. Learn more.
Posted in Cloud Security, Open Source Security | Comments Off on CORD Project: Driving network solutions with open source