Auditing Cloud Administrator Behavior as a Matter of Data Breach Preparedness

New technologies often present interesting challenges for security teams, with cloud services such as AWS, Azure and GCP providing particularly novel cases in comparison to “classic” on-premise systems. As cloud services race to add new features that drive new customer interest and increase retention of existing clients, there is a ... Read More

How Organizations Can Achieve Security Availability

| | availability, Cloud
We have seen great strides in improving security tooling and processes over the past ten years. Via constantly maturing security models, security teams have become increasingly dependent upon an ever-more complex toolchain of products and services. But what happens when these systems fail. How much effort are we putting into ... Read More

Tripwire Enterprise and Zero Trust

Zero Trust is a new concept to many but one I believe will be of increasing importance over the coming years. With this post, I wanted to introduce newcomers to the concept, talk about why it’s an exciting approach to improving security, and explore how you can leverage File Integrity ... Read More

Security for Cloud Services: IaaS Deep Dive

In this, the final post in my series on considerations for managing your security with cloud services, we will be looking at Infrastructure as a Service (IaaS). If you haven’t yet read the previous blog entries about SaaS and PaaS, it’s worth going back to read these first, as much ... Read More

Security for Cloud Services: PaaS Deep Dive

In my last blog, I gave you some insight into some of the starting steps for adjusting your security strategies for a SaaS-enabled world. Here, I explore some of the additional adaptions to consider with PaaS. Traditional IT organisations have seen significant gains in adopting Platform as a Service (PaaS) ... Read More

Security for Cloud Services: SaaS Deep Dive

| | Cloud, SaaS, Software-as-a-Service
As business adoption of cloud services continues to grow at a rapid pace, so does the need to adapt security methods to accommodate the myriad of options. Traditional best practices often still provide a solid foundation from which to build on, but depending upon the technologies you opt to migrate ... Read More

Private Cloud vs Public Cloud Security Challenges

As a system administrator during the early days of the “cloud revolution” I found the “cloud” metaphor an interesting choice to frame the technology stack. Clouds, in my mind, were “woolly” and hard to pin down as opposed to the omnipresent, always-available things that IT marketers were suggesting cloud services ... Read More

Secure Configuration in Cloud – IaaS, PaaS and SaaS Explained

| | Cloud, cloud services, IaaS, paas, SaaS
If I asked you what security products you had in place to manage your risk within your IT organisation 10 years ago, you’d probably have been able to list a half dozen different tools and confidently note that most of your infrastructure was covered by a common set of key ... Read More

Psychological Tricks of the Malware Trade

As a Professional Services Consultant, I have the pleasure of traveling all around the globe meeting clients and talking to a wide variety of IT security professionals who form the front line of defence against malware. One of my favorite topics is how people got their start in their careers ... Read More

Adding to the Toolkit – Some Useful Tools for Cloud Security

With more business applications moving to the cloud, the ability to assess network behavior has changed from a primarily systems administration function to a daily security operations concern. And whilst sec-ops teams are already familiar with firewall and network device log tools, these can be of limited used in a ... Read More