Regulatory Compliance in the Cloud: What you Need to Know 

Anyone reading this post will have at least dipped their toes into the world of cloud services. As a result of this massive growth, the world of compliance has spent much of the last decade catching up with the implications of cloud services.   For hosted infrastructure, “catching up” presents an ... Read More

Regulatory Compliance – Holding Security Back or Forcing us to Reassess old biases?

A recent survey conducted by IBM and Censuswide of the UK market explored some of the drivers for modernisation and revealed some interesting challenges that organisations currently face as more and more businesses expand their digital boundaries. The most interesting finding was the that one of the drivers for modernisation ... Read More

Observation vs. Monitoring: What’s the Difference in the World of Cybersecurity

I took note of the recent uptick in discussions about the concept of observation in the IT world and found myself compelled to come back to the topic, which I’ve touched on previously in my blog posts. “Observability” is seemingly synonymous with “monitoring,” covering things such as metrics, traces, and ... Read More

Cybersecurity Laws – Get Ready Today to Save Some Money Tomorrow

It looks likely that the UK will join a growing number of nations promoting cybersecurity’s importance for businesses including the introduction of new laws. Amongst the proposals being considered are adding new powers to the UK Cyber Security Council that could significantly change the reporting requirements associated with security incidents ... Read More

Spot the Ball & Security Detection Games

When I was younger, and printed newspapers were a more common household purchase, I remember fondly watching my mother play a game called “Spot the Ball.” For those of you not familiar with this, it consisted of a photograph of a recent football (soccer) match with the ball removed from ... Read More

Google’s Office of the CISO Points the Way Towards Scaling Security

Amazon’s, Google’s and Microsoft’s experiences with building massive infrastructures for the world allows for some fascinating insights into the future of IT security at scale. As a result, when Google published The CISO’s Guide to Cloud Security Transformation earlier this year, I was curious about what priorities they saw in ... Read More

Define, Reinforce and Track: Helping Develop Positive Cybersecurity Habits

Getting teams to improve security can be hard work, but it’s an important job that organisations must take seriously to protect an increasingly risky world. For this post, I wanted to explore some ways that an organisation or individual might start building a new security “habit” so that, in time, ... Read More

Cloud-Based Storage Misconfigurations – Understanding the Security Risks and Responses

Misconfigurations remain one of the most common risks in the technology world. Simply telling organisations to “fix” this problem, however, is not as easy as it might first seem because there’s a myriad of technologies at play in modern infrastructure deployments. All of this results in a complicated mix of ... Read More

From Alan Turing to Future Artificial Intelligences – Reading Security Signals

The notion that the time we are living in now is “unprecedented” is a common one, but historians and philosophers alike will happily note that things are rarely so different that we can’t learn a lot from the past. Despite IT often being dominated by forward-thinking individuals developing novel and ... Read More

Building a Security Alliance with Your Cloud Partners

As more infrastructure is moved to the cloud, there are many opportunities to reconsider your security stance and relationships to build ever stronger and more secure IT solutions whilst reducing your security costs. In this post, I’m looking to explore some ways that you can build out your alliances to ... Read More

Secure Coding Practices