Preventing Shadow IT from Blindsiding your Zero Trust Plan

I’ve spoken before about Zero Trust approaches to security, but for many of those starting on their journey, there isn’t an obvious place to start with the model. With this post, I wanted to share an example approach I’ve seen working that many organisations already have in place and can ... Read More

Building Your Team up to Win the Security Arms Race

In a fast-changing world, stopping to assess your success isn’t really an option anymore. It is increasingly important that security teams are constantly proving their worth and tracking their successes with a view to constantly improving so as to not to get caught behind the times and therefore exposed. How ... Read More

Auditing Cloud Administrator Behavior as a Matter of Data Breach Preparedness

New technologies often present interesting challenges for security teams, with cloud services such as AWS, Azure and GCP providing particularly novel cases in comparison to “classic” on-premise systems. As cloud services race to add new features that drive new customer interest and increase retention of existing clients, there is a ... Read More

How Organizations Can Achieve Security Availability

| | availability, Cloud
We have seen great strides in improving security tooling and processes over the past ten years. Via constantly maturing security models, security teams have become increasingly dependent upon an ever-more complex toolchain of products and services. But what happens when these systems fail. How much effort are we putting into ... Read More

Tripwire Enterprise and Zero Trust

Zero Trust is a new concept to many but one I believe will be of increasing importance over the coming years. With this post, I wanted to introduce newcomers to the concept, talk about why it’s an exciting approach to improving security, and explore how you can leverage File Integrity ... Read More

Security for Cloud Services: IaaS Deep Dive

In this, the final post in my series on considerations for managing your security with cloud services, we will be looking at Infrastructure as a Service (IaaS). If you haven’t yet read the previous blog entries about SaaS and PaaS, it’s worth going back to read these first, as much ... Read More

Security for Cloud Services: PaaS Deep Dive

In my last blog, I gave you some insight into some of the starting steps for adjusting your security strategies for a SaaS-enabled world. Here, I explore some of the additional adaptions to consider with PaaS. Traditional IT organisations have seen significant gains in adopting Platform as a Service (PaaS) ... Read More

Security for Cloud Services: SaaS Deep Dive

| | Cloud, SaaS, Software-as-a-Service
As business adoption of cloud services continues to grow at a rapid pace, so does the need to adapt security methods to accommodate the myriad of options. Traditional best practices often still provide a solid foundation from which to build on, but depending upon the technologies you opt to migrate ... Read More

Private Cloud vs Public Cloud Security Challenges

As a system administrator during the early days of the “cloud revolution” I found the “cloud” metaphor an interesting choice to frame the technology stack. Clouds, in my mind, were “woolly” and hard to pin down as opposed to the omnipresent, always-available things that IT marketers were suggesting cloud services ... Read More

Secure Configuration in Cloud – IaaS, PaaS and SaaS Explained

| | Cloud, cloud services, IaaS, paas, SaaS
If I asked you what security products you had in place to manage your risk within your IT organisation 10 years ago, you’d probably have been able to list a half dozen different tools and confidently note that most of your infrastructure was covered by a common set of key ... Read More