#cloud
4 posts

3 steps toward improving container security

Focus on how you build access rules and permissions. Understand the level of granularity needed right from day one to build this. Harden the container host with policies to prevent resource abuse.
Read more

3 steps toward improving container security

  • Vet the use of code from online sources. Use discovery tools to manage and scale up containers securely with runtime protection.
  • Focus on how you build access rules and permissions. Understand the level of granularity needed right from day one to build this.
  • Harden the container host with policies to prevent resource abuse. Use access control groups, and run containers with read-only images.
  • Secure content inside containers by limiting Linux OS features running within it.
  • Enforce image source integrity protection to track content changes and determine who made them.

Full post here, 5 mins read

How to avoid data breaches in the cloud

Draft a good data loss prevention (DLP) policy. Build a solution against breaches as well as unauthorized extraction & deletion. Implement encryption in transit as well as at rest: TLS/SSL connections are a must, as are IPsec VPN tunnels.
Read more

How to avoid data breaches in the cloud

  • Draft a good data loss prevention (DLP) policy. Build a solution against breaches as well as unauthorized extraction & deletion.
  • Implement encryption in transit as well as at rest: TLS/SSL connections are a must, as are IPsec VPN tunnels.
  • Deploy your own advanced network monitoring tools. Use intruder detection tools to watch your entire ecosystem of applications.
  • Beware of a too-complicated ecosystem. Its layers can create blind spots.
  • Consider using API-based cloud access security brokers (CASBs).
  • Use micro-segmentation to restrict access privileges to those who need them, for only the timeframe they need them and only to the level of access they need.

Full post here, 4 mins read

How to combat cloud software security threats

Deploy strong identity management and access management systems. Understand how security works with third-party apps & integrations in detail.
Read more

How to combat cloud software security threats

  • Deploy strong identity management and access management systems.
  • Understand how security works with third-party apps & integrations in detail. Ensure you know what exactly does granting access for anything to a third-party app means.
  • Ensure that your cloud vendor provides audit logs and check them regularly.
  • Check that your cloud software vendors are compliant with the widely accepted standards & regulations pertaining to your industry. Consider security assessments by third parties as well.
  • Look for how seriously your cloud & cloud software vendors take their bug bounty programs.

Full post here, 5 mins read

7 non-negotiable security practices for any cloud product

- Track access and usage across cloud providers - Manage access to sensitive data - Automate your user provisioning & de-provisioning
Read more

7 non-negotiable security practices for any cloud product

  1. Track access and usage across cloud providers
  2. Manage access to sensitive data
  3. Automate your user provisioning & de-provisioning
  4. Configure single sign-on with your identity provider
  5. Set up login requirements
  6. Routinely audit activity logs
  7. Familiarize yourself with your cloud providers security offerings

Full post here

6 mins read