InfoQ Homepage Cloud Security Content on InfoQ
-
/articles/preventing-data-exfiltration-google-cloud/en/smallimage/preventing-data-exfiltration-google-cloud-thumbnail-1768221099670.jpg)
Preventing Data Exfiltration: A Practical Implementation of VPC Service Controls at Enterprise Scale in Google Cloud Platform
Implementing VPC Service Controls is more about people and process than technology. Organizations must conduct extensive upfront discovery, use phased rollouts to avoid breaking production systems, and design VPC Service Controls that enable rather than block work. Success requires automation, clear exception processes, tracking both security and business metrics, and continuous improvement.
-
/articles/tls-certificate-transparency/en/smallimage/tls-certificate-transparency-thumbnail-1756385529119.jpg)
Beyond the Padlock: Why Certificate Transparency is Reshaping Internet Trust
Certificate Transparency (CT) creates public, append-only logs of every TLS certificate issued, enabling detection of rogue or mistaken certificates. This article explores how CT has transformed internet PKI by moving from reliance on certificate authority trustworthiness to providing verifiable transparency that major browsers now require.
-
/articles/ransomware-resilient-storage-cyber-defense/en/smallimage/ransomware-resilient-storage-cyber-defense-thumbnail-1755589602893.jpg)
Ransomware-Resilient Storage: the New Frontline Defense in a High-Stakes Cyber Battle
Cybersecurity has evolved, with ransomware now primarily targeting data storage and backups. To combat this, modern defense strategies focus on making storage systems more resilient. Key tactics include using immutable storage that prevents data from being altered or deleted, employing AI-powered detection, and implementing air-gapping to create isolated, tamper-proof recovery points.
-
/articles/aws-sandbox-as-a-service/en/smallimage/aws-sandbox-as-a-service-thumbnail-1754387123420.jpg)
Sandbox as a Service: Building an Automated AWS Sandbox Framework
This article outlines an automated AWS Sandbox Framework to provide secure, cost-controlled environments for innovation. It leverages AWS services like Control Tower and open-source tools to automate provisioning, enforce security policies, manage resource lifecycles, and optimize costs through automated cleanup and governance.
-
/articles/cloud-prem-architecture-challenges/en/smallimage/cloud-prem-architecture-challenges-thumbnail-1750753890389.jpg)
Engineering Principles for Building a Successful Cloud-Prem Solution
Discover how Cloud-Prem solutions combine cloud efficiency with on-premise control, meeting data sovereignty and compliance demands while optimizing operational costs and enhancing customer security.
-
/articles/responsible-ai-fintech/en/smallimage/navigating-responsible-ai-logo-small-1732088592946.jpg)
Navigating Responsible AI in the FinTech Landscape
Explore the dynamic intersection of responsible AI, regulation, and ethics in the FinTech sector. This article highlights key challenges and innovative practices as organizations navigate compliance with evolving guidelines like the EU AI Act. Discover how to balance transparency, efficiency, and risk management for sustainable AI growth in your business.
-
/articles/cell-based-architecture-application-security/en/smallimage/cba-security-small-1729762783227.jpeg)
Securing Cell-Based Architecture in Modern Applications
Securing cell-based architecture is essential to fully capitalize on its benefits while minimizing risks. To achieve this, comprehensive security measures must be put in place. Organizations can start by isolating and containing cells using sandbox environments and strict access control mechanisms like role-based and attribute-based access control.
-
/articles/multi-region-architecture/en/smallimage/optimizing-wellhub-autocomplete-logo-small-1728898753118.jpg)
Optimizing Wellhub Autocomplete Service Latency: a Multi-Region Architecture
Every company wants fast, reliable, and low-latency services. Achieving these goals requires significant investment and effort. In this article, I will share how Wellhub invested in a multi-region architecture to achieve a low-latency autocomplete service.
-
/articles/securing-linux-applications/en/smallimage/proactive-approaches-security-linux-logo-small-1727870445556.jpg)
Proactive Approaches to Securing Linux Systems and Engineering Applications
Maintaining a strong security posture is challenging, especially with Linux. An effective approach is proactive and includes patch management, optimized resource allocation, and effective alerting.
-
/articles/secure-resilient-delivery-pipelines/en/smallimage/GettyImages-1281740358-small-1715175157819.jpg)
Delivering Software Securely: Techniques for Building a Resilient and Secure Code Pipeline
Your CI/CD pipeline can potentially expose sensitive information. Project teams often overlook the importance of securing their pipelines. This article covers approaches and techniques for securing your pipelines.
-
/articles/risk-first-compliance/en/smallimage/from-compliance-first-to-risk-first-small-1703233223207.jpg)
From Compliance-First to Risk-First: Why Companies Need a Culture Shift
Transitioning from a "Compliancе-First" approach to a "Risk-First" mindset rеcognizеs that compliancе should not be viеwеd in isolation, but as a componеnt of a broadеr risk managеmеnt strategy.
-
/articles/work-with-auditors-influence-experience/en/smallimage/how-to-work-with-your-auditors-to-influence-a-better-audit-experience-small-1700211878723.jpg)
How to work with Your Auditors to Influence a Better Audit Experience
It is possible to influence a better audit experience, transforming it from a check-the-box exercise with little perceived value to one of true value that helps set you up for success, and with way less pain. This article explores how to experiment with adding agility into audit work while auditing a client, which can lead to better outcomes for you and your auditors.