InfoQ Homepage Cloud Security Content on InfoQ
-
Using Cloud Native Buildpacks to Address Security Requirements for the Software Supply Chain
Software supply chain attacks are increasing in severity and frequency, with no clear path laid out towards its mitigation. A simple way to trace the origin of vulnerable components is available in the form of Software Bill Of Materials (SBOMs), generated automatically when using Buildpacks.
-
Virtual Panel: DevSecOps and Shifting Security Left
Recent attacks, that targeted SolarWinds, Colonial Pipeline, and others, have shown that development environments come ever more frequently on the radar of malicious actors. A virtual panel on the value of shifting left security, how to take responsibility for it, and the time-to-market pitfalls.
-
DevSecOps: the Key to Securing Your Supply Chain in a Multi-Cloud Threatscape
Recent supply chain attacks require businesses to re-evaluate their approach to DevOps, specifically as it relates to security. The DevSecOps focus CI/CD platforms, testing and scanning across the SDLC, and a focus on minimizing manual efforts can not only improve security postures but also improve delivery of business value.
-
Q&A with Eveline Oerhlich on Building an Effective DevOps Culture
The DevOps Institute recently released their latest report entitled "Upskilling 2021: Enterprise DevOps Skills Report". The report found that automation and security remain vital to business success. A focus on building the human skills of DevOps was also identified as companies with the best learning cultures were most likely to succeed.
-
A Reference Architecture for Fine-Grained Access Management on the Cloud
In this article, we will define a new reference architecture for cloud-native companies that are looking for a simplified access management solution for their cloud resources, from SSH hosts, databases, data warehouses, to message pipelines and cloud storage endpoints.
-
Nine Trends That Are Influencing the Adoption of Devops and Devsecops in 2021
While it’s important to recognize the value of both DevOps and DevSecOps, they are not one-size-fits-all, monolithic, permanent paradigms. In this article, we’ll take a look at that ongoing development – isolating and explaining nine key trends that are driving and changing the adoption of DevOps, DevSecOps, and a number of related approaches to development and management.
-
Q&A on the Book Cybersecurity Threats, Malware Trends and Strategies
The book Cybersecurity Threats, Malware Trends and Strategies by Tim Rains provides an overview of the threat landscape over a twenty year period. It provides insights and solutions that can be used to develop an effective cybersecurity strategy and improve vulnerability management.
-
Deploying Edge Cloud Solutions without Sacrificing Security
Security challenges exist with edge cloud solutions. Some are technical, and some relate to the way in which these services are used. This article looks at the why, what, and how of edge security.
-
Privacy Architecture for Data-Driven Innovation
This article lays out how you build an internal data governance architecture early in the ingestion phase, which enables you to allocate risk to data and identify such data in your systems. You can then protect the data accordingly. The second half of this article lays out various techniques to share data in a privacy-conscious manner.
-
Improving Security Practices in the Cloud Age: Q&A With Christopher Gerg
IT leaders say that security is a top priority. Surveys show that it’s easy to say, and hard to do. InfoQ spoke with Christopher Gerg, CISO at Gillware, about security practices in the cloud age.
-
How to Seamlessly Evolve DevOps into DevSecOps
As DevOps evolved, it became obvious that it was about more than just software development and operations management. With each new story of a massive data breach and its catastrophic consequences, cybersecurity swiftly became recognized as a critical part of any IT ecosystem. This realization led to DevSecOps. This article looks at how to embrace a DevSecOps approach.
-
Seven Steps for Improving Cloud Security with Business Integration
For business owners and information technology professionals, cloud computing has represented a significant advancement in terms of efficiency and supportability. But like with any major shift in the IT industry, the cloud brings a host of new security risks. Let’s take a look at the most common risks associated with integrating cloud-based business systems and how to manage them appropriately.