BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage Cloud Security Content on InfoQ

  • Serverless Security: What's Left to Protect?

    This article aims to provide a broad understanding of security in the Serverless world. We'll consider the ways in which Serverless improves security, the areas where it changes security, and the security concerns it hurts.

  • A Roadmap to the Programmable World

    The emergence of millions of remotely programmable devices in our surroundings will pose significant challenges for software developers. This article proposes a roadmap from today’s cloud-centric, data-centric Internet of Things systems to the Programmable World highlights those challenges that haven’t received enough attention yet.

  • Taking an Application-Oriented Approach to Cloud Adoption

    Taking an infrastructure-centric approach to cloud adoption can lead to unrealized benefits. Architect Amit Kumar outlines eleven principles to consider when introducing cloud services into your architecture.

  • A Security Approach for a Cloudy World: An Interview with Pete Cheslock

    Does your approach to application and data center security change when adopting cloud services? To learn more about this topic, InfoQ reached out to Pete Cheslock, head of operations and support teams at Threat Stack.

  • Respect Your Organisational Monoliths

    There is a lot of information about DevOps, the technology, the culture, the behaviour. There is not a lot of information about tackling DevOps in large enterprises and there is certainly very little about tackling DevOps in large financial organisations. This article presents lessons learnt rolling out DevOps in a large insurance organisation.

  • Towards an Agile Software Architecture

    Boyan Mihaylov covers his experience when working with both traditional waterfall software architectures and agile ones. He depicts the similarities and differences between these with a focus on three areas: the specifics of the software architect role, the timespan of the software architecture, and the output of the software architecture.

  • Hologram - Finally, AWS Key Distribution that Makes Sense

    Faced with the lack of solutions for secure distribution of AWS access keys to developers, AdRoll decided to build their own open source Hologram, a system that brings Amazon's Instance Profile mechanism to developer workstations. Adair details the process, tool design and main features.

  • Cloud Security Auditing: Challenges and Emerging Approaches

    Security audits are an important part of IT security programs. In this article, authors highlight the challenges in cloud computing business models, based on interviews with cloud security auditors. They talk about the challenges in the areas of transparency, encryption and colocation and domain-tailored audits as ideal solution in the new model.

  • A Pragmatic Approach to Scaling Security in the Cloud

    Security. Cloud. Two words that are almost always together but rarely happily. Read on to learn why that isn’t the case and what you need to known about securing your critical infrastructure in the cloud.

  • Securing Servers in the Cloud: An Interview With Trend Micro

    What’s the best way to protect servers in the cloud? How can you account for the transient nature of cloud servers and provide the same protection in the cloud as on on-premises? To find out, InfoQ spoke with Mark Nunnikhoven, a Principal Engineer in the Cloud & Emerging Technologies division at Trend Micro. You can find Mark on Twitter as @marknca.

  • Automating Data Protection Across the Enterprise

    This article builds on the foundational Regulatory Compliant Cloud Computing (RC3) architecture for application security in the cloud by defining a Data Encryption Infrastructure(DEI) which is not application specific. DEI encompasses technology components and an application architecture that governs the protection of sensitive data within an enterprise.

  • Don't SCIM over your Data Model

    This opinion piece discusses three specific suggestions for improving the SCIM data model: 1. Both the enterprise client and cloud provider should map their internal IDs to a shared External ID, which is the only ID exposed through the API. 2. Multi-valued attributes of a resource must be converted from an array into a dictionary with unique keys. 3. 3 ways to improve the PATCH command

BT