InfoQ Homepage Security Content on InfoQ
-
Is Docker Secure Enough? Advice for Configuring Secure Container Images and Runtimes
Ensure that Docker is secure enough by fine-tuning the security approach to meet your use cases. It is important to have an understanding of the differences between the Docker image and the Docker runtime and the security implications and priorities for each. This article covers a number of techniques for ensuring appropriate security for Docker.
-
An Introduction to Post-Quantum Public Key Cryptography
Though quantum computers are in their infancy, their further development could make them commercially available. When that day comes, all public and private keys will be exposed to quantum threats, a massive risk for every organization. Understanding quantum computing growth and the impact it would have on cryptography is key for everyone, irrespective of their role.
-
Mitigating Inside and Outside Threats with Zero Trust Security
As ransomware and phishing attacks increase, it is evident that attack vectors can be found on the inside in abundance. Zero Trust Security can be thought of as a new security architecture approach where the main goals are: verifying endpoints before any network communications take place, giving least privilege to endpoints, and continuously evaluating the endpoints throughout the communication.
-
The Next Evolution of the Database Sharding Architecture
In this article, author Juan Pan discusses the data sharding architecture patterns in a distributed database system. She explains how Apache ShardingSphere project solves the data sharding challenges. Also discussed are two practical examples of how to create a distributed database and an encrypted table with DistSQL.
-
Reducing Cloud Infrastructure Complexity
Cloud computing adoption has taken the world by storm, and is accelerating unabated. According to Flexera’s annual State of the Cloud Report for 2020, 93% of respondents used multi or hybrid cloud strategies. This article examines different aspects of cloud infrastructure complexity, and approaches to mitigate it.
-
Failing Fast: the Impact of Bias When Speeding up Application Security
This article deals with three biases people can have with establishing application security while trying to move fast in building them, attitude which can cost the organization later, showing how to spot the biases, and providing advice on what to do about them.
-
How to Reduce Burnout in IT Security Teams
Burnout isn't a selfcare problem. The information security industry needs to take a deeper examination and create changes to allow for workers to have more flexibility and the ability to have balanced personal and work life. This article serves as a starting point by breaking down why burnout exists in InfoSec, why past solutions don’t work anymore, and how to actually reduce burnout in teams.
-
How to Harden Applications against IIoT Security Threats
This article will explore two sides of the IIoT security equation: understanding how and why IIoT systems can become vulnerable to hacking attempts, and which solutions and strategies are available to harden them. It will provide also a set of best practices to address IoT security concerns.
-
Building Tech at Presidential Scale
Dan Woods discusses the unique challenges of building and running tech for a presidential cycle. Woods also describes how ML was applied at foundational points to reduce operating costs and some of the architectural choices made.
-
Application Security Manager: Developer or Security Officer?
The role of the Application Security Manager (ASM) should be the driving force of the overall code review process. An ASM should know about development processes, information security principles, and have solid technical skills. To get a good ASM you can either use experts from a service provider or grow an in-house professional from developers or security specialists.
-
Mobile DevSecOps Is the Road to Mobile Security
In this article, I’ll discuss some of the most common security deficiencies in mobile apps and explain the potential risks to consumers, app developers, and brands, as well how to break the cycle of poor app security, using automated, rapid, continuous, and iterative deployment.
-
Using Cloud Native Buildpacks to Address Security Requirements for the Software Supply Chain
Software supply chain attacks are increasing in severity and frequency, with no clear path laid out towards its mitigation. A simple way to trace the origin of vulnerable components is available in the form of Software Bill Of Materials (SBOMs), generated automatically when using Buildpacks.