Much like the early days of virtualization, containers got a bum rap when it came to data security. I say this because just like virtualization, securing containers is more about securing what is happening inside, rather than the security of the wrapper.
We’ve been writing for a few years now about the dangers of connected medical devices and how the U.S. F.D.A. has sought to increase the security of these devices. Previously, in St. Jude Takes Steps to Secure Vulnerable Medical Implants we covered the security surrounding St. Jude medical devices. We covered how the FDA Seeks Secure Medical Device Development Lifecycle and the FDA Prescribes Safer Path for Connected Medical Devices.
As business-technology systems grow more complex, so does the need to automate essential management and security processes. With hybrid cloud architectures, DevOps management approaches, and continuous software delivery pipelines, organizations need to automate as many processes as they can automate. For those tasks that require little or no deviation, many enterprises are turning to Robotic Process Automation (RPA).
Despite it being considered an essential practice, most organizations still find it difficult implementing security into their DevOps efforts. It’s not that they don’t want to, they say they do, it’s that they just haven’t provided their developers the tools, processes, or even training to get it done. These are the findings of a report recently released by application security vendor Checkmarx.
For years now, the cloud computing alliance has been working to identify the top threats to cloud computing. In 2012 they published a survey that identified the top threats to cloud at the time, and two years ago they published The Treacherous 12 Cloud Computing Top Threats in 2016. That report reflected the consensus among security experts in the CSA community regarding the most significant security issues in the cloud.
Smart connected appliances, should they be commandeered by attackers for use in a botnet, could result in everything from local power outages to severe wide-scale blackouts a team of Princeton University researchers contended at the USENIX Security Symposium.
For two decades now, online attacks targeting retailers have been on the rise. According to a new report from 451 Research and data encryption and tokenization provider Thales, last year was no different.
The dust is beginning to settle after the U.S. federal criminal indictment of 12 Russian military intelligence officers who are alleged to have conspired to hack into systems of the Democratic Congressional Campaign Committee (DCCC), Democratic National Committee (DNC), and volunteers of the Hillary Clinton campaign. As the implications of the indictment are becoming better understood, it’s now a good time to take a step back and look at what the 29-page indictment has to teach us about enterprise information security.
The Federal Trade Commission (FTC) wants increased power and regulatory authority, including the ability to enforce civil penalties, when it comes to data security.
A recent report from P&S Market Research pegs the growth in the cybersecurity artificial intelligence market at 36 percent annually from 2017 through 2023, when it expects the cybersecurity artificial intelligence market to reach $18 billion.
Talk to any enterprise that has embraced DevOps and are trying to ensure security is adequately integrated into the organization and they'll likely say the challenge is twofold: tools and culture. Moreover, the most difficult of those two is culture.
Serverless computing is taking off. By some estimates, many enterprises that are using public cloud have embraced serverless computing. As TheNewStack’s Lawrence Hecht wrote, “After digging in, we found that the survey says 70 percent of enterprises have migrated a significant number of workloads to the public cloud. Among this group, 39 percent of using serverless, 40 percent are using containers and 34 percent are using container orchestration.”
