The shift from monolithic architectures to microservices poses complex authorization challenges to development teams. In this article, we look at how to enforce fine-grained access control in cloud-native environments as we make a case for a dynamic approach to authorization in microservices. Key takeaways.

On this episode of the Future of Security Operations podcast, Thomas speaks with Rebecca Blair, Security Operations Center Manager at Toast, an all-in-one point-of-sale and restaurant management platform for food service and hospitality businesses. After working in various cybersecurity roles over the past decade, Rebecca joined Toast in 2021 as the first employee of its security operations center.

This article provides a breakdown of the most important Terraform security best practices to consider when implementing an Infrastructure as Code (IaC) environment. Terraform is a highly popular IaC tool offering multi-cloud support. IaC means that infrastructure is deployed automatically and configured at scale, which has immediate benefits for efficiency and consistency.

Simple and intuitive design is at the core of how we design. That’s why we’ve improved the navigation of our tool so that users can easily access the attack surface and scan settings. Since launching the attack surface view earlier this year, we’ve heard from some users that finding the attack surface view isn’t very clear. This meant some users were missing out on insights across their expanding attack surface, such as open ports and DNS information.

Third-party risk has always been a concern for organizations, but since COVID and the rise of remote work, we’ve seen a dramatic acceleration in campaigns leveraging software supply chain attacks. Not just through open source vulnerabilities, but through closed source applications and services as well. To adapt to this new normal, it’s important to develop an understanding of supply chain attacks and protect yourself from them.

Snyk’s Chief Architect, Josh Stella, recently hosted a webinar about cloud security. Stella was the co-founder and CEO of Fugue, a cloud security and compliance company that was acquired by Snyk. With the capabilities of Fugue, Snyk will bring its developer-first security platform into the cloud security space. During this talk, Stella discussed the missing story in every cloud breach: the tale of how, when, and where attackers operate in the cloud.

C++ has become a pivotal part of the modern day tech industry. It has been used for multiple purposes, such as desktop applications, server applications, gaming, virtual reality, internet of things firmware, and even as the foundation for many modern day programming languages. Since the initial C++ release in 1985, as an extension to the C programming language, it was designed with an orientation towards system programming and embedded resource development.

From a people perspective and an organizational standpoint, many CISOs have said that their security teams are not ready for containers and Kubernetes. This isn’t surprising, given the stark contrast between where we were less than a decade ago and where we are today in terms of systems architecture. I am of course referring to the cloud-native era, which has ushered in a whole new architectural approach.

From the outside, it might appear as if Trustwave MailMarshal is a stand-alone solution that on its own is able to effectively defend email systems from a wide variety of phishing, malware, and business email compromise (BEC) attacks. The truth is MailMarshal is backed not only by one of the best trained, most experienced cybersecurity research teams in the industry but also by a technology stack that has been decades in the making.

Control flows are the backbone of automation. Identifying what to do with a set of data – and how – is a key component of high-value automation, but it can also be confusing to wrap your head around at first. What is a conditional? And what does it have to do with a loop? How do you deal with a set of information versus a single data point?