Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

Data privacy laws drive urgency to create a data security strategy

With the introduction of more data privacy laws, companies can use a data security strategy and framework to help them achieve better compliance. This is the second post in a data protection blog series that addresses how organizations can better protect their sensitive data. This blog post addresses data privacy laws, frameworks, and how organizations can create their own data security strategies and frameworks to achieve compliance with today’s data privacy laws and standards.

Five worthy reads: Confidential computing - The way forward in cloud security

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In light of rising concerns over cloud cybersecurity, this week we explore the concept of confidential computing. The past year has seen strong adoption of cloud technologies due to accelerated digital transformation and a cloud-first approach in business.

Penetration Testing: A How-to Guide for Enterprises

Penetration testing is the cornerstone of any cyber security strategy, yet enterprises often don’t get an optimal outcome from their pen test engagements. In this blog I’ll be looking at the three main reasons behind this, and also suggesting an alternative way of working that could vastly improve security outcomes whilst also increasing business value.

Proprietary vs Open Source: Which Software is Better for Your Company Security? (Webinar Cuts)

Proprietary and open source security products each have their own benefits. Proprietary products often have a smaller learning curve which can lead to more efficient learning and operational practices. Open source products can be deployed by anyone without the need for licenses and/or commitments which is ideal for organizations that rely on a wide range of third parties to provide services and products.

Threats targeting Kubernetes and Defences

Attackers are continuously evolving their techniques to target Kubernetes. They are actively using Kubernetes and Docker functionality in addition to traditional attack surfaces to compromise, gain required privileges and add a backdoor entry to the clusters. A combination of Kubernetes security and observability tools is required to ensure the cloud infrastructure monitoring and lockdown and to enable DevSecOps teams with the right tools for the job.