I am often asked what has changed and what will need to change most about cybersecurity in the next few years, especially as we come out the other side of a global pandemic that upended all kinds of plans. But let’s start by level-setting: the grand strategy for security—protect data—hasn’t changed. It’s the tactics that have changed, and more importantly, must continue to change.

A new day, a new wave of S3 leaks… Cloud misconfigurations continue to be a major concern for organizations and a constant source of data leaks. A recent report by IBM has revealed that misconfigurations are behind two-thirds of cloud security incidents.

Life sciences companies increasingly rely on cloud computing environments to accelerate research. The cloud provides cost effective compute power, more efficient data processing, access to files and applications from anywhere, and advanced analytics tools to gain insights from data and manage it. But when a majority of that research is done by external contract research organizations (CROs) or in time zones on the other side of the world, that speed advantage can grind to a halt.

Solvo is empowering developers and DevOps engineers by enabling them to run their cloud infrastructure with least privilege access, at speed and scale. In this article, we’ll go through a workflow combining Solvo’s automatic platform with Snyk Infrastructure as Code (Snyk IaC) to create customized and secured access from a Lambda function to an AWS S3 bucket. This blog was originally posted on the Solvo website.

Security in cloud computing is often a major concern among cloud customers, mainly because of the risk of losing sensitive data and the difficulties of enforcing the organization’s security policies. Despite cloud computing’s potential efficiency for storing and exchanging files, cloud security remains questionable. According to one report from Statista, 81 percent of respondents found security to be the most prevalent challenge in cloud computing today.

Securing investors is always a challenge for startups. But for open-source companies, it’s even harder. Open-source companies need the right investors to innovate and enter new markets. But when you deal with a specific subset like open source, it can be difficult to find VCs with the required experience and knowledge. Those of us in the open-source community know it’s not just about the money — it’s also about continuing to grow the community.

SSL Pinning is a technique that we use on the client-side to avoid a man-in-the-middle attack by validating the server certificates. The developers embed (or pin) a list of trustful certificates to the client application during development, and use them to compare against the server certificates during runtime. If there is a mismatch between the server and the local copy of certificates, the connection will simply be disrupted, and no further user data will be even sent to that server.