No matter how you slice it, the use of containers and Kubernetes continues to swell. And recent high profile vulnerabilities-that-shall-not-be-named have shown us how important container security is for an overall application security program. Protecting your own code, your dependencies, and the containerized services you use are all a must.
With great automation, comes great risk. The advent of infrastructure as code brought about automation for the tedium of deploying, provisioning, and managing resources in public clouds with declarative scripts. However, this automation increased the importance of creating secure IaC scripts or configurations with cloud infrastructure misconfigurations being cited as the biggest area of increased concern (58%) from 2020 to 2021 in the 2021 Snyk Cloud Native Application Security report.
Third-party technology providers can confer huge strategic advantages to a business. It allows each organization to focus on their highest value activities, but there’s a downside; new cyber security risks come with each partnership. Third-party risk is now an integral part of business ecosystems. A solid risk management framework is required to manage risk and keep you and your customers safe.
Cyber security KPI or other Key Performance Indicators are established in different areas of every organisation to track and monitor the progress towards attaining a certain goal or target. Cybersecurity is no exception here, and companies should maintain proper cybersecurity KPIs. There are many blog posts available around this topic but in this article, we have gathered a list of important cybersecurity KPIs that every organisation should consider.
I enjoy being editor and managing this blog so much, I thought I'd share some of the best blogs of 2021. 2022 is right around the corner, but it's also a good time to look back at some 2021 highlights!
Our stated objective is simple: to be the world leader in data services. This is not easy. To be a world leader in anything requires notoriety, reliability, performance and ultimately, dominance. But we have a plan. As we close out 2021, there are certain things to look out for Calligo laying the groundwork for in 2022 …
Ding. That is the sound of the elevator opening on the ground floor of the One WTC building in New York. We’re both there for a meeting. You, as Director of Systems Engineering for a Financial Services provider, are presenting your plans to shore up the hybrid infrastructure used to run the bank’s new crypto-based services. I’m meeting with clients who are trying to rebuild their reputation, and SOC2 certification, after a data breach.
Last week I had the privilege to be in Washington, DC talking to a group of defenders. I heard a clear pattern of words: “data-driven,” “telemetry-first,” and “visibility”.
Ever since the public exploit of the Log4Shell remote code execution (RCE) vulnerability became known on December 10, 2021, security teams have been scrambling to understand the risk to their environments. Part of that scramble has been to ascertain which tools are best positioned to help detect the vulnerability. Which approaches are most effective and where do they fall short?
