Cloud computing brings unprecedented new requirements to manage user identity and access privileges. The average number of cloud-based apps used in enterprises ranges between 900 to 1200 different services. If each service requires its own set of login credentials, users will inherently rely on vulnerable password combinations or avoid using the … [Read more...]
SecOps IT Security & Compliance Blog
Delivering effective IT security and compliance means enabling Security and Operations teams to work effectively together. This is how IT can deliver what the business needs: secure and reliable IT services.
Learn about IT Security and Compliance in BMC's complete guide.
Vulnerability assessments and penetration testing are techniques used by IT security teams to identify and resolve security issues in an organization’s IT networks, infrastructure, applications, and other areas. These assessments and tests share a common goal, but the methods and tools used to find and fix security flaws are different. Both are … [Read more...]
Last week, news broke of yet another high-profile cloud data breach. A security researcher found an unsecured database owned by a marketing firm, Exactis, containing extensive personal data on 230 million US consumers. Since the US population is 326 million and 22.6% are under the age of 181, this database essentially included information on nearly … [Read more...]
Today, a majority of organizations are not only actively moving most of their workloads to the cloud, but many of them are also using a multi-cloud model. By leveraging one provider for a specific functionality and another for its cost or location, companies are finding that cloud diversification can help them to meet all of their business … [Read more...]
As enterprise businesses accelerate innovation in the cloud, the concepts of threat detection, data privacy and compliance audits have never been more important. Indeed, violations can lead to costly security breaches, regulatory actions and loss of brand equity. Microsoft, which launched its cloud services platform Azure back in 2011, clearly … [Read more...]
A few months ago, we wrote about the Spectre and Meltdown vulnerabilities discovered in Intel processors and how to address them: primarily, by deploying software patches. But recently, the plot thickened. Microsoft’s Meltdown patch actually made the original vulnerability worse, creating the new “Total Meltdown” vulnerability that puts its … [Read more...]
Currency, in all its forms, has thieves that take what is not theirs. Cryptocurrency is no different. The fact that bitcoins are not a physical currency does not stop cybercriminals from stealing them, but these are not the same as cryptojackers. Cryptojackers are out to steal your electrons. Hijackers are bad guys that overtake something and … [Read more...]
Most of the time when we talk about SecOps, we are really implying DevSecOps. If you aren’t familiar with the DevSecOps concept, I suggest reading Rick Bosworth’s article on What is DevSecOps? DevSecOps Explained. However, not all organizations have completely transitioned over to DevOps. In today's technology environments, there is still a mix … [Read more...]
Introduction At this point, most IT leaders have realized that security must be integrated into every aspect of the organization. No longer can we leave risk management to a separate group that works in isolation from the rest of the IT groups. Nor can security be an afterthought. In my experience, the best way to get two teams more tightly … [Read more...]
The explosive growth of public cloud spending -- $128 billion in 2017, reaching $266 billion by 20211 -- coupled with the continued adoption of DevOps continues to shape h.w.organizations deliver innovative solutions to their customers. The ability to design, build, and deploy iteratively at an ever-increasing velocity has not only transformed … [Read more...]