This paper maps out an operational process to more effectively handle hostile campaigns. That requires leveraging security data through better analytics, magnifying the impact of the people we have by structuring and streamlining processes, and automating threat remediation wherever possible.
We are proud to announce the launch of our newest research paper, on multi-cloud key management, covering how to tackle data security and compliance issues in diverse cloud computing environments. Infrastructure as a Service entails handing over ownership and operational control of IT infrastructure to a third party. But responsibility for data security cannot go along with it. Your provider ensures compute, storage, and networking components are secure from external attackers and other tenants, but you must protect your data and application access to it. Some of you trust your cloud providers, while others do not. Or you might trust one cloud service but not others. Regardless, to maintain control of your data you must engineer cloud security controls to ensure compliance with internal security requirements, as well as regulatory and contractual obligations. That means you need to control the elements of the cloud that related to data access and security, to avoid any possibility of your cloud vendor(s) viewing it.
This paper focuses on how to align your security monitoring technologies with new security analytics alternatives to better identify attacks, which we can all agree is sorely needed.