Infosec Island

Goodbye 2017, Hello 2018: New and Old Cloud Security Challenges

Security and compliance are going to be hot topics in 2018 as more and more organizations confront the challenges of the cloud. In 2018, a few major new regulations, such as the EU General Data Protection Regulation (GDPR), which takes full effect in May, will start to swing the privacy pendulum towards better cloud security and […]

Read More…


2018 Security Predictions

The biggest surprise in the cloud for 2017 is how the security industry continues to be a technical laggard. Organizations are moving their infrastructure to the cloud with AWS and Azure both growing at unprecedented rates, building multi-billion dollar IT superpowers. Yet security incumbents are not evolving, providing yesterday’s technologies in the cloud, i.e. a […]

Read More…

AWS Misconfiguration

5 Steps to Eliminate AWS Misconfigurations and Open S3 Buckets

I’m an ardent consumer of security news. Sure, it’s part of my job, but reading these stories can still be a real eye-opener. Take, for example, the on-going news about S3 bucket misconfigurations. Cyber criminals have taken notice that buckets configured to allow “All Authorized AWS Users” would, well, allow all authorized AWS users. Not […]

Read More…

Together We Create

Bridging the Gap Between Security and DevOps, Part I

As we head into the New Year I’d like to share some trends I am noticing in the market around securing public clouds and decided to start a four-part series around it. Here in the Bay Area, we have several bridges that connect us. From the more well-known Golden Gate and Bay bridges to the lesser […]

Read More…