Virtualization & Cloud

A critical asset that enterprises should give careful security consideration to is their back-end infrastructure which, if compromised, could lead to supply chain attacks.

Can your container image be trusted? Learn how Docker Content Trust (DCT) employs digital signatures for container image verification and manages trusted collections of content.

We outline security mitigations and settings that should be prioritized in a clustered environment. The second part of our security guide on Kubernetes clusters covers best practices related to worker nodes, the kubelet, pods, and audit logs.

In our monitoring of Docker-related threats, we came across a threat actor who uploaded malicious images to Docker Hub for cryptocurrency mining.

Serverless computing is not immune to risks and threats. Our security research provides a comprehensive analysis of the possible attack scenarios that could compromise serverless services and deployments.

Security issues often arise as a result of applications being rushed for deployment without adequate checks and protections. What are the top security risks to applications and what can organizations do to secure their DevOps pipeline?

Infrastructure as Code (IaC) is a key DevOps practice that bolsters agile software development. In this report, we identify security risk areas in IaC implementations and the best practices in securing them in hybrid cloud environments.

Cloud-native security adopts the defense-in-depth approach and divides the security strategies utilized in cloud-native systems into four different layers which are seen in “The 4Cs of Cloud-native Security.”

When it comes to cloud computing security, or simply, cloud security, what are the builders’ responsibilities? How can developers and administrators ensure cloud security? This primer discusses the key concepts of cloud security and which areas need to be protected using flexible and comprehensive security solutions.