Operations | Monitoring | ITSM | DevOps | Cloud

What is your New Year’s resolution for 2022? Well, it is that time of year again! My resolutions are not necessarily new, but a continuation of several that I have made in prior years. Eat healthier foods, lose weight, and save money are the ones that immediately come to mind. Another best practice that I started several years ago was to adopt a passwordless authentication initiative for all my internet connected personal devices.

Security compliance is the new black. Everyone is talking about it. Everyone is writing about it. Hopefully everyone is doing something about it, but it's a big lift for organizations. Compliance can mean adhering to departmental and company standards; it can mean well-defined regulatory standards like HIPAA, GDPR, and others. Compliance can mean adopting a standardized set of recommended protocols for cyber security. If compliance isn't on your radar right now, it should be.

Most of us have visited a hotel at some point in our lives. We arrive at reception, if we request a room, they give us a key; if we are going to visit a guest, they lead us to the waiting room as a visitor; if we are going to have dinner at their restaurant, they label us as a customer; or if we attend a conference on technology, we go to their conference room.

This is the final summary of our 2021 security hardening holiday calendar. We wanted to provide educational, useful, and actionable security advice, and we’re really pleased with the reception! Thank you for reading and following along.

If you have access to the internet, it’s likely that you have already heard of the critical vulnerability in the Log4j library. A zero-day vulnerability in the Java library Log4j, with the assigned CVE code of CVE-2021-44228, has been disclosed by Chen Zhaojun, a security researcher in the Alibaba Cloud Security team. It’s got people worried—and with good reason.

In light of the recent news about yet another reported Zero-Day Exploit and the accompanying discussions about security, let’s touch on the topic of security audits and how Enterprise Alert can be configured to avoid or at least minimize potential security impact. First, let’s establish what we mean by security audit.

Modern day software development approaches such as DevOps, have certainly reduced development time. However, tighter release deadlines push security practices to a corner. This blog explains how Shifting Security to the Left introduces security in the early stages of DevOps Lifecycle, thus fixing software bugs proactively. We have come a long way in the DevOps lifecycle, from releasing the code every month(or sometimes more than that) to every day(or every hour).

The internet has been ablaze since the announcement of Log4Shell, the nickname for CVE-2021-44228, an arbitrary remote code execution vulnerability in the Java logging utility Log4j. So far two additional vulnerabilities ( CVE 2021-45046, CVE-2021-45105) have now been identified. The code has been vulnerable since 2013 and millions of hosts and services are affected.

This post originally appeared on The New Stack and is re-published here with permission. In our technology-driven business climate, most companies have at least some, if not all, workloads on the cloud. And unlike on-premises networks, these cloud environments lack secure outer perimeters and specific off times. Cloud networks are always on and always available. While convenient, this also means hackers can access them at any time.