InfoQ Homepage Cloud Security Content on InfoQ
-
Beyond the Padlock: Why Certificate Transparency is Reshaping Internet Trust
Certificate Transparency (CT) creates public, append-only logs of every TLS certificate issued, enabling detection of rogue or mistaken certificates. This article explores how CT has transformed internet PKI by moving from reliance on certificate authority trustworthiness to providing verifiable transparency that major browsers now require.
on Sep 08, 2025 -
Ransomware-Resilient Storage: the New Frontline Defense in a High-Stakes Cyber Battle
Cybersecurity has evolved, with ransomware now primarily targeting data storage and backups. To combat this, modern defense strategies focus on making storage systems more resilient. Key tactics include using immutable storage that prevents data from being altered or deleted, employing AI-powered detection, and implementing air-gapping to create isolated, tamper-proof recovery points.
on Aug 25, 2025 -
Sandbox as a Service: Building an Automated AWS Sandbox Framework
This article outlines an automated AWS Sandbox Framework to provide secure, cost-controlled environments for innovation. It leverages AWS services like Control Tower and open-source tools to automate provisioning, enforce security policies, manage resource lifecycles, and optimize costs through automated cleanup and governance.
on Aug 11, 2025 -
Engineering Principles for Building a Successful Cloud-Prem Solution
Discover how Cloud-Prem solutions combine cloud efficiency with on-premise control, meeting data sovereignty and compliance demands while optimizing operational costs and enhancing customer security.
on Jun 26, 2025 -
Navigating Responsible AI in the FinTech Landscape
Explore the dynamic intersection of responsible AI, regulation, and ethics in the FinTech sector. This article highlights key challenges and innovative practices as organizations navigate compliance with evolving guidelines like the EU AI Act. Discover how to balance transparency, efficiency, and risk management for sustainable AI growth in your business.
on Nov 27, 2024 -
Securing Cell-Based Architecture in Modern Applications
Securing cell-based architecture is essential to fully capitalize on its benefits while minimizing risks. To achieve this, comprehensive security measures must be put in place. Organizations can start by isolating and containing cells using sandbox environments and strict access control mechanisms like role-based and attribute-based access control.
on Oct 28, 2024 -
Optimizing Wellhub Autocomplete Service Latency: a Multi-Region Architecture
Every company wants fast, reliable, and low-latency services. Achieving these goals requires significant investment and effort. In this article, I will share how Wellhub invested in a multi-region architecture to achieve a low-latency autocomplete service.
on Oct 17, 2024 -
Proactive Approaches to Securing Linux Systems and Engineering Applications
Maintaining a strong security posture is challenging, especially with Linux. An effective approach is proactive and includes patch management, optimized resource allocation, and effective alerting.
on Oct 07, 2024 -
Delivering Software Securely: Techniques for Building a Resilient and Secure Code Pipeline
Your CI/CD pipeline can potentially expose sensitive information. Project teams often overlook the importance of securing their pipelines. This article covers approaches and techniques for securing your pipelines.
on May 13, 2024 -
From Compliance-First to Risk-First: Why Companies Need a Culture Shift
Transitioning from a "Compliancе-First" approach to a "Risk-First" mindset rеcognizеs that compliancе should not be viеwеd in isolation, but as a componеnt of a broadеr risk managеmеnt strategy.
on Dec 26, 2023 -
How to work with Your Auditors to Influence a Better Audit Experience
It is possible to influence a better audit experience, transforming it from a check-the-box exercise with little perceived value to one of true value that helps set you up for success, and with way less pain. This article explores how to experiment with adding agility into audit work while auditing a client, which can lead to better outcomes for you and your auditors.
on Nov 22, 2023 -
Debugging Production: eBPF Chaos
This article shares insights into learning eBPF as a new cloud-native technology which aims to improve Observability and Security workflows. You’ll learn how chaos engineering can help, and get an insight into eBPF based observability and security use cases. Breaking them in a professional way also inspires new ideas for chaos engineering itself.
on Jun 20, 2023