Cloud security

The cloud offers improved efficiency, flexibility and scalability, but its benefits can be reversed if security isn't top of mind. Read cloud security best practices, including tips on data protection and IaaS, PaaS and SaaS security, as well as cloud-specific tools and services such as CASBs, CWPPs and CSPM.

Top Stories

News 01 Jun 2023
Mitiga warns free Google Drive license lacks logging visibility

The ability to view logs is critical for enterprises to detect and attribute malicious activity. Mitiga said the Google Drive issue allows data exfiltration without a trace. Continue Reading
Tip 25 May 2023
Prepare for the Azure Security Engineer Associate certification

Are you ready to boost your resume or further your cloud career path? Review this preparation guide to get ready for Exam AZ-500 to become Microsoft certified. Continue Reading

Tip 08 Mar 2022

Explaining the differences between SASE vs. SSE

Most security professionals are familiar with Secure Access Service Edge, but now there's a new tool for administrators to consider: security service edge. Continue Reading
News 08 Mar 2022

Google to acquire Mandiant for $5.4B

Google's acquisition announcement came less than a year after Mandiant and FireEye split. FireEye was sold to Symphony Technology Group last fall for $1.2 billion. Continue Reading
Answer 24 Feb 2022

CASB vs. SASE: What's the difference?

A cloud access security broker works within a Secure Access Service Edge architecture. Find out how CASB and SASE work together to improve network security. Continue Reading
Tip 23 Feb 2022

Crosswalk cloud compliance to ensure consistency

Combining a risk management framework with security policies can be tricky, but crosswalking -- especially in the cloud -- can help address inconsistencies and maintain compliance. Continue Reading
News 17 Feb 2022

Snyk enters cloud security market with Fugue acquisition

Analysts say the acquisition of Fugue will give Snyk an opportunity to build a presence in the cloud security market and strengthen its infrastructure-as-code capabilities. Continue Reading
News 01 Feb 2022

Cato Networks adds CASB to growing SASE portfolio

Cato Networks has added CASB app visibility and enforcement capabilities to its growing SASE portfolio, and plans to add data loss prevention in the coming months. Continue Reading
Opinion 31 Jan 2022

IaC security options help reduce software development risk

The use of infrastructure as code is increasing among developers, but security teams can take advantage of a growing number of tools to make sure IaC doesn't increase risk. Continue Reading
Feature 31 Jan 2022

Include defensive security in your cybersecurity strategy

Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
Tip 21 Jan 2022

Top cloud security standards and frameworks to consider

Cloud security standards and frameworks are key to securing systems and maintaining privacy. Read up on available options and advice for selecting the best for your organization. Continue Reading
Tip 20 Jan 2022

Introduction to automated penetration testing

Automated penetration testing, which speeds up the process for companies and vendors, is maturing. Is it ready to close the time gap between vulnerability discovery and mitigation? Continue Reading
Tip 18 Jan 2022

Cloud-native security architecture principles and controls

Building a sound cloud security framework is challenging, and it's even more so when implementing a cloud-native architecture. Here are steps you can take to make the job easier. Continue Reading
News 12 Jan 2022

New RAT campaign abusing AWS, Azure cloud services

Cisco Talos discovered threat actors taking advantage of public cloud services to spread remote administration tools such as NanoCore, NetWire and AsyncRAT. Continue Reading
Feature 29 Dec 2021

Editor's picks: Top cybersecurity articles of 2021

As we call it a wrap on 2021, SearchSecurity looks at the top articles from the last 12 months and their sweeping trends, including ransomware, career planning and more. Continue Reading
Tip 16 Dec 2021

Top 4 cloud misconfigurations and best practices to avoid them

Cloud security means keeping a close eye on how cloud resources and assets are configured. Some simple steps can keep you safe from hackers and other malicious activities. Continue Reading
Tip 14 Dec 2021

4 API authentication methods to better protect data in transit

The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
Opinion 09 Dec 2021

Cloud application developers need built-in security

Enterprises plan to increase cloud application security spending in 2022. Find out how security vendors and cloud application developers can meet their needs. Continue Reading
News 07 Dec 2021

USB-over-Ethernet bugs put cloud services at risk

SentinelOne says vulnerabilities in the Eltima SDK, which connects USB devices on virtual workstations, can put enterprises at risk of privilege escalation attacks. Continue Reading
News 06 Dec 2021

One year later, SolarWinds hackers targeting cloud providers

The hacking crew accused of breaking into SolarWinds a year ago is back at it and is trying to get to their targets through attacks on the networks of cloud computing providers. Continue Reading
Tip 06 Dec 2021

How to get started with attack surface reduction

Attack surface reduction and management are vital to any security team's toolbox. Learn what ASR is and how it complements existing vulnerability management products. Continue Reading
News 01 Dec 2021

Dell extends Cyber Recovery ransomware protection to AWS

Dell EMC's PowerProtect Cyber Recovery launched in AWS Marketplace, providing customers with a way to isolate their data in AWS-based storage instead of on premises. Continue Reading
News 01 Dec 2021

CISA taps CrowdStrike for endpoint security

The U.S. government's cybersecurity authority will be watched over by security vendor CrowdStrike as part of the larger government IT security overhaul. Continue Reading
News 22 Nov 2021

GoDaddy discloses breach of 1.2M customer account details

Web hosting provider GoDaddy said an attacker broke into its Managed WordPress service and accessed the account details and SSL keys of 1.2 million customers. Continue Reading
News 11 Nov 2021

Aruba Central breach exposed customer data

HPE-owned Aruba Networks said one of its cloud databases was accessed by hackers who were able to make off with location and telemetry data for its customers' Wi-Fi gear. Continue Reading
Tip 09 Nov 2021

How to overcome 3 multi-tenancy security issues

Explore three major multi-tenancy security challenges and how to fix them, including lack of visibility, privilege overallocation and poor data security management. Continue Reading
News 02 Nov 2021

Why cloud bugs don't get CVEs, and why it's an issue

Lack of public disclosures for cloud bugs can allow vendors to sit on vulnerability reports and can prevent researchers from getting acknowledgement and payouts. Continue Reading
Tip 13 Sep 2021

All about cloud-native application protection platforms

The cloud-native application protection platform, or CNAPP, is the latest in a slew of cloud security acronyms. Learn what it is and why the concept should stick around. Continue Reading
Guest Post 23 Aug 2021

Why zero-trust models should replace legacy VPNs

Many organizations use legacy VPNs to secure their networks, especially in the work-from-home era. Expert Pranav Kumar explains why zero-trust models are a safer option. Continue Reading
Tip 23 Jul 2021

Risk-based vulnerability management tools in the cloud

As enterprises increasingly rely on cloud services, a risk-based vulnerability management approach can provide the best protection against cybersecurity threats. Continue Reading
Tip 21 Jul 2021

Automate app security with SaaS security posture management

Keeping track of cloud application security settings and configurations businesswide is no easy task. Automate this cumbersome task with SSPM. Continue Reading
Guest Post 16 Jul 2021

4 healthcare risk management tips for secure cloud migration

From improving the security posture and updating threat modeling to securing cloud data, learn about four risk management tips for healthcare organizations migrating to cloud. Continue Reading
Guest Post 24 May 2021

Embrace speed and security for your cloud security strategy

As companies solidify their cloud security strategies, they need to ensure that they're considering where they're at now, governance needed and metrics to follow. Continue Reading
Tip 22 Apr 2021

How cloud monitoring dashboards improve security operations

Cloud monitoring dashboards can help security teams achieve visibility in complex, sprawling environments. Learn about cloud-native, third-party and open source deployment options. Continue Reading
Tip 16 Mar 2021

Implement Kubernetes for multi-cloud architecture security

Uncover how orchestration tools benefit multi-cloud environments, and get help selecting the right deployment model for Kubernetes in multi-cloud architectures. Continue Reading
Guest Post 26 Feb 2021

Dispelling 4 of the top cloud security myths today

Booz Allen's Jimmy Pham and Brad Beaulieu dispel four major cloud security myths, exploring why staying in the cloud rather than returning to on premises may be the more secure option. Continue Reading
Feature 24 Feb 2021

Guide to cloud security management and best practices

This cloud security guide explains the challenges facing enterprises today, best practices for securing and managing SaaS, IaaS and PaaS, and comparisons of cloud-native security tools. Continue Reading
Guest Post 19 Feb 2021

What is CIEM and why should CISOs care?

Cloud infrastructure entitlement management offers companies an edge in the cloud permissions gap challenge. Mahendra Ramsinghani explains how CIEM differs from SIEM. Continue Reading
Feature 03 Feb 2021

Cloud security policy configuration in AWS, Azure and GCP

Explore cloud security policy configurations in AWS, Azure and GCP using native security tools in this excerpt of 'Multi-Cloud Architecture and Governance' by Jeroen Mulder. Continue Reading
Feature 03 Feb 2021

Secure multi-cloud with architecture and governance focus

Certified enterprise and security architect Jeroen Mulder explains why multi-cloud security architecture planning should be informed by the business and customer perspectives. Continue Reading
Tip 01 Feb 2021

5 tips to better secure cloud data

A move to cloud introduces new threats to data. Follow these tips to document, evaluate, test, monitor and harden the new environment. Continue Reading
Tip 29 Jan 2021

4 steps toward cloud security automation

Automating security in the cloud can be invaluable for threat detection and mitigation. Explore the four key areas where security professionals should implement automation. Continue Reading
Tip 28 Jan 2021

5-step IaaS security checklist for cloud customers

Get expert advice on patching, data encryption, and identity and access management responsibilities in this enterprise IaaS security checklist. Continue Reading
Tip 22 Jan 2021

Private vs. public cloud security: Benefits and drawbacks

Uncover the differences between private vs. public cloud security -- as well as hybrid cloud security -- before deciding on an enterprise deployment model. Continue Reading
Tip 22 Jan 2021

How to create a cloud security policy, step by step

Read up on the components of a cloud security policy, what policies cover and why your organization needs them, and download a handy template to get the process started. Continue Reading
Feature 05 Jan 2021

Juggle a multi-cloud security strategy with these 3 steps

Enterprise security best practices must account for changes in cloud landscapes. Learn how to overcome such challenges and bolster multi-cloud security with technology and policy. Continue Reading
Tip 11 Dec 2020

Tackle multi-cloud key management challenges with KMaaS

Cloud providers' tools for secrets management are not equipped to solve unique multi-cloud key management challenges. Learn how key management-as-a-service tools can fill the gaps. Continue Reading
Tip 09 Dec 2020

How cloud-based SIEM tools benefit SOC teams

It's time for SIEM to enter the cloud age. Learn about the cloud-based SIEM features that can help SOC teams gain a holistic view of their organization's cloud infrastructure. Continue Reading
Tip 03 Dec 2020

SASE model drives improved cloud and work-from-home security

Find out how the Secure Access Service Edge model provides increased work-from-home security and cloud access outside of the traditional enterprise data center access model. Continue Reading
Feature 30 Nov 2020

How to pass the AWS Certified Security - Specialty exam

Author of 'AWS Certified Security - Specialty Exam Guide' Stuart Scott shares insights on how to prepare for the exam and reap the professional benefits of certification. Continue Reading
Feature 30 Nov 2020

Practice AWS Certified Security - Specialty exam questions

Explore the security and compliance capabilities of the AWS Config service to prepare for the wide-ranging AWS Certified Security - Specialty certification exam. Continue Reading
Tip 22 Oct 2020

How to build a cloud security operations center

To better protect workloads and data in the cloud, security operations centers collaborate with various IT teams. Learn how to cloud-enable your organization's SOC. Continue Reading
Tip 24 Sep 2020

Prevent cloud account hijacking with 3 key strategies

The ability to identify the various methods of cloud account hijacking is key to prevention. Explore three ways to limit potential consequences of cloud credential compromise. Continue Reading
Feature 16 Sep 2020

An inside look at the CCSP cloud security cert

Get insights into the Certified Cloud Security Professional cert, cloud infrastructure and platform benefits and risks, and more from the author of a CCSP exam guide. Continue Reading
Quiz 16 Sep 2020

Test your cloud security smarts with these CCSP exam questions

Read up on cloud-based BCDR in this excerpt from Chapter 4 of 'CCSP Certified Cloud Security Professional All-in-One Guide,' then quiz yourself to see what you've learned. Continue Reading
Quiz 15 Sep 2020

Cloud computing security technology quiz

As companies migrate to the cloud to improve accessibility and scalability, there are many aspects of security to consider. Test your cloud security knowledge with this quiz. Continue Reading
Tip 10 Sep 2020

How cloud security posture management protects multi-cloud

Improve control plane security at your organization by integrating a cloud security posture management tool into your existing multi-cloud strategy. Continue Reading
Feature 17 Aug 2020

Hands-on guide to S3 bucket penetration testing

Attention AWS pen testers: The trick to understanding the indicators of AWS S3 bucket vulnerabilities is setting up an insecure bucket. Learn how in this actionable guide. Continue Reading
Quiz 29 Jul 2020

Cloud security quiz: Application security best practices

Think you know all there is to know about securing apps in the cloud? Test your grasp of cloud application security best practices with this quiz. Continue Reading
Feature 28 Jul 2020

The importance of security, data encryption for cloud

As more companies migrate to the cloud, they need to also invest in cybersecurity for their cloud computing, such as through better encryption and authentication tools. Continue Reading
Tip 27 Jul 2020

Cloud workload protection platform security benefits, features

VMs and cloud environments make the task of protecting workloads more difficult than ever. Can a cloud workload protection platform help your organization solve the problem? Continue Reading
Tip 20 Jul 2020

Follow 3 key steps to improve multi-cloud monitoring

Successful multi-cloud monitoring anticipates security vulnerabilities unique to operating across several environments. Follow these steps to improve multi-cloud security. Continue Reading
Feature 17 Jul 2020

How to address and close the cloud security readiness gap

Cloud security readiness remains a shortcoming for companies despite the majority using cloud services. Here are three steps they can take to close the cloud security gap. Continue Reading
Tip 09 Jul 2020

Enhance your cloud threat protection with 5 tools, and more

Explore the best tools and tactics; you'll need the most effective arsenal available to counteract the attackers gunning for your cloud-based workloads and apps. Continue Reading
Tip 29 Jun 2020

Privacy-preserving machine learning assuages infosec fears

Implementing privacy-preserving machine learning controls, such as federated learning and homomorphic encryption, can address top cloud security and privacy concerns. Learn how. Continue Reading
Tip 17 Jun 2020

Istio service mesh security benefits microservices, developers

Learn more about Istio service mesh security features and how the open source technology can enable developers to better run, control and secure a distributed microservices architecture. Continue Reading
Feature 20 May 2020

CCSK cert guide author's insights into cloud security credential

The author of a Certificate of Cloud Security Knowledge exam guide offers insights into certifications, top considerations for those pursuing the CCSK and more. Continue Reading
Tip 12 May 2020

Comparing single cloud vs. multi-cloud security challenges

A multi-cloud environment is not inherently more secure than a single cloud. Learn how to choose between single cloud vs. multi-cloud for your organization from a security perspective. Continue Reading
Feature 08 May 2020

Compare the top cloud-based IoT security platforms to protect devices

IoT security tools can protect widely used computing devices that pose cybersecurity risks in the current remote work era. Explore the leading cloud-based options here. Continue Reading
Answer 23 Apr 2020

The differences between web roles and worker roles in Azure

What sets web roles and worker roles apart in Microsoft's Azure Cloud Services? Here's a look at how they are different. Continue Reading
Tip 26 Feb 2020

Boost security with a multi-cloud workload placement process

IT must incorporate a multi-cloud workload placement process into its multi-cloud strategy in order to maintain or improve cloud security and cloud operations. Continue Reading
Tip 12 Feb 2020

Benefits of cloud data discovery tools and services multiply

With multi-cloud and privacy regulations becoming the new normal, infosec teams need data discovery tools and services to keep up. Learn more about available cloud options. Continue Reading
Tip 02 Jan 2020

3 steps to prepare IT operations for multi-cloud

Organizations must ready their IT operations for multi-cloud and the unique security challenges ahead. Equip your IT ops team with the right people and processes to adapt smoothly. Continue Reading
Tip 19 Dec 2019

Learn some key cloud workload protection best practices

Learn key practices to protect cloud workloads whether using VMs, endpoints or containers. And don't forget to consider the best means for building a fruitful feedback loop. Continue Reading
Feature 13 Nov 2019

Benefits of using Azure Security Center for security assessments

Author Yuri Diogenes discusses how Azure Security Center helps admins achieve full cloud visibility, conduct security assessments and prevent potential breaches. Continue Reading
Feature 12 Nov 2019

Use Azure Security Center to conduct a security posture assessment

In this excerpt from Chapter 4 of Microsoft Azure Security Center, the authors outline how to use the software to determine and improve your enterprise's cloud security posture. Continue Reading
Tip 28 Oct 2019

5 cloud storage privacy questions to ask potential providers

Data confidentiality in cloud computing is a major enterprise concern, yet providers are often lacking in their details. Here are the questions to ask before adopting a service. Continue Reading
Tip 07 Oct 2019

How to beef up S3 bucket security to prevent a breach

Security teams have plenty of tools at their disposal to help their organizations achieve and maintain S3 bucket security. Learn about the threats and best practices to stay safe. Continue Reading
Tip 06 Sep 2019

How to build and maintain a multi-cloud security strategy

When using multiple cloud service providers, it's critical to consider your enterprise's cloud scope and the specifics of each cloud service to maintain security. Continue Reading
Tip 05 Sep 2019

Why CASB tools are crucial to your cloud security

CASB tools have gained traction as cloud security becomes more important. Among other features, a cloud security access broker helps companies pinpoint shadow IT. Continue Reading
Tip 19 Aug 2019

How to conduct proper AWS vulnerability scanning in 3 steps

Cloud vulnerability management can be complicated. Learn how to perform AWS vulnerability scans under the shared responsibility model. Continue Reading
Feature 15 Aug 2019

Research shows cloud security vulnerabilities grow

Recent research shows the number of cloud security incidents are growing. Here are the biggest contributors to the complicated cloud threat landscape facing modern enterprises. Continue Reading
Tip 08 Aug 2019

4 necessary steps to evaluate public cloud security

The Capital One hack raised questions about public cloud security. Take these four steps to ensure your data is protected. Continue Reading
Answer 26 Jul 2019

What's the best way to approach multi-cloud security?

Multi-cloud security can be challenging, but new tools promise to ease some of the problems associated with managing resources across multiple CSPs. Continue Reading
Tip 18 Jul 2019

CASB market dynamics, from a customer perspective

The CASB market is changing. Learn how the fluctuating threat landscape has led to a use case evolution and operational changes for the CASB in the enterprise. Continue Reading
Guide 27 Jun 2019

Everything you need to know about multi-cloud security

Make multi-cloud security a reality in your organization with these tips and strategies from industry experts as you implement more cloud platforms. Continue Reading
Tip 26 Jun 2019

The CISO's guide to Kubernetes security and deployment

Container orchestration platform Kubernetes provides tools needed to deploy scalable applications with efficiency. Learn what steps CISOs must take to secure a Kubernetes environment. Continue Reading
Feature 21 Jun 2019

As cloud complexities increase, cybersecurity skills gap worsens

Concerns about the lack of security expertise persist, according to respondents in a new CSA survey of IT and security professionals on complexities within native cloud, hybrid and multi-cloud environments. Continue Reading
Guide 30 May 2019

How best to secure cloud computing in this critical era

Achieving cloud security today demands you continually update your strategy, policy, tactics and tools. This collection of expert advice helps keep your cloud defenses well-tuned. Continue Reading
Tip 15 May 2019

3 best practices for cloud security monitoring

Cloud security monitoring can be laborious to set up, but organizations can make it easier. Learn about three best practices for cloud security monitoring and the available tools. Continue Reading
Tip 13 May 2019

Why centralization in a multi-cloud security strategy is key

When moving to a multi-cloud infrastructure, there are a few strategies to keep in mind. Learn how centralization will limit the challenges of fragmented security access and monitor controls. Continue Reading
Feature 07 May 2019

The risks of multi-cloud security compared to single cloud

Single-cloud architecture poses some challenges, which has led to a new trend in adopting multi-cloud designs. Discover whether multi-cloud is right for your enterprise. Continue Reading
Opinion 01 May 2019

The top cloud security challenges are 'people problems'

Cloud security begins at home. Considering the human factor in cybersecurity is step one when it comes to addressing how to keep critical assets safe in the cloud. Continue Reading
Tip 26 Apr 2019

How infrastructure as code tools improve visibility

Visibility into cloud infrastructures and applications is important for data security. Learn how to maintain that visibility while using infrastructure as code tools. Continue Reading
Feature 24 Apr 2019

Words to go: Multi-cloud security strategy

For many enterprises, implementing multi-cloud security is complicated. Here's a breakdown of the must-know multi-cloud terms for organizations setting up this type of deployment. Continue Reading
Tip 22 Apr 2019

The security benefits of using infrastructure as code

Infrastructure as code bolsters security and ensures security best practices are built into software development. Learn more about the use of infrastructure-as-code models. Continue Reading
Tip 14 Mar 2019

Container security awareness, planning required as threats persist

As container security vulnerabilities continue to emerge, companies should plan ahead and have strategies ready to defend against looming segmentation failures. Continue Reading
Tip 30 Jan 2019

How to build a cloud security strategy after migration

Enterprises can face an array of issues when they migrate to the cloud. Learn about three of the main challenges and how to effectively create a cloud security strategy. Continue Reading
Tip 16 Jan 2019

How unsecured Firebase databases put critical data at risk

Unsecured Google Firebase databases are similar to misconfigured AWS S3 buckets, but there are key differences. Expert Rob Shapland discusses the risks of unsecured cloud databases. Continue Reading
Tip 09 Jan 2019

How to block public access for AWS S3 bucket security

AWS S3 buckets leaked millions of files, including sensitive data, by enabling public access. Learn how to block public access with expert David Shackleford. Continue Reading
Tip 26 Dec 2018

How to apply cloud security controls in the network

Implementing cloud security controls in the network requires a careful balance between protecting points of connectivity while still making it easy for users to access services. Continue Reading
Tip 28 Nov 2018

How Google's cloud data deletion process can influence security policies

Understanding the process behind Google's cloud data deletion can help influence stronger enterprise security policies. Expert Ed Moyle explains the process and how to use it. Continue Reading