Cloud security
The cloud offers improved efficiency, flexibility and scalability, but its benefits can be reversed if security isn't top of mind. Read cloud security best practices, including tips on data protection and IaaS, PaaS and SaaS security, as well as cloud-specific tools and services such as CASBs, CWPPs and CSPM.
Top Stories
-
News
01 Jun 2023
Mitiga warns free Google Drive license lacks logging visibility
The ability to view logs is critical for enterprises to detect and attribute malicious activity. Mitiga said the Google Drive issue allows data exfiltration without a trace. Continue Reading
-
Tip
25 May 2023
Prepare for the Azure Security Engineer Associate certification
Are you ready to boost your resume or further your cloud career path? Review this preparation guide to get ready for Exam AZ-500 to become Microsoft certified. Continue Reading
-
Tip
08 Mar 2022
Explaining the differences between SASE vs. SSE
Most security professionals are familiar with Secure Access Service Edge, but now there's a new tool for administrators to consider: security service edge. Continue Reading
-
News
08 Mar 2022
Google to acquire Mandiant for $5.4B
Google's acquisition announcement came less than a year after Mandiant and FireEye split. FireEye was sold to Symphony Technology Group last fall for $1.2 billion. Continue Reading
-
Answer
24 Feb 2022
CASB vs. SASE: What's the difference?
A cloud access security broker works within a Secure Access Service Edge architecture. Find out how CASB and SASE work together to improve network security. Continue Reading
-
Tip
23 Feb 2022
Crosswalk cloud compliance to ensure consistency
Combining a risk management framework with security policies can be tricky, but crosswalking -- especially in the cloud -- can help address inconsistencies and maintain compliance. Continue Reading
-
News
17 Feb 2022
Snyk enters cloud security market with Fugue acquisition
Analysts say the acquisition of Fugue will give Snyk an opportunity to build a presence in the cloud security market and strengthen its infrastructure-as-code capabilities. Continue Reading
-
News
01 Feb 2022
Cato Networks adds CASB to growing SASE portfolio
Cato Networks has added CASB app visibility and enforcement capabilities to its growing SASE portfolio, and plans to add data loss prevention in the coming months. Continue Reading
-
Opinion
31 Jan 2022
IaC security options help reduce software development risk
The use of infrastructure as code is increasing among developers, but security teams can take advantage of a growing number of tools to make sure IaC doesn't increase risk. Continue Reading
-
Feature
31 Jan 2022
Include defensive security in your cybersecurity strategy
Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
-
Tip
21 Jan 2022
Top cloud security standards and frameworks to consider
Cloud security standards and frameworks are key to securing systems and maintaining privacy. Read up on available options and advice for selecting the best for your organization. Continue Reading
-
Tip
20 Jan 2022
Introduction to automated penetration testing
Automated penetration testing, which speeds up the process for companies and vendors, is maturing. Is it ready to close the time gap between vulnerability discovery and mitigation? Continue Reading
-
Tip
18 Jan 2022
Cloud-native security architecture principles and controls
Building a sound cloud security framework is challenging, and it's even more so when implementing a cloud-native architecture. Here are steps you can take to make the job easier. Continue Reading
-
News
12 Jan 2022
New RAT campaign abusing AWS, Azure cloud services
Cisco Talos discovered threat actors taking advantage of public cloud services to spread remote administration tools such as NanoCore, NetWire and AsyncRAT. Continue Reading
-
Feature
29 Dec 2021
Editor's picks: Top cybersecurity articles of 2021
As we call it a wrap on 2021, SearchSecurity looks at the top articles from the last 12 months and their sweeping trends, including ransomware, career planning and more. Continue Reading
-
Tip
16 Dec 2021
Top 4 cloud misconfigurations and best practices to avoid them
Cloud security means keeping a close eye on how cloud resources and assets are configured. Some simple steps can keep you safe from hackers and other malicious activities. Continue Reading
-
Tip
14 Dec 2021
4 API authentication methods to better protect data in transit
The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
-
Opinion
09 Dec 2021
Cloud application developers need built-in security
Enterprises plan to increase cloud application security spending in 2022. Find out how security vendors and cloud application developers can meet their needs. Continue Reading
-
News
07 Dec 2021
USB-over-Ethernet bugs put cloud services at risk
SentinelOne says vulnerabilities in the Eltima SDK, which connects USB devices on virtual workstations, can put enterprises at risk of privilege escalation attacks. Continue Reading
-
News
06 Dec 2021
One year later, SolarWinds hackers targeting cloud providers
The hacking crew accused of breaking into SolarWinds a year ago is back at it and is trying to get to their targets through attacks on the networks of cloud computing providers. Continue Reading
-
Tip
06 Dec 2021
How to get started with attack surface reduction
Attack surface reduction and management are vital to any security team's toolbox. Learn what ASR is and how it complements existing vulnerability management products. Continue Reading
-
News
01 Dec 2021
Dell extends Cyber Recovery ransomware protection to AWS
Dell EMC's PowerProtect Cyber Recovery launched in AWS Marketplace, providing customers with a way to isolate their data in AWS-based storage instead of on premises. Continue Reading
-
News
01 Dec 2021
CISA taps CrowdStrike for endpoint security
The U.S. government's cybersecurity authority will be watched over by security vendor CrowdStrike as part of the larger government IT security overhaul. Continue Reading
-
News
22 Nov 2021
GoDaddy discloses breach of 1.2M customer account details
Web hosting provider GoDaddy said an attacker broke into its Managed WordPress service and accessed the account details and SSL keys of 1.2 million customers. Continue Reading
-
News
11 Nov 2021
Aruba Central breach exposed customer data
HPE-owned Aruba Networks said one of its cloud databases was accessed by hackers who were able to make off with location and telemetry data for its customers' Wi-Fi gear. Continue Reading
-
Tip
09 Nov 2021
How to overcome 3 multi-tenancy security issues
Explore three major multi-tenancy security challenges and how to fix them, including lack of visibility, privilege overallocation and poor data security management. Continue Reading
-
News
02 Nov 2021
Why cloud bugs don't get CVEs, and why it's an issue
Lack of public disclosures for cloud bugs can allow vendors to sit on vulnerability reports and can prevent researchers from getting acknowledgement and payouts. Continue Reading
-
Tip
13 Sep 2021
All about cloud-native application protection platforms
The cloud-native application protection platform, or CNAPP, is the latest in a slew of cloud security acronyms. Learn what it is and why the concept should stick around. Continue Reading
-
Guest Post
23 Aug 2021
Why zero-trust models should replace legacy VPNs
Many organizations use legacy VPNs to secure their networks, especially in the work-from-home era. Expert Pranav Kumar explains why zero-trust models are a safer option. Continue Reading
-
Tip
23 Jul 2021
Risk-based vulnerability management tools in the cloud
As enterprises increasingly rely on cloud services, a risk-based vulnerability management approach can provide the best protection against cybersecurity threats. Continue Reading
-
Tip
21 Jul 2021
Automate app security with SaaS security posture management
Keeping track of cloud application security settings and configurations businesswide is no easy task. Automate this cumbersome task with SSPM. Continue Reading
-
Guest Post
16 Jul 2021
4 healthcare risk management tips for secure cloud migration
From improving the security posture and updating threat modeling to securing cloud data, learn about four risk management tips for healthcare organizations migrating to cloud. Continue Reading
-
Guest Post
24 May 2021
Embrace speed and security for your cloud security strategy
As companies solidify their cloud security strategies, they need to ensure that they're considering where they're at now, governance needed and metrics to follow. Continue Reading
-
Tip
22 Apr 2021
How cloud monitoring dashboards improve security operations
Cloud monitoring dashboards can help security teams achieve visibility in complex, sprawling environments. Learn about cloud-native, third-party and open source deployment options. Continue Reading
-
Tip
16 Mar 2021
Implement Kubernetes for multi-cloud architecture security
Uncover how orchestration tools benefit multi-cloud environments, and get help selecting the right deployment model for Kubernetes in multi-cloud architectures. Continue Reading
-
Guest Post
26 Feb 2021
Dispelling 4 of the top cloud security myths today
Booz Allen's Jimmy Pham and Brad Beaulieu dispel four major cloud security myths, exploring why staying in the cloud rather than returning to on premises may be the more secure option. Continue Reading
-
Feature
24 Feb 2021
Guide to cloud security management and best practices
This cloud security guide explains the challenges facing enterprises today, best practices for securing and managing SaaS, IaaS and PaaS, and comparisons of cloud-native security tools. Continue Reading
-
Guest Post
19 Feb 2021
What is CIEM and why should CISOs care?
Cloud infrastructure entitlement management offers companies an edge in the cloud permissions gap challenge. Mahendra Ramsinghani explains how CIEM differs from SIEM. Continue Reading
-
Feature
03 Feb 2021
Cloud security policy configuration in AWS, Azure and GCP
Explore cloud security policy configurations in AWS, Azure and GCP using native security tools in this excerpt of 'Multi-Cloud Architecture and Governance' by Jeroen Mulder. Continue Reading
-
Feature
03 Feb 2021
Secure multi-cloud with architecture and governance focus
Certified enterprise and security architect Jeroen Mulder explains why multi-cloud security architecture planning should be informed by the business and customer perspectives. Continue Reading
-
Tip
01 Feb 2021
5 tips to better secure cloud data
A move to cloud introduces new threats to data. Follow these tips to document, evaluate, test, monitor and harden the new environment. Continue Reading
-
Tip
29 Jan 2021
4 steps toward cloud security automation
Automating security in the cloud can be invaluable for threat detection and mitigation. Explore the four key areas where security professionals should implement automation. Continue Reading
-
Tip
28 Jan 2021
5-step IaaS security checklist for cloud customers
Get expert advice on patching, data encryption, and identity and access management responsibilities in this enterprise IaaS security checklist. Continue Reading
-
Tip
22 Jan 2021
Private vs. public cloud security: Benefits and drawbacks
Uncover the differences between private vs. public cloud security -- as well as hybrid cloud security -- before deciding on an enterprise deployment model. Continue Reading
-
Tip
22 Jan 2021
How to create a cloud security policy, step by step
Read up on the components of a cloud security policy, what policies cover and why your organization needs them, and download a handy template to get the process started. Continue Reading
-
Feature
05 Jan 2021
Juggle a multi-cloud security strategy with these 3 steps
Enterprise security best practices must account for changes in cloud landscapes. Learn how to overcome such challenges and bolster multi-cloud security with technology and policy. Continue Reading
-
Tip
11 Dec 2020
Tackle multi-cloud key management challenges with KMaaS
Cloud providers' tools for secrets management are not equipped to solve unique multi-cloud key management challenges. Learn how key management-as-a-service tools can fill the gaps. Continue Reading
-
Tip
09 Dec 2020
How cloud-based SIEM tools benefit SOC teams
It's time for SIEM to enter the cloud age. Learn about the cloud-based SIEM features that can help SOC teams gain a holistic view of their organization's cloud infrastructure. Continue Reading
-
Tip
03 Dec 2020
SASE model drives improved cloud and work-from-home security
Find out how the Secure Access Service Edge model provides increased work-from-home security and cloud access outside of the traditional enterprise data center access model. Continue Reading
-
Feature
30 Nov 2020
How to pass the AWS Certified Security - Specialty exam
Author of 'AWS Certified Security - Specialty Exam Guide' Stuart Scott shares insights on how to prepare for the exam and reap the professional benefits of certification. Continue Reading
-
Feature
30 Nov 2020
Practice AWS Certified Security - Specialty exam questions
Explore the security and compliance capabilities of the AWS Config service to prepare for the wide-ranging AWS Certified Security - Specialty certification exam. Continue Reading
-
Tip
22 Oct 2020
How to build a cloud security operations center
To better protect workloads and data in the cloud, security operations centers collaborate with various IT teams. Learn how to cloud-enable your organization's SOC. Continue Reading
-
Tip
24 Sep 2020
Prevent cloud account hijacking with 3 key strategies
The ability to identify the various methods of cloud account hijacking is key to prevention. Explore three ways to limit potential consequences of cloud credential compromise. Continue Reading
-
Feature
16 Sep 2020
An inside look at the CCSP cloud security cert
Get insights into the Certified Cloud Security Professional cert, cloud infrastructure and platform benefits and risks, and more from the author of a CCSP exam guide. Continue Reading
-
Quiz
16 Sep 2020
Test your cloud security smarts with these CCSP exam questions
Read up on cloud-based BCDR in this excerpt from Chapter 4 of 'CCSP Certified Cloud Security Professional All-in-One Guide,' then quiz yourself to see what you've learned. Continue Reading
-
Quiz
15 Sep 2020
Cloud computing security technology quiz
As companies migrate to the cloud to improve accessibility and scalability, there are many aspects of security to consider. Test your cloud security knowledge with this quiz. Continue Reading
-
Tip
10 Sep 2020
How cloud security posture management protects multi-cloud
Improve control plane security at your organization by integrating a cloud security posture management tool into your existing multi-cloud strategy. Continue Reading
-
Feature
17 Aug 2020
Hands-on guide to S3 bucket penetration testing
Attention AWS pen testers: The trick to understanding the indicators of AWS S3 bucket vulnerabilities is setting up an insecure bucket. Learn how in this actionable guide. Continue Reading
-
Quiz
29 Jul 2020
Cloud security quiz: Application security best practices
Think you know all there is to know about securing apps in the cloud? Test your grasp of cloud application security best practices with this quiz. Continue Reading
-
Feature
28 Jul 2020
The importance of security, data encryption for cloud
As more companies migrate to the cloud, they need to also invest in cybersecurity for their cloud computing, such as through better encryption and authentication tools. Continue Reading
-
Tip
27 Jul 2020
Cloud workload protection platform security benefits, features
VMs and cloud environments make the task of protecting workloads more difficult than ever. Can a cloud workload protection platform help your organization solve the problem? Continue Reading
-
Tip
20 Jul 2020
Follow 3 key steps to improve multi-cloud monitoring
Successful multi-cloud monitoring anticipates security vulnerabilities unique to operating across several environments. Follow these steps to improve multi-cloud security. Continue Reading
-
Feature
17 Jul 2020
How to address and close the cloud security readiness gap
Cloud security readiness remains a shortcoming for companies despite the majority using cloud services. Here are three steps they can take to close the cloud security gap. Continue Reading
-
Tip
09 Jul 2020
Enhance your cloud threat protection with 5 tools, and more
Explore the best tools and tactics; you'll need the most effective arsenal available to counteract the attackers gunning for your cloud-based workloads and apps. Continue Reading
-
Tip
29 Jun 2020
Privacy-preserving machine learning assuages infosec fears
Implementing privacy-preserving machine learning controls, such as federated learning and homomorphic encryption, can address top cloud security and privacy concerns. Learn how. Continue Reading
-
Tip
17 Jun 2020
Istio service mesh security benefits microservices, developers
Learn more about Istio service mesh security features and how the open source technology can enable developers to better run, control and secure a distributed microservices architecture. Continue Reading
-
Feature
20 May 2020
CCSK cert guide author's insights into cloud security credential
The author of a Certificate of Cloud Security Knowledge exam guide offers insights into certifications, top considerations for those pursuing the CCSK and more. Continue Reading
-
Tip
12 May 2020
Comparing single cloud vs. multi-cloud security challenges
A multi-cloud environment is not inherently more secure than a single cloud. Learn how to choose between single cloud vs. multi-cloud for your organization from a security perspective. Continue Reading
-
Feature
08 May 2020
Compare the top cloud-based IoT security platforms to protect devices
IoT security tools can protect widely used computing devices that pose cybersecurity risks in the current remote work era. Explore the leading cloud-based options here. Continue Reading
-
Answer
23 Apr 2020
The differences between web roles and worker roles in Azure
What sets web roles and worker roles apart in Microsoft's Azure Cloud Services? Here's a look at how they are different. Continue Reading
-
Tip
26 Feb 2020
Boost security with a multi-cloud workload placement process
IT must incorporate a multi-cloud workload placement process into its multi-cloud strategy in order to maintain or improve cloud security and cloud operations. Continue Reading
-
Tip
12 Feb 2020
Benefits of cloud data discovery tools and services multiply
With multi-cloud and privacy regulations becoming the new normal, infosec teams need data discovery tools and services to keep up. Learn more about available cloud options. Continue Reading
-
Tip
02 Jan 2020
3 steps to prepare IT operations for multi-cloud
Organizations must ready their IT operations for multi-cloud and the unique security challenges ahead. Equip your IT ops team with the right people and processes to adapt smoothly. Continue Reading
-
Tip
19 Dec 2019
Learn some key cloud workload protection best practices
Learn key practices to protect cloud workloads whether using VMs, endpoints or containers. And don't forget to consider the best means for building a fruitful feedback loop. Continue Reading
-
Feature
13 Nov 2019
Benefits of using Azure Security Center for security assessments
Author Yuri Diogenes discusses how Azure Security Center helps admins achieve full cloud visibility, conduct security assessments and prevent potential breaches. Continue Reading
-
Feature
12 Nov 2019
Use Azure Security Center to conduct a security posture assessment
In this excerpt from Chapter 4 of Microsoft Azure Security Center, the authors outline how to use the software to determine and improve your enterprise's cloud security posture. Continue Reading
-
Tip
28 Oct 2019
5 cloud storage privacy questions to ask potential providers
Data confidentiality in cloud computing is a major enterprise concern, yet providers are often lacking in their details. Here are the questions to ask before adopting a service. Continue Reading
-
Tip
07 Oct 2019
How to beef up S3 bucket security to prevent a breach
Security teams have plenty of tools at their disposal to help their organizations achieve and maintain S3 bucket security. Learn about the threats and best practices to stay safe. Continue Reading
-
Tip
06 Sep 2019
How to build and maintain a multi-cloud security strategy
When using multiple cloud service providers, it's critical to consider your enterprise's cloud scope and the specifics of each cloud service to maintain security. Continue Reading
-
Tip
05 Sep 2019
Why CASB tools are crucial to your cloud security
CASB tools have gained traction as cloud security becomes more important. Among other features, a cloud security access broker helps companies pinpoint shadow IT. Continue Reading
-
Tip
19 Aug 2019
How to conduct proper AWS vulnerability scanning in 3 steps
Cloud vulnerability management can be complicated. Learn how to perform AWS vulnerability scans under the shared responsibility model. Continue Reading
-
Feature
15 Aug 2019
Research shows cloud security vulnerabilities grow
Recent research shows the number of cloud security incidents are growing. Here are the biggest contributors to the complicated cloud threat landscape facing modern enterprises. Continue Reading
-
Tip
08 Aug 2019
4 necessary steps to evaluate public cloud security
The Capital One hack raised questions about public cloud security. Take these four steps to ensure your data is protected. Continue Reading
-
Answer
26 Jul 2019
What's the best way to approach multi-cloud security?
Multi-cloud security can be challenging, but new tools promise to ease some of the problems associated with managing resources across multiple CSPs. Continue Reading
-
Tip
18 Jul 2019
CASB market dynamics, from a customer perspective
The CASB market is changing. Learn how the fluctuating threat landscape has led to a use case evolution and operational changes for the CASB in the enterprise. Continue Reading
-
Guide
27 Jun 2019
Everything you need to know about multi-cloud security
Make multi-cloud security a reality in your organization with these tips and strategies from industry experts as you implement more cloud platforms. Continue Reading
-
Tip
26 Jun 2019
The CISO's guide to Kubernetes security and deployment
Container orchestration platform Kubernetes provides tools needed to deploy scalable applications with efficiency. Learn what steps CISOs must take to secure a Kubernetes environment. Continue Reading
-
Feature
21 Jun 2019
As cloud complexities increase, cybersecurity skills gap worsens
Concerns about the lack of security expertise persist, according to respondents in a new CSA survey of IT and security professionals on complexities within native cloud, hybrid and multi-cloud environments. Continue Reading
-
Guide
30 May 2019
How best to secure cloud computing in this critical era
Achieving cloud security today demands you continually update your strategy, policy, tactics and tools. This collection of expert advice helps keep your cloud defenses well-tuned. Continue Reading
-
Tip
15 May 2019
3 best practices for cloud security monitoring
Cloud security monitoring can be laborious to set up, but organizations can make it easier. Learn about three best practices for cloud security monitoring and the available tools. Continue Reading
-
Tip
13 May 2019
Why centralization in a multi-cloud security strategy is key
When moving to a multi-cloud infrastructure, there are a few strategies to keep in mind. Learn how centralization will limit the challenges of fragmented security access and monitor controls. Continue Reading
-
Feature
07 May 2019
The risks of multi-cloud security compared to single cloud
Single-cloud architecture poses some challenges, which has led to a new trend in adopting multi-cloud designs. Discover whether multi-cloud is right for your enterprise. Continue Reading
-
Opinion
01 May 2019
The top cloud security challenges are 'people problems'
Cloud security begins at home. Considering the human factor in cybersecurity is step one when it comes to addressing how to keep critical assets safe in the cloud. Continue Reading
-
Tip
26 Apr 2019
How infrastructure as code tools improve visibility
Visibility into cloud infrastructures and applications is important for data security. Learn how to maintain that visibility while using infrastructure as code tools. Continue Reading
-
Feature
24 Apr 2019
Words to go: Multi-cloud security strategy
For many enterprises, implementing multi-cloud security is complicated. Here's a breakdown of the must-know multi-cloud terms for organizations setting up this type of deployment. Continue Reading
-
Tip
22 Apr 2019
The security benefits of using infrastructure as code
Infrastructure as code bolsters security and ensures security best practices are built into software development. Learn more about the use of infrastructure-as-code models. Continue Reading
-
Tip
14 Mar 2019
Container security awareness, planning required as threats persist
As container security vulnerabilities continue to emerge, companies should plan ahead and have strategies ready to defend against looming segmentation failures. Continue Reading
-
Tip
30 Jan 2019
How to build a cloud security strategy after migration
Enterprises can face an array of issues when they migrate to the cloud. Learn about three of the main challenges and how to effectively create a cloud security strategy. Continue Reading
-
Tip
16 Jan 2019
How unsecured Firebase databases put critical data at risk
Unsecured Google Firebase databases are similar to misconfigured AWS S3 buckets, but there are key differences. Expert Rob Shapland discusses the risks of unsecured cloud databases. Continue Reading
-
Tip
09 Jan 2019
How to block public access for AWS S3 bucket security
AWS S3 buckets leaked millions of files, including sensitive data, by enabling public access. Learn how to block public access with expert David Shackleford. Continue Reading
-
Tip
26 Dec 2018
How to apply cloud security controls in the network
Implementing cloud security controls in the network requires a careful balance between protecting points of connectivity while still making it easy for users to access services. Continue Reading
-
Tip
28 Nov 2018
How Google's cloud data deletion process can influence security policies
Understanding the process behind Google's cloud data deletion can help influence stronger enterprise security policies. Expert Ed Moyle explains the process and how to use it. Continue Reading