Cloud security

The cloud offers improved efficiency, flexibility and scalability, but its benefits can be reversed if security isn't top of mind. Read cloud security best practices, including tips on data protection and IaaS, PaaS and SaaS security, as well as cloud-specific tools and services such as CASBs, CWPPs and CSPM.

Top Stories

Opinion 06 Dec 2023
How organizations can learn from cloud security breaches

Research shed light on cloud security breaches. It's time to learn from the past and mitigate these attacks in the future with strong cloud security and posture management. Continue Reading
Tip 28 Nov 2023
Hybrid cloud connectivity best practices and considerations

Private and public clouds stress networks in different ways and don't always play well together. Here's what to know to set up a cost-effective hybrid cloud network architecture. Continue Reading

Tip 11 Dec 2020

Tackle multi-cloud key management challenges with KMaaS

Cloud providers' tools for secrets management are not equipped to solve unique multi-cloud key management challenges. Learn how key management-as-a-service tools can fill the gaps. Continue Reading
Tip 09 Dec 2020

How cloud-based SIEM tools benefit SOC teams

It's time for SIEM to enter the cloud age. Learn about the cloud-based SIEM features that can help SOC teams gain a holistic view of their organization's cloud infrastructure. Continue Reading
Tip 03 Dec 2020

SASE model drives improved cloud and work-from-home security

Find out how the Secure Access Service Edge model provides increased work-from-home security and cloud access outside of the traditional enterprise data center access model. Continue Reading
Feature 30 Nov 2020

How to pass the AWS Certified Security - Specialty exam

Author of 'AWS Certified Security - Specialty Exam Guide' Stuart Scott shares insights on how to prepare for the exam and reap the professional benefits of certification. Continue Reading
Feature 30 Nov 2020

Practice AWS Certified Security - Specialty exam questions

Explore the security and compliance capabilities of the AWS Config service to prepare for the wide-ranging AWS Certified Security - Specialty certification exam. Continue Reading
Tip 22 Oct 2020

How to build a cloud security operations center

To better protect workloads and data in the cloud, security operations centers collaborate with various IT teams. Learn how to cloud-enable your organization's SOC. Continue Reading
Tip 24 Sep 2020

Prevent cloud account hijacking with 3 key strategies

The ability to identify the various methods of cloud account hijacking is key to prevention. Explore three ways to limit potential consequences of cloud credential compromise. Continue Reading
Feature 16 Sep 2020

An inside look at the CCSP cloud security cert

Get insights into the Certified Cloud Security Professional cert, cloud infrastructure and platform benefits and risks, and more from the author of a CCSP exam guide. Continue Reading
Quiz 16 Sep 2020

Test your cloud security smarts with these CCSP exam questions

Read up on cloud-based BCDR in this excerpt from Chapter 4 of 'CCSP Certified Cloud Security Professional All-in-One Guide,' then quiz yourself to see what you've learned. Continue Reading
Quiz 15 Sep 2020

Cloud computing security technology quiz

As companies migrate to the cloud to improve accessibility and scalability, there are many aspects of security to consider. Test your cloud security knowledge with this quiz. Continue Reading
Tip 10 Sep 2020

How cloud security posture management protects multi-cloud

Improve control plane security at your organization by integrating a cloud security posture management tool into your existing multi-cloud strategy. Continue Reading
Feature 17 Aug 2020

Hands-on guide to S3 bucket penetration testing

Attention AWS pen testers: The trick to understanding the indicators of AWS S3 bucket vulnerabilities is setting up an insecure bucket. Learn how in this actionable guide. Continue Reading
Quiz 29 Jul 2020

Cloud security quiz: Application security best practices

Think you know all there is to know about securing apps in the cloud? Test your grasp of cloud application security best practices with this quiz. Continue Reading
Feature 28 Jul 2020

The importance of security, data encryption for cloud

As more companies migrate to the cloud, they need to also invest in cybersecurity for their cloud computing, such as through better encryption and authentication tools. Continue Reading
Tip 27 Jul 2020

Cloud workload protection platform security benefits, features

VMs and cloud environments make the task of protecting workloads more difficult than ever. Can a cloud workload protection platform help your organization solve the problem? Continue Reading
Tip 20 Jul 2020

Follow 3 key steps to improve multi-cloud monitoring

Successful multi-cloud monitoring anticipates security vulnerabilities unique to operating across several environments. Follow these steps to improve multi-cloud security. Continue Reading
Feature 17 Jul 2020

How to address and close the cloud security readiness gap

Cloud security readiness remains a shortcoming for companies despite the majority using cloud services. Here are three steps they can take to close the cloud security gap. Continue Reading
Tip 09 Jul 2020

Enhance your cloud threat protection with 5 tools, and more

Explore the best tools and tactics; you'll need the most effective arsenal available to counteract the attackers gunning for your cloud-based workloads and apps. Continue Reading
Tip 29 Jun 2020

Privacy-preserving machine learning assuages infosec fears

Implementing privacy-preserving machine learning controls, such as federated learning and homomorphic encryption, can address top cloud security and privacy concerns. Learn how. Continue Reading
Tip 17 Jun 2020

Istio service mesh security benefits microservices, developers

Learn more about Istio service mesh security features and how the open source technology can enable developers to better run, control and secure a distributed microservices architecture. Continue Reading
Feature 20 May 2020

CCSK cert guide author's insights into cloud security credential

The author of a Certificate of Cloud Security Knowledge exam guide offers insights into certifications, top considerations for those pursuing the CCSK and more. Continue Reading
Tip 12 May 2020

Comparing single cloud vs. multi-cloud security challenges

A multi-cloud environment is not inherently more secure than a single cloud. Learn how to choose between single cloud vs. multi-cloud for your organization from a security perspective. Continue Reading
Feature 08 May 2020

Compare the top cloud-based IoT security platforms to protect devices

IoT security tools can protect widely used computing devices that pose cybersecurity risks in the current remote work era. Explore the leading cloud-based options here. Continue Reading
Answer 23 Apr 2020

The differences between web roles and worker roles in Azure

What sets web roles and worker roles apart in Microsoft's Azure Cloud Services? Here's a look at how they are different. Continue Reading
Tip 26 Feb 2020

Boost security with a multi-cloud workload placement process

IT must incorporate a multi-cloud workload placement process into its multi-cloud strategy in order to maintain or improve cloud security and cloud operations. Continue Reading
Tip 12 Feb 2020

Benefits of cloud data discovery tools and services multiply

With multi-cloud and privacy regulations becoming the new normal, infosec teams need data discovery tools and services to keep up. Learn more about available cloud options. Continue Reading
Tip 02 Jan 2020

3 steps to prepare IT operations for multi-cloud

Organizations must ready their IT operations for multi-cloud and the unique security challenges ahead. Equip your IT ops team with the right people and processes to adapt smoothly. Continue Reading
Tip 19 Dec 2019

Learn some key cloud workload protection best practices

Learn key practices to protect cloud workloads whether using VMs, endpoints or containers. And don't forget to consider the best means for building a fruitful feedback loop. Continue Reading
Feature 13 Nov 2019

Benefits of using Azure Security Center for security assessments

Author Yuri Diogenes discusses how Azure Security Center helps admins achieve full cloud visibility, conduct security assessments and prevent potential breaches. Continue Reading
Feature 12 Nov 2019

Use Azure Security Center to conduct a security posture assessment

In this excerpt from Chapter 4 of Microsoft Azure Security Center, the authors outline how to use the software to determine and improve your enterprise's cloud security posture. Continue Reading
Tip 28 Oct 2019

5 cloud storage privacy questions to ask potential providers

Data confidentiality in cloud computing is a major enterprise concern, yet providers are often lacking in their details. Here are the questions to ask before adopting a service. Continue Reading
Tip 22 Oct 2019

How to address cloud IAM challenges

Cloud services are major players in most companies now and can have a major impact on the management of access and identity governance. Learn how to handle cloud IAM challenges. Continue Reading
Tip 07 Oct 2019

How to beef up S3 bucket security to prevent a breach

Security teams have plenty of tools at their disposal to help their organizations achieve and maintain S3 bucket security. Learn about the threats and best practices to stay safe. Continue Reading
Tip 06 Sep 2019

How to build and maintain a multi-cloud security strategy

When using multiple cloud service providers, it's critical to consider your enterprise's cloud scope and the specifics of each cloud service to maintain security. Continue Reading
Tip 05 Sep 2019

Why CASB tools are crucial to your cloud security

CASB tools have gained traction as cloud security becomes more important. Among other features, a cloud security access broker helps companies pinpoint shadow IT. Continue Reading
Tip 19 Aug 2019

How to conduct proper AWS vulnerability scanning in 3 steps

Cloud vulnerability management can be complicated. Learn how to perform AWS vulnerability scans under the shared responsibility model. Continue Reading
Feature 15 Aug 2019

Research shows cloud security vulnerabilities grow

Recent research shows the number of cloud security incidents are growing. Here are the biggest contributors to the complicated cloud threat landscape facing modern enterprises. Continue Reading
Tip 08 Aug 2019

4 necessary steps to evaluate public cloud security

The Capital One hack raised questions about public cloud security. Take these four steps to ensure your data is protected. Continue Reading
Answer 26 Jul 2019

What's the best way to approach multi-cloud security?

Multi-cloud security can be challenging, but new tools promise to ease some of the problems associated with managing resources across multiple CSPs. Continue Reading
Tip 18 Jul 2019

CASB market dynamics, from a customer perspective

The CASB market is changing. Learn how the fluctuating threat landscape has led to a use case evolution and operational changes for the CASB in the enterprise. Continue Reading
Guide 27 Jun 2019

Everything you need to know about multi-cloud security

Make multi-cloud security a reality in your organization with these tips and strategies from industry experts as you implement more cloud platforms. Continue Reading
Tip 26 Jun 2019

The CISO's guide to Kubernetes security and deployment

Container orchestration platform Kubernetes provides tools needed to deploy scalable applications with efficiency. Learn what steps CISOs must take to secure a Kubernetes environment. Continue Reading
Feature 21 Jun 2019

As cloud complexities increase, cybersecurity skills gap worsens

Concerns about the lack of security expertise persist, according to respondents in a new CSA survey of IT and security professionals on complexities within native cloud, hybrid and multi-cloud environments. Continue Reading
Guide 30 May 2019

How best to secure cloud computing in this critical era

Achieving cloud security today demands you continually update your strategy, policy, tactics and tools. This collection of expert advice helps keep your cloud defenses well-tuned. Continue Reading
Tip 15 May 2019

3 best practices for cloud security monitoring

Cloud security monitoring can be laborious to set up, but organizations can make it easier. Learn about three best practices for cloud security monitoring and the available tools. Continue Reading
Tip 13 May 2019

Why centralization in a multi-cloud security strategy is key

When moving to a multi-cloud infrastructure, there are a few strategies to keep in mind. Learn how centralization will limit the challenges of fragmented security access and monitor controls. Continue Reading
Feature 07 May 2019

The risks of multi-cloud security compared to single cloud

Single-cloud architecture poses some challenges, which has led to a new trend in adopting multi-cloud designs. Discover whether multi-cloud is right for your enterprise. Continue Reading
Opinion 01 May 2019

The top cloud security challenges are 'people problems'

Cloud security begins at home. Considering the human factor in cybersecurity is step one when it comes to addressing how to keep critical assets safe in the cloud. Continue Reading
Tip 26 Apr 2019

How infrastructure as code tools improve visibility

Visibility into cloud infrastructures and applications is important for data security. Learn how to maintain that visibility while using infrastructure as code tools. Continue Reading
Feature 24 Apr 2019

Words to go: Multi-cloud security strategy

For many enterprises, implementing multi-cloud security is complicated. Here's a breakdown of the must-know multi-cloud terms for organizations setting up this type of deployment. Continue Reading
Tip 22 Apr 2019

The security benefits of using infrastructure as code

Infrastructure as code bolsters security and ensures security best practices are built into software development. Learn more about the use of infrastructure-as-code models. Continue Reading
Tip 14 Mar 2019

Container security awareness, planning required as threats persist

As container security vulnerabilities continue to emerge, companies should plan ahead and have strategies ready to defend against looming segmentation failures. Continue Reading
Tip 30 Jan 2019

How to build a cloud security strategy after migration

Enterprises can face an array of issues when they migrate to the cloud. Learn about three of the main challenges and how to effectively create a cloud security strategy. Continue Reading
Tip 16 Jan 2019

How unsecured Firebase databases put critical data at risk

Unsecured Google Firebase databases are similar to misconfigured AWS S3 buckets, but there are key differences. Expert Rob Shapland discusses the risks of unsecured cloud databases. Continue Reading
Tip 09 Jan 2019

How to block public access for AWS S3 bucket security

AWS S3 buckets leaked millions of files, including sensitive data, by enabling public access. Learn how to block public access with expert David Shackleford. Continue Reading
Tip 26 Dec 2018

How to apply cloud security controls in the network

Implementing cloud security controls in the network requires a careful balance between protecting points of connectivity while still making it easy for users to access services. Continue Reading
Tip 28 Nov 2018

How Google's cloud data deletion process can influence security policies

Understanding the process behind Google's cloud data deletion can help influence stronger enterprise security policies. Expert Ed Moyle explains the process and how to use it. Continue Reading
Tip 14 Nov 2018

How the Microsoft Authenticator app integrates with Azure AD

Microsoft expanded the Microsoft Authenticator app to integrate with tens of thousands of Azure AD apps. Expert Dave Shackleford explains how this tool is improving security. Continue Reading
Tip 03 Oct 2018

How to collect open source threat intelligence in the cloud

Threat intelligence analysis can be challenging and expensive for enterprises. Expert Frank Siemons explains how open source threat intelligence can simplify the process. Continue Reading
Quiz 26 Sep 2018

How do cloud deployment models affect IT operations?

Security plays a vital role in cloud operations. Test your knowledge of important concepts covered in Domain 5 of the CCSP exam, “Operations,” with this practice quiz. Continue Reading
Tip 22 Aug 2018

Why container orchestration platforms risk data exposure

Container orchestration platforms expose interfaces and create the risk of data exposure and unauthorized access. Expert Dave Shackleford explains why these risks exist in enterprises. Continue Reading
Tip 08 Aug 2018

How online malware collection aids threat intelligence

Threat intelligence can facilitate cloud-based malware collection, which has value for enterprise cybersecurity. Expert Frank Siemons discusses collecting and analyzing malware. Continue Reading
Tip 18 Jul 2018

The risks of container image repositories compared to GitHub

As container use rises, so does the use of container image repositories. Expert Dave Shackleford discusses the risks associated with them and how they compare to other registries. Continue Reading
Tip 29 Jun 2018

How to use Packetbeat to monitor Docker container traffic

Docker containers can help secure cloud applications, but malicious traffic can still move to and from those containers on a network. Dejan Lukan explains how to use Packetbeat to monitor such threats. Continue Reading
Tip 20 Jun 2018

How to secure cloud buckets for safer storage

Cloud buckets that enterprises use for storage can provide security benefits, but they also come with some risks. Expert Frank Siemons discusses the risks and how to mitigate them. Continue Reading
Tip 30 May 2018

Cloud endpoint security: Balance the risks with the rewards

While cloud endpoint security products, such as antivirus software, provide users with many benefits, the cloud connection also introduces risks. Expert Frank Siemons explains. Continue Reading
Quiz 29 May 2018

Reviewing cloud data protection measures: CCSP Domain 2

This practice quiz will assess your understanding of key concepts in Domain 2 of the CCSP exam. This part of the test covers cloud data security strategies, technologies and more. Continue Reading
Tip 09 May 2018

How a cloud backdoor poses a threat to the enterprise

Cloud backdoors pose a rising threat to enterprises, according to new research. Expert Ed Moyle explains what a cloud backdoor is and what mitigation options are available. Continue Reading
Quiz 30 Apr 2018

CCSP Practice Exam and Study Guides

Studying for, obtaining and maintaining your CCSP® certification has now become more convenient with SearchCloudSecurity.com. Continue Reading
Feature 03 Apr 2018

AWS S3 bucket security falls short at high-profile companies

Everyone is putting their data in the cloud, from IT staff to department heads. With functionality galore, basic security measures too often go unchecked. Continue Reading
Tip 07 Mar 2018

What the Azure AD Connect vulnerability can teach enterprises

Enterprises should learn from a Microsoft Azure AD Connect vulnerability that security requires a hands-on approach. Expert Rob Shapland takes a closer look at the permissions flaw. Continue Reading
Answer 27 Feb 2018

How does the Amazon GuardDuty threat detection service work?

At the 2017 re:Invent conference, Amazon announced their latest threat detection product: Amazon GuardDuty. Learn how this service works and what sets it apart from other products. Continue Reading
Blog Post 30 Nov 2017

The CASB market is (nearly) gone but not forgotten

A series of acquisitions have drastically reduced the number of stand-alone cloud access security brokers and reshaped the CASB market for years to come. Continue Reading
Tip 20 Sep 2017

How attackers can intercept iCloud Keychain data

A verification flaw in the synchronization service of iCloud Keychain enables attackers to intercept the data it transfers. Expert Frank Siemons explains what to do about it. Continue Reading
Answer 31 Mar 2017

Google Cloud KMS: What are the security benefits?

Google Cloud KMS is a new encryption key management service available for Google customers. Expert Matthew Pascucci discusses how this service works and its security benefits. Continue Reading
Tip 21 Dec 2016

VM isolation technique considerations for enterprises

VM isolation techniques are good strategies to prevent infections from spreading to the entire cloud environment. Ed Moyle explains what enterprises need to know about isolation. Continue Reading
Tip 09 Feb 2016

Breaking down the risks of VM escapes

The Xen hypervisor flaw highlighted the risks of VM escapes, but expert Ed Moyle explains why the flaw should serve as a warning for virtual containers as well. Continue Reading
Answer 13 Aug 2015

Our AWS encryption keys were exposed accidentally -- now what?

Exposing encryption keys is never a good thing, but knowing the steps to take after such an incident can help limit damage to an enterprise. Expert Dan Sullivan explains. Continue Reading
Tip 31 May 2013

Amazon S3 encryption overview: How to secure data in the Amazon cloud

Learn details for employing Amazon S3 encryption features. Expert Dave Shackleford compares S3 encryption to other cloud provider offerings. Continue Reading