Cloud security
The cloud offers improved efficiency, flexibility and scalability, but its benefits can be reversed if security isn't top of mind. Read cloud security best practices, including tips on data protection and IaaS, PaaS and SaaS security, as well as cloud-specific tools and services such as CASBs, CWPPs and CSPM.
Top Stories
-
Tip
22 Jul 2024
8 cloud detection and response use cases
Unsure whether cloud detection and response is useful for your organization? These eight use cases could make CDR indispensable. Continue Reading
-
Tip
22 Jul 2024
Cloud detection and response: CDR vs. EDR vs. NDR vs. XDR
Cloud detection and response is the latest detection and response tool. Explore how it differs from endpoint, network and extended detection and response tools. Continue Reading
-
Tip
24 Aug 2022
5 key questions to evaluate cloud detection and response
Consider these five questions before deciding to invest in a specialized cloud detection and response product. Continue Reading
-
Definition
24 Aug 2022
homomorphic encryption
Homomorphic encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form. Continue Reading
-
News
17 Aug 2022
CISA: Threat actors exploiting multiple Zimbra flaws
Cybersecurity vendor Volexity found earlier this month that one flaw, CVE-2022-27925, had compromised more than 1,000 Zimbra Collaboration Suite instances. Continue Reading
-
Feature
11 Aug 2022
What is data security? The ultimate guide
Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
-
News
10 Aug 2022
Ermetic addresses IAM weaknesses in multi-cloud environments
Researchers at the cloud security vendor discussed the importance of understanding the different identity and access management features among the major cloud providers. Continue Reading
-
News
04 Aug 2022
Amazon CSO Steve Schmidt talks prescriptive security for AWS
In part two of this Q&A, Amazon CSO Steve Schmidt discusses why AWS has taken a more prescriptive approach to customer security and how it influences areas like incident response. Continue Reading
-
News
03 Aug 2022
Amazon CSO Steve Schmidt preaches fungible resources, MFA
In a Q&A with SearchSecurity, Amazon CSO Steve Schmidt discusses his time as head of AWS security and shifts the cloud provider made to improve its posture, as well as customers'. Continue Reading
-
News
02 Aug 2022
New Microsoft tools aim to protect expanding attack surface
New security concerns have arisen around initial attack vectors and visibility into a broader attack surface as companies have moved to the cloud, according to Microsoft. Continue Reading
-
News
28 Jul 2022
AWS adds Kubernetes security tie-ins amid SecOps tool sprawl
Amazon Detective pulls Kubernetes security data into a broader threat detection and CSPM context as IT pros at large orgs seek integrated multi-cloud security workflows. Continue Reading
-
News
28 Jul 2022
AWS adds anti-malware and PII visibility to storage
New tools unveiled by AWS at re:Inforce 2022 add new anti-malware capabilities to AWS block storage and a way to find personally identifiable information with S3 object storage. Continue Reading
-
News
26 Jul 2022
AWS issues MFA call to action at re:Inforce 2022
To reduce growing attack surfaces in the cloud, AWS executives emphasized the importance of implementing MFA to protect accounts and blocking public access to cloud resources. Continue Reading
-
News
26 Jul 2022
CrowdStrike launches cloud threat hunting service
Launched at AWS re:Inforce 2022, CrowdStrike's Falcon OverWatch Cloud Threat Hunting is a standalone threat hunting service built to stop advanced threats from within the cloud. Continue Reading
-
Definition
20 Jul 2022
data compliance
Data compliance is a process that identifies the applicable governance for data protection, security, storage and other activities and establishes policies, procedures and protocols ensuring data is fully protected from unauthorized access and use, malware and other cybersecurity threats. Continue Reading
-
News
19 Jul 2022
Calamu Protect defends data through sharding, encryption
Calamu Protect 1.2 expands data protection capabilities for its data harbor through multi-tenancy features and support for protecting Microsoft 365 data. Continue Reading
-
Tip
18 Jul 2022
Key factors to achieve data security in cloud computing
Enterprises face a variety of data security concerns when deploying assets to the cloud. But there are some guidelines you can follow to make sure your assets are protected. Continue Reading
-
Tip
14 Jul 2022
3 steps for getting started with security service edge
Before getting started with security service edge (SSE), formulate a migration strategy. Check out these three expert tips for tackling SSE with maximum efficiency and ease. Continue Reading
-
Tip
14 Jul 2022
SecOps vs. CloudSecOps: What does a CloudSecOps team do?
Now, more than ever, organizations need to build controls, monitor and enact security response activities for the cloud. This is where the CloudSecOps team comes into play. Continue Reading
-
Tip
28 Jun 2022
Do you meet all the modern authentication requirements?
Microsoft's push to a more secure method for user authentication and authorization could catch some enterprises flat-footed if IT hasn't done its homework. Continue Reading
-
News
28 Jun 2022
Wiz launches open database to track cloud vulnerabilities
Wiz researchers Alon Schindel and Amitai Cohen and Scott Piper, cloud security engineer at Block, launched a database to list all known cloud vulnerabilities and security issues. Continue Reading
-
Tutorial
27 Jun 2022
How to set up Exchange Online modern authentication
Microsoft plans to tighten up security on its hosted email platform to prevent attackers from gaining access to user credentials. Is your organization ready? Continue Reading
-
News
24 Jun 2022
Researchers criticize Oracle's vulnerability disclosure process
While the critical flaws were reported in April, it took the vendor nearly half a year to issue patches, exceeding the standard responsible coordinated disclosure policy. Continue Reading
-
News
20 Jun 2022
Paige Thompson found guilty in 2019 Capital One data breach
The former Amazon engineer who hacked AWS and gained access to sensitive data belonging to Capital One customers has been convicted. Continue Reading
-
Opinion
16 Jun 2022
Top cloud security takeaways from RSA 2022
Key cloud security takeaways from RSA 2022 include the need to shore up cloud application security, consolidate tools and mitigate cybersecurity skills shortages, according to ESG. Continue Reading
-
News
15 Jun 2022
Microsoft takes months to fix critical Azure Synapse bug
Orca Security discovered that inadequate tenant separation in Microsoft's Azure Synapse service could allow a threat actor to steal credentials from thousands of customers. Continue Reading
-
Tip
15 Jun 2022
How to evaluate security service edge products
As organizations become more cloud-centric and adapt to remote work, a new technique known as security service edge is gaining traction. Continue Reading
-
Tip
14 Jun 2022
3 steps for CDOs to ensure data sovereignty in the cloud
Data sovereignty regulations, combined with a tsunami of data growth and increased cloud usage, have created a perfect storm that chief data officers must manage. Continue Reading
-
News
13 Jun 2022
Tenable slams Microsoft over Azure vulnerabilities
Tenable expressed its frustration after working with Microsoft on the disclosure of two cloud flaws that researchers ranked as critical, which the company later silently patched. Continue Reading
-
News
13 Jun 2022
Skyhigh Security CEO, VP talk life after McAfee
Gee Rittenhouse discusses the process of building Skyhigh Security, a new company created by Symphony Technology Group as a rebirth of McAfee's enterprise cloud security portfolio. Continue Reading
-
News
02 Jun 2022
VMware launches 'threat intelligence cloud' Contexa
The Contexa threat intelligence service is integrated into all VMware security products and will be available to all new and existing customers at no additional cost. Continue Reading
-
News
01 Jun 2022
Hackers ransom 1,200 exposed Elasticsearch databases
An extensive extortion operation didn't need exploits or vulnerabilities to take over more than 1,200 Elasticsearch databases and demand bitcoin payments, according to Secureworks. Continue Reading
-
Tip
31 May 2022
How to get started with multi-cloud threat hunting
More clouds mean a bigger attack surface. It also complicates how companies can accurately hunt for potential threats. But there are steps to take that can reduce the risk. Continue Reading
-
News
26 May 2022
'Pantsdown' BMC vulnerability still present in Quanta servers
Eclypsium found that a critical security flaw first disclosed in 2019 remains exposed in many internet-facing servers, leaving networks at risk for remote code execution attacks. Continue Reading
-
News
25 May 2022
Verizon DBIR: Stolen credentials led to nearly 50% of attacks
The Verizon 2022 Data Breach Investigations Report revealed enterprises' ongoing struggle with securing credentials and avoiding common mistakes such as misconfigurations. Continue Reading
-
News
18 May 2022
CISA calls out security misconfigurations, common mistakes
Poor security practices and misconfigured controls are allowing threat actors to compromise enterprise networks. Continue Reading
-
Tip
12 May 2022
3 ways to apply security by design in the cloud
Applying security-by-design principles to the cloud may not seem straightforward, but there are several ways to do so. These three areas are a good place to start. Continue Reading
-
Tip
10 May 2022
Microsoft modern authentication deadline looms over Exchange
Support for basic authentication will end this year, giving administrators who haven't switched to a newer authentication method little time to prepare for a smooth transition. Continue Reading
-
News
05 May 2022
Hackers exploit vulnerable Adminer for AWS database thefts
Mandiant researchers spotted a threat group using an exploit for older versions of Adminer to get their hands on metadata that included secret keys for AWS accounts. Continue Reading
-
News
05 May 2022
Google cloud misconfiguration poses risk to customers
Cloud security vendor Mitiga discovered 'dangerous functionality' in the Google Cloud Platform that could allow attackers to compromise virtual machines. Continue Reading
-
Tip
29 Apr 2022
Is cloud critical infrastructure? Prep now for provider outages
The cloud has quickly become critical infrastructure to many organizations. Learn about the top cloud provider outages, and discover tips on preventing disruption during downtime. Continue Reading
-
News
28 Apr 2022
Lapsus$ targeting SharePoint, VPNs and virtual machines
From social engineering attacks to admin tools, a recent NCC Group report examined the tactics used by Lapsus$ to breach companies like Microsoft, Nvidia and Samsung. Continue Reading
-
News
25 Apr 2022
LemonDuck botnet evades detection in cryptomining attacks
While the botnet is not new, it appears operators are honing their skills and evading Alibaba Cloud's monitoring service to take advantage of rising cryptocurrency prices. Continue Reading
-
News
20 Apr 2022
AWS Log4Shell hot patch vulnerable to privilege escalation
Amazon's initial Log4Shell fix had 'severe security issues,' a Palo Alto Networks security researcher said. Amazon released new patches to fix those issues Tuesday. Continue Reading
-
Feature
14 Apr 2022
Study attests: Cloud apps, remote users add to data loss
A study from ESG found many customers attribute data loss and compliance troubles to the race to put apps in the cloud and accommodate remote workers amid the pandemic. Continue Reading
-
Tip
14 Apr 2022
The benefits and challenges of managed PKIs
Managing a public key infrastructure is a difficult task. Discover the benefits and challenges of PKI as a service to determine if managed PKI would benefit your organization. Continue Reading
-
Tip
07 Apr 2022
Should companies ask for a SaaS software bill of materials?
Though it isn't commonplace to ask for a SaaS software bill of materials, one can be beneficial for both SaaS providers and their customers. Learn why. Continue Reading
-
News
05 Apr 2022
Conti ransomware deployed in IcedID banking Trojan attack
The Conti ransomware gang gained recent notoriety for publicly backing Russia in its invasion of Ukraine. An anonymous researcher then leaked massive amounts of internal Conti data. Continue Reading
-
News
01 Apr 2022
CrowdStrike finds 'logging inaccuracies' in Microsoft 365
CrowdStrike says Microsoft's cloud offering may not be accurately taking logs of user sign-ins, and that could pose a threat to protecting networks and investigating attacks. Continue Reading
-
News
23 Mar 2022
Lawsuit claims Kronos breach exposed data for 'millions'
A class-action lawsuit was filed against Ultimate Kronos Group for alleged negligence regarding a ransomware attack and private cloud breach in December. Continue Reading
-
News
22 Mar 2022
STG launches Skyhigh Security from McAfee cloud assets
The new company combines the McAfee Enterprise Security Service Edge portfolio with a name reminiscent of a previous McAfee acquisition: Skyhigh Networks. Continue Reading
-
Tip
21 Mar 2022
2 zero-trust cloud security models emerge as demands shift
Security teams are beefing up enterprise defenses as cloud services become more essential. Zero trust -- tailored to assets, as well as users -- is an integral part of the equation. Continue Reading
-
News
15 Mar 2022
Container vulnerability opens door for supply chain attacks
A CRI-O container engine vulnerability could allow attackers to bypass security controls and take over a host system, according to CrowdStrike researchers. Continue Reading
-
News
08 Mar 2022
Google to acquire Mandiant for $5.4B
Google's acquisition announcement came less than a year after Mandiant and FireEye split. FireEye was sold to Symphony Technology Group last fall for $1.2 billion. Continue Reading
-
Tip
23 Feb 2022
Crosswalk cloud compliance to ensure consistency
Combining a risk management framework with security policies can be tricky, but crosswalking -- especially in the cloud -- can help address inconsistencies and maintain compliance. Continue Reading
-
News
17 Feb 2022
Snyk enters cloud security market with Fugue acquisition
Analysts say the acquisition of Fugue will give Snyk an opportunity to build a presence in the cloud security market and strengthen its infrastructure-as-code capabilities. Continue Reading
-
News
01 Feb 2022
Cato Networks adds CASB to growing SASE portfolio
Cato Networks has added CASB app visibility and enforcement capabilities to its growing SASE portfolio, and plans to add data loss prevention in the coming months. Continue Reading
-
Opinion
31 Jan 2022
IaC security options help reduce software development risk
The use of infrastructure as code is increasing among developers, but security teams can take advantage of a growing number of tools to make sure IaC doesn't increase risk. Continue Reading
-
Feature
31 Jan 2022
Include defensive security in your cybersecurity strategy
Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
-
Tip
21 Jan 2022
Top cloud security standards and frameworks to consider
Cloud security standards and frameworks are key to securing systems and maintaining privacy. Read up on available options and advice for selecting the best for your organization. Continue Reading
-
Tip
20 Jan 2022
Introduction to automated penetration testing
Automated penetration testing, which speeds up the process for companies and vendors, is maturing. Is it ready to close the time gap between vulnerability discovery and mitigation? Continue Reading
- Definition 19 Jan 2022
-
Tip
18 Jan 2022
Cloud-native security architecture principles and controls
Building a sound cloud security framework is challenging, and it's even more so when implementing a cloud-native architecture. Here are steps you can take to make the job easier. Continue Reading
-
News
12 Jan 2022
New RAT campaign abusing AWS, Azure cloud services
Cisco Talos discovered threat actors taking advantage of public cloud services to spread remote administration tools such as NanoCore, NetWire and AsyncRAT. Continue Reading
-
Feature
29 Dec 2021
Editor's picks: Top cybersecurity articles of 2021
As we call it a wrap on 2021, SearchSecurity looks at the top articles from the last 12 months and their sweeping trends, including ransomware, career planning and more. Continue Reading
-
Tip
14 Dec 2021
4 API authentication methods to better protect data in transit
The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
-
Opinion
09 Dec 2021
Cloud application developers need built-in security
Enterprises plan to increase cloud application security spending in 2022. Find out how security vendors and cloud application developers can meet their needs. Continue Reading
-
News
07 Dec 2021
USB-over-Ethernet bugs put cloud services at risk
SentinelOne says vulnerabilities in the Eltima SDK, which connects USB devices on virtual workstations, can put enterprises at risk of privilege escalation attacks. Continue Reading
-
News
06 Dec 2021
One year later, SolarWinds hackers targeting cloud providers
The hacking crew accused of breaking into SolarWinds a year ago is back at it and is trying to get to their targets through attacks on the networks of cloud computing providers. Continue Reading
-
Tip
06 Dec 2021
How to get started with attack surface reduction
Attack surface reduction and management are vital to any security team's toolbox. Learn what ASR is and how it complements existing vulnerability management products. Continue Reading
-
Definition
02 Dec 2021
Twofish
Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits. Continue Reading
-
News
01 Dec 2021
Dell extends Cyber Recovery ransomware protection to AWS
Dell EMC's PowerProtect Cyber Recovery launched in AWS Marketplace, providing customers with a way to isolate their data in AWS-based storage instead of on premises. Continue Reading
-
News
01 Dec 2021
CISA taps CrowdStrike for endpoint security
The U.S. government's cybersecurity authority will be watched over by security vendor CrowdStrike as part of the larger government IT security overhaul. Continue Reading
-
News
22 Nov 2021
GoDaddy discloses breach of 1.2M customer account details
Web hosting provider GoDaddy said an attacker broke into its Managed WordPress service and accessed the account details and SSL keys of 1.2 million customers. Continue Reading
-
News
11 Nov 2021
Aruba Central breach exposed customer data
HPE-owned Aruba Networks said one of its cloud databases was accessed by hackers who were able to make off with location and telemetry data for its customers' Wi-Fi gear. Continue Reading
-
Tip
09 Nov 2021
How to overcome 3 multi-tenancy security issues
Explore three major multi-tenancy security challenges and how to fix them, including lack of visibility, privilege overallocation and poor data security management. Continue Reading
-
News
02 Nov 2021
Why cloud bugs don't get CVEs, and why it's an issue
Lack of public disclosures for cloud bugs can allow vendors to sit on vulnerability reports and can prevent researchers from getting acknowledgement and payouts. Continue Reading
-
Guest Post
23 Aug 2021
Why zero-trust models should replace legacy VPNs
Many organizations use legacy VPNs to secure their networks, especially in the work-from-home era. Expert Pranav Kumar explains why zero-trust models are a safer option. Continue Reading
-
Tip
21 Jul 2021
Automate app security with SaaS security posture management
Keeping track of cloud application security settings and configurations businesswide is no easy task. Automate this cumbersome task with SSPM. Continue Reading
-
Guest Post
16 Jul 2021
4 healthcare risk management tips for secure cloud migration
From improving the security posture and updating threat modeling to securing cloud data, learn about four risk management tips for healthcare organizations migrating to cloud. Continue Reading
-
Guest Post
24 May 2021
Embrace speed and security for your cloud security strategy
As companies solidify their cloud security strategies, they need to ensure that they're considering where they're at now, governance needed and metrics to follow. Continue Reading
-
Tip
22 Apr 2021
How cloud monitoring dashboards improve security operations
Cloud monitoring dashboards can help security teams achieve visibility in complex, sprawling environments. Learn about cloud-native, third-party and open source deployment options. Continue Reading
-
Tip
16 Mar 2021
Implement Kubernetes for multi-cloud architecture security
Uncover how orchestration tools benefit multi-cloud environments, and get help selecting the right deployment model for Kubernetes in multi-cloud architectures. Continue Reading
-
Guest Post
26 Feb 2021
Dispelling 4 of the top cloud security myths today
Booz Allen's Jimmy Pham and Brad Beaulieu dispel four major cloud security myths, exploring why staying in the cloud rather than returning to on premises may be the more secure option. Continue Reading
-
Guest Post
19 Feb 2021
What is CIEM and why should CISOs care?
Cloud infrastructure entitlement management offers companies an edge in the cloud permissions gap challenge. Mahendra Ramsinghani explains how CIEM differs from SIEM. Continue Reading
-
Feature
03 Feb 2021
Cloud security policy configuration in AWS, Azure and GCP
Explore cloud security policy configurations in AWS, Azure and GCP using native security tools in this excerpt of 'Multi-Cloud Architecture and Governance' by Jeroen Mulder. Continue Reading
-
Feature
03 Feb 2021
Secure multi-cloud with architecture and governance focus
Certified enterprise and security architect Jeroen Mulder explains why multi-cloud security architecture planning should be informed by the business and customer perspectives. Continue Reading
-
Tip
01 Feb 2021
5 tips to better secure cloud data
A move to cloud introduces new threats to data. Follow these tips to document, evaluate, test, monitor and harden the new environment. Continue Reading
-
Feature
05 Jan 2021
Juggle a multi-cloud security strategy with these 3 steps
Enterprise security best practices must account for changes in cloud landscapes. Learn how to overcome such challenges and bolster multi-cloud security with technology and policy. Continue Reading
-
Tip
11 Dec 2020
Tackle multi-cloud key management challenges with KMaaS
Cloud providers' tools for secrets management are not equipped to solve unique multi-cloud key management challenges. Learn how key management-as-a-service tools can fill the gaps. Continue Reading
-
Tip
09 Dec 2020
How cloud-based SIEM tools benefit SOC teams
It's time for SIEM to enter the cloud age. Learn about the cloud-based SIEM features that can help SOC teams gain a holistic view of their organization's cloud infrastructure. Continue Reading
-
Tip
03 Dec 2020
SASE model drives improved cloud and work-from-home security
Find out how the Secure Access Service Edge model provides increased work-from-home security and cloud access outside of the traditional enterprise data center access model. Continue Reading
-
Feature
30 Nov 2020
How to pass the AWS Certified Security - Specialty exam
Author of 'AWS Certified Security - Specialty Exam Guide' Stuart Scott shares insights on how to prepare for the exam and reap the professional benefits of certification. Continue Reading
-
Feature
30 Nov 2020
Practice AWS Certified Security - Specialty exam questions
Explore the security and compliance capabilities of the AWS Config service to prepare for the wide-ranging AWS Certified Security - Specialty certification exam. Continue Reading
-
Tip
22 Oct 2020
How to build a cloud security operations center
To better protect workloads and data in the cloud, security operations centers collaborate with various IT teams. Learn how to cloud-enable your organization's SOC. Continue Reading
-
Feature
16 Sep 2020
An inside look at the CCSP cloud security cert
Get insights into the Certified Cloud Security Professional cert, cloud infrastructure and platform benefits and risks, and more from the author of a CCSP exam guide. Continue Reading
-
Quiz
16 Sep 2020
Test your cloud security smarts with these CCSP exam questions
Read up on cloud-based BCDR in this excerpt from Chapter 4 of 'CCSP Certified Cloud Security Professional All-in-One Guide,' then quiz yourself to see what you've learned. Continue Reading
-
Quiz
15 Sep 2020
Cloud computing security technology quiz
As companies migrate to the cloud to improve accessibility and scalability, there are many aspects of security to consider. Test your cloud security knowledge with this quiz. Continue Reading
-
Tip
10 Sep 2020
How cloud security posture management protects multi-cloud
Improve control plane security at your organization by integrating a cloud security posture management tool into your existing multi-cloud strategy. Continue Reading
-
Feature
17 Aug 2020
Hands-on guide to S3 bucket penetration testing
Attention AWS pen testers: The trick to understanding the indicators of AWS S3 bucket vulnerabilities is setting up an insecure bucket. Learn how in this actionable guide. Continue Reading
-
Quiz
29 Jul 2020
Cloud security quiz: Application security best practices
Think you know all there is to know about securing apps in the cloud? Test your grasp of cloud application security best practices with this quiz. Continue Reading
-
Feature
28 Jul 2020
The importance of security, data encryption for cloud
As more companies migrate to the cloud, they need to also invest in cybersecurity for their cloud computing, such as through better encryption and authentication tools. Continue Reading