Cloud security

The cloud offers improved efficiency, flexibility and scalability, but its benefits can be reversed if security isn't top of mind. Read cloud security best practices, including tips on data protection and IaaS, PaaS and SaaS security, as well as cloud-specific tools and services such as CASBs, CWPPs and CSPM.

Top Stories

Answer 11 Jul 2024
CASB vs. SASE: What's the difference?

CASB and SASE enhance network and SaaS application security. CASB acts as a security layer for cloud services, while SASE integrates networking and security into one framework. Continue Reading
Feature 03 Jul 2024
RSA security conference video roundup: 2024 perspectives

We chatted on camera with attendees and presenters at RSAC 2024. To get the highlights of one of the world's major cybersecurity conferences, check out this video collection. Continue Reading

Feature 03 Jul 2024

RSA security conference video roundup: 2024 perspectives

We chatted on camera with attendees and presenters at RSAC 2024. To get the highlights of one of the world's major cybersecurity conferences, check out this video collection. Continue Reading
Tip 02 Jul 2024

How to secure Azure Functions with Entra ID

Centralized identity management is vital to the protection of your organization's resources. Do you know how to secure Azure Functions with Entra ID to optimize data security? Continue Reading
Opinion 21 Jun 2024

AWS makes strong case for its security advantages at re:Inforce

At re:Inforce 2024, AWS shared details of its secure-by-design measures to protect customer data. Continue Reading
Definition 18 Jun 2024

malware

Malware, or malicious software, is any program or file that's intentionally harmful to a computer, network or server. Continue Reading
Feature 17 Jun 2024

CASB vs. CSPM vs. CWPP: Comparing cloud security tool types

Let's break down some cloud security alphabet soup. CASB, CSPM and CWPP overlap to an extent, but you'll want to pay close attention to how they accomplish different things. Continue Reading
Definition 13 Jun 2024

cloud security

Cloud security, also known as 'cloud computing security,' is a set of policies, practices and controls deployed to protect cloud-based data, applications and infrastructure from cyberattacks and cyberthreats. Continue Reading
News 12 Jun 2024

AWS touts security culture, AI protections at re:Inforce 2024

AWS executives highlighted the company's longstanding security, which evoked comparisons to its chief cloud rival Microsoft and the recent Cyber Safety Review Board report. Continue Reading
Tip 12 Jun 2024

The 10 best cloud security certifications for IT pros in 2024

Certifications can help security pros prove their baseline knowledge of infosec topics. Consider adding these top cloud security certifications to your arsenal. Continue Reading
Tip 11 Jun 2024

SASE vs. SSE: Explaining the differences

Most security professionals are familiar with secure access service edge, but now, there's a new tool for administrators to consider: security service edge. Continue Reading
News 10 Jun 2024

Mandiant: 'Exposed credentials' led to Snowflake attacks

According to new threat research, Mandiant is reporting that UNC5537 conducted attacks against Snowflake database customers at least as early as April 14. Continue Reading
Tip 10 Jun 2024

8 SaaS security best practices for 2024

SaaS has become ubiquitous. To secure it, take steps to inventory SaaS usage, securely authenticate usage, encrypt data, adopt single sign-on and more. Continue Reading
Podcast 05 Jun 2024

Risk & Repeat: Sorting out Snowflake's security mess

This podcast episode discusses the recent attacks against Snowflake customers and a controversial report that claimed the cloud storage and analytics giant had been breached. Continue Reading
Tip 05 Jun 2024

What is a cloud security framework? A complete guide

With so many apps and data residing in cloud, employing a security framework to help protect cloud infrastructure is an essential move for an organization. Continue Reading
Tip 05 Jun 2024

Cloud security automation: Benefits and best practices

Automating security in the cloud can be invaluable for threat detection and mitigation. Explore key areas where security professionals should implement automation. Continue Reading
News 04 Jun 2024

Tenable warns of vulnerability in Azure service tags

Microsoft disagreed with Tenable's assessment, saying the security issue in Azure service tags is not a vulnerability and that additional authentication layers are required. Continue Reading
Feature 04 Jun 2024

What is cloud security management? A strategic guide

This cloud security guide explains challenges enterprises face today; best practices for securing and managing SaaS, IaaS and PaaS; and comparisons of cloud-native security tools. Continue Reading
News 03 Jun 2024

Snowflake: No evidence of platform breach

Snowflake on Saturday issued a joint statement with third-party investigators Mandiant and CrowdStrike denying reports that its platform had been breached. Continue Reading
News 31 May 2024

Threat actor compromising Snowflake database customers

A threat actor tracked as UNC5537 is using stolen credentials against Snowflake database customers to conduct data theft and extortion attacks, cloud security firm Mitiga said. Continue Reading
Definition 21 May 2024

cloud penetration testing

Cloud penetration testing is a tactic an organization uses to assess its cloud security effectiveness by attempting to evade its own defenses. Continue Reading
News 21 May 2024

Critical bug discovered in open source utility Fluent Bit

Tenable researchers discovered a critical vulnerability, dubbed 'Linguistic Lumberjack,' in Fluent Bit, an open source logging utility widely used by major cloud providers. Continue Reading
Definition 21 May 2024

cloud workload protection platform (CWPP)

A cloud workload protection platform (CWPP) is a security tool designed to protect workloads that run on premises, in the cloud or in a hybrid arrangement. Continue Reading
Definition 17 May 2024

hashing

Hashing is the process of transforming any given key or a string of characters into another value. Continue Reading
News 16 May 2024

IBM sells QRadar SaaS assets to Palo Alto Networks

The deal with Palo Alto Networks comes one year after IBM announced QRadar Suite, an AI-enhanced security platform that combined existing SIEM and XDR products. Continue Reading
Definition 15 May 2024

Common Vulnerability Scoring System (CVSS)

The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity and characteristics of security vulnerabilities in information systems. Continue Reading
News 15 May 2024

AI-driven attacks seen as chief cloud security threat

Tried and true cloud security threats are on the rise. But according to a new report from Palo Alto Networks, the specter of generative AI threats has organizations concerned. Continue Reading
Definition 14 May 2024

cloud-native application protection platform (CNAPP)

Cloud-native application protection platform, or CNAPP, is a software product that bundles multiple cloud security tools into one package, thereby delivering a holistic approach for securing an organization's cloud infrastructure, its cloud-native applications and its cloud workloads. Continue Reading
Tip 14 May 2024

Cloud vulnerability management: A complete guide

Your security strategy might not grapple directly with cloud vulnerability management. Is it time to consider the possible benefits and challenges of this emerging product class? Continue Reading
News 14 May 2024

SonicWall CEO talks transformation, security transparency

SonicWall's CEO said that following a string of serious vulnerabilities the company responded to in 2021, product development and quality assurance operations were overhauled. Continue Reading
Tip 13 May 2024

How to create a cloud security policy, step by step

What are the necessary components of a cloud security policy, and why should an organization go to the trouble to create one? Download a template to get the process started. Continue Reading
Tip 08 May 2024

VM security in cloud computing explained

Cloud computing allows an organization to reduce its risks by having to secure fewer resources. The tradeoff is that cloud creates more attack vectors. Don't let VMs trip you up. Continue Reading
Tip 07 May 2024

What is a cloud security engineer, and how do I become one?

A cloud security engineer has specific responsibilities for helping to secure cloud infrastructure, applications and IT assets. Continue Reading
Tip 06 May 2024

SSPM vs. CSPM: What's the difference?

Posture management in the cloud is key, but evaluating different tools, such as SaaS security posture management and cloud security posture management platforms, can be confusing. Continue Reading
Definition 06 May 2024

cloud infrastructure entitlement management (CIEM)

Cloud infrastructure entitlement management (CIEM) is a discipline for managing identities and privileges in cloud environments. Continue Reading
Opinion 03 May 2024

AWS to protect its cloud using CrowdStrike security products

AWS is replacing a variety of security products with the CrowdStrike Falcon Platform to further secure applications and data on its cloud. Continue Reading
News 02 May 2024

Dropbox discloses data breach involving Dropbox Sign

A threat actor accessed Dropbox Sign customer names, emails, hashed passwords, API keys, OAuth tokens, multifactor authentication information and other data. Continue Reading
Definition 30 Apr 2024

cloud security posture management (CSPM)

Cloud security posture management (CSPM) is a market segment for IT security tools that are designed to identify misconfiguration issues and compliance risks in the cloud. Continue Reading
Definition 30 Apr 2024

Cloud Security Alliance (CSA)

The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the use of cloud technologies to secure other forms of computing. Continue Reading
Opinion 30 Apr 2024

Security updates from Google Cloud Next '24 center on GenAI

Google has infused Gemini into its security tools and while GenAI isn’t going to solve every security problem right away, its assistive capabilities save much needed time. Continue Reading
Tip 29 Apr 2024

Navigating cloud patch management: Benefits, best practices

Bad actors use malicious code to exploit vulnerabilities, targeting on-demand systems and applications. Having an efficient mechanism to deploy patches in the cloud is critical. Continue Reading
Tip 29 Apr 2024

Top 11 cloud security challenges and how to combat them

Before jumping feet first into the cloud, understand the new and continuing top cloud security challenges your organization is likely to face -- and how to mitigate them. Continue Reading
Tip 25 Apr 2024

3 ways AI is transforming cloud security, according to experts

Generative AI only recently burst into the collective consciousness, but experts say it is already changing cloud security -- on both the defensive and offensive sides. Continue Reading
Feature 22 Apr 2024

Explore CASB use cases before you decide to buy

CASB tools help secure cloud applications so only authorized users have access. Discover more about this rapidly evolving technology and its use cases. Continue Reading
News 18 Apr 2024

CrowdStrike extends cloud security to Mission Cloud customers

CrowdStrike Falcon Cloud Security and Falcon Complete Cloud Detection and Response (CDR) will be made available through the Mission Cloud One AWS MSP platform. Continue Reading
Tip 17 Apr 2024

8 data protection challenges and how to prevent them

Businesses contend with a combination of issues spawned by data overload, privacy regulations, access rights, cyberattacks, cloud environments, generative AI and human error. Continue Reading
Tip 15 Apr 2024

4 types of cloud security tools organizations need in 2024

From CIEM to SSE, these four types of cloud security tools help boost security efforts as organizations continue to expand their cloud environments. Continue Reading
Tip 15 Apr 2024

Data protection vs. security vs. privacy: Key differences

Data protection, privacy and security might look alike but their differences can make or break a comprehensive compliance program to collect, manage, access, erase and secure data. Continue Reading
Feature 15 Apr 2024

13 best data protection software platforms of 2024

Data privacy laws, sophisticated cyberattacks and generative AI's infiltration make it imperative to invest in multifunctional data protection software, but what tools are tops? Continue Reading
Tip 10 Apr 2024

Cloud database security: Best practices, challenges and threats

If your company is using a cloud database, it's critical to stay on top of security. Review the security features offered by top cloud providers, plus some best practices. Continue Reading
Tip 05 Apr 2024

9 top cloud storage security issues and how to contain them

A handful of major cloud storage security issues, such as insufficient access controls and lack of compliance, remain. Learn how to successfully address them. Continue Reading
Feature 04 Apr 2024

Thought leaders tips to obtain a secure cloud environment

Securing the cloud ecosystem is a multifaceted endeavor requiring both strategy and cooperation. Learn best practices and practical advice from leading speakers in this space. Continue Reading
Tip 02 Apr 2024

Cloud computing forensics techniques for evidence acquisition

With the proper tools and methodologies, security teams can provide analysts with the critical pieces required to complete cloud computing forensics investigations. Continue Reading
Tip 27 Mar 2024

Private vs. public cloud security: Benefits and drawbacks

Uncover the differences between private vs. public cloud security -- as well as hybrid cloud security and multi-cloud security -- before deciding on an enterprise deployment model Continue Reading
Tip 25 Mar 2024

Cloud account hijacking: How it works and how to prevent it

The ability to identify the various methods of cloud account hijacking is key to prevention. Explore three ways to limit potential consequences of cloud credential compromise. Continue Reading
Tip 22 Mar 2024

How to build a data protection policy, with template

Enterprises can't afford to operate without a sound data protection policy that specifies business goals, stakeholders, regulatory obligations, data classifications and access. Continue Reading
News 21 Mar 2024

AWS fixes 'FlowFixation' vulnerability for account hijacking

A Tenable researcher discovered a session fixation flaw in AWS Managed Workflows for Apache Airflow that, combined with a misconfiguration, could enable account hijacking. Continue Reading
Tip 21 Mar 2024

10 remote work cybersecurity risks and how to prevent them

Larger attack surfaces, limited oversight of data use and more vulnerable technologies are among the security risks faced in remote work environments. Continue Reading
Tip 19 Mar 2024

How to manage third-party risk in the cloud

Third parties, including CSPs, remain a weak point in the supply chain. Adding CSPs into your organization's third-party risk management processes is crucial. Continue Reading
Definition 18 Mar 2024

cloud application

A cloud application, or cloud app, is a software program where cloud-based and local components work together. Continue Reading
Definition 18 Mar 2024

cloud load balancing

Cloud load balancing is the process of distributing workloads across computing resources in a cloud computing environment and carefully balancing the network traffic accessing those resources. Continue Reading
Opinion 15 Mar 2024

Cloud detection and response is, and will stay, a team sport

CISOs should push for federated technologies, common processes and formal communications between teams to ensure cloud detection and response is effective and efficient. Continue Reading
Definition 14 Mar 2024

cloud encryption

Cloud encryption is a service cloud storage providers offer whereby a customer's data is transformed using encryption algorithms from plaintext into ciphertext and stored in the cloud. Continue Reading
Tip 11 Mar 2024

5 PaaS security best practices to safeguard the app layer

Underlying APIs, language choice and cybersecurity features can vary widely across PaaS providers. These five security best practices can help in almost any PaaS scenario. Continue Reading
Tip 07 Mar 2024

5-step IaaS security checklist for cloud customers

Get expert advice on patching, data encryption, and identity and access management responsibilities in this enterprise IaaS security checklist. Continue Reading
Tip 28 Feb 2024

Multi-cloud security challenges and best practices

Where multi-cloud goes, security complexity follows. From configuration to visibility, organizations must be aware of these main challenges and how to overcome them. Continue Reading
News 26 Feb 2024

CISA: APT29 targeting cloud accounts for initial access

U.K. and U.S. government agencies have observed the Russian nation-state group increasingly target dormant and inactive cloud service accounts to gain initial access. Continue Reading
Definition 22 Feb 2024

cloud architect

A cloud architect is an IT professional who is responsible for overseeing a company's cloud computing strategy. Continue Reading
Tip 22 Feb 2024

Use cloud threat intelligence to protect critical data and assets

Cloud threat intelligence helps identify and analyze cloud-based threats, enabling security teams to better understand attacks and more proactively defend against them. Continue Reading
Tip 22 Feb 2024

Optimize data protection as a service with these essential tips

As a one-stop shop, DPaaS and its array of data management and protective cloud services provide security, access control, backup and recovery to safeguard mission-critical data. Continue Reading
News 21 Feb 2024

CrowdStrike 'Global Threat Report': Cloud intrusions up 75%

This year's report covered cloud intrusions, data extortion attacks, and the ongoing conflict between Israel and Hamas. Continue Reading
Tip 12 Feb 2024

Benefits and challenges of managed cloud security services

The rapid drive to hybrid and multi-cloud environments has organizations scrambling to get proper protections into place. For many, external security support is critical. Continue Reading
Tip 05 Feb 2024

6 multi-cloud identity management tips and best practices

The more cloud services organizations adopt, the more identity challenges they face. Follow these five tips to improve multi-cloud identity management. Continue Reading
Tip 01 Feb 2024

Top 8 cloud IAM best practices to implement

Cloud adds a level of complexity to identity and access management. Be sure to follow these cloud IAM best practices to prevent identity-related security issues. Continue Reading
Definition 31 Jan 2024

cloud access security broker (CASB)

A cloud access security broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure. Continue Reading
Tip 31 Jan 2024

7 cloud IAM challenges and how to address them

Cloud use affects how organizations manage access and identity governance. Learn about seven cloud IAM challenges and how to handle them. Continue Reading
Tip 30 Jan 2024

Why organizations need risk-based vulnerability management

As organizations become increasingly dispersed, they need a risk-based vulnerability management approach to achieve the best protection against cybersecurity threats. Continue Reading
Tip 29 Jan 2024

Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
Tip 11 Jan 2024

Cloud incident response: Frameworks and best practices

Cloud incident response, like it sounds, involves responding to incidents in the cloud. But there are nuances to be aware of and unique best practices to follow. Continue Reading
Definition 05 Jan 2024

cloud provisioning

Cloud provisioning is the allocation of a cloud provider's resources and services to a customer. Continue Reading
News 03 Jan 2024

SonicWall acquires Banyan to boost zero-trust, SSE offerings

With its second acquisition in two months, SonicWall aims to help enterprises with growing remote workforces through zero-trust network and security service edge offerings. Continue Reading
Feature 21 Dec 2023

Top enterprise hybrid cloud management tools to review

The techniques used to build hybrid cloud architectures have come a long way, but managing these environments long term is plenty more complex without the right software. Continue Reading
Tip 20 Dec 2023

Top 8 benefits of hybrid cloud for business

Why choose between public cloud and private systems when you can have both? With hybrid cloud, enterprises can address workload requirements, business demands and budgetary needs. Continue Reading
Definition 19 Dec 2023

hybrid cloud security

Hybrid cloud security is the combination of technologies and practices that protect a hybrid cloud user's sensitive data, infrastructure and applications. Continue Reading
Opinion 13 Dec 2023

Cloud threat detection and response priorities for 2024

To improve cloud detection and response, security pros need to get closer to cloud applications and software development processes. Here's how that can be accomplished. Continue Reading
Opinion 12 Dec 2023

Application security consolidation remains nuanced

As web application and API protection converge into cloud-based WAAP, Enterprise Strategy Group research shows enterprise interest, but security concerns remain. Continue Reading
Feature 12 Dec 2023

Multi-cloud vs. hybrid cloud: The main difference

As businesses digitally transform across increasingly distributed environments, know the benefits, challenges, similarities and differences between hybrid cloud and multi-cloud. Continue Reading
Opinion 08 Dec 2023

Key cybersecurity takeaways from AWS re:Invent

Security was strongly emphasized throughout the AWS re:Invent user conference, with product updates to help companies secure data as they build apps and scale in the cloud. Continue Reading
Tip 07 Dec 2023

Assess security posture with the Cloud Security Maturity Model

The Cloud Security Maturity Model enables organizations to assess their cloud security posture and optimize it as they continue their cloud journey. Continue Reading
Opinion 06 Dec 2023

How organizations can learn from cloud security breaches

Research shed light on cloud security breaches. It's time to learn from the past and mitigate these attacks in the future with strong cloud security and posture management. Continue Reading
Tip 28 Nov 2023

Hybrid cloud connectivity best practices and considerations

Private and public clouds stress networks in different ways and don't always play well together. Here's what to know to set up a cost-effective hybrid cloud network architecture. Continue Reading
Opinion 20 Nov 2023

Security continues to lag behind cloud app dev cycles

Enterprise Strategy Group research revealed security gaps in cloud-native software development -- issues that should be addressed as soon as possible. Continue Reading
News 15 Nov 2023

VMware discloses critical, unpatched Cloud Director bug

A manual workaround is currently available for a critical VMware Cloud Director Appliance flaw, tracked as CVE-2023-34060, but no patch is available at press time. Continue Reading
Conference Coverage 07 Nov 2023

Microsoft Ignite 2023 conference coverage

Bookmark this guide and check back regularly to see all the news and analysis related to the latest innovations launching at this year's Microsoft Ignite show. Continue Reading
News 02 Nov 2023

Microsoft launches Secure Future Initiative to bolster security

In the wake of several significant attacks, Microsoft announced new initiatives to address software development and vulnerability mitigation, among other security risks. Continue Reading
Opinion 27 Oct 2023

Cloud-native app security? Ignore acronyms, solve problems

When building a cloud-native application security strategy, avoid new acronym and product category confusion. Look for products that effectively address top challenges instead. Continue Reading
Tip 26 Oct 2023

Top 7 cloud misconfigurations and best practices to avoid them

Cloud security means keeping a close eye on the configuration of cloud resources and assets. These best practices can keep you safe from attackers and other malicious activities. Continue Reading
Opinion 19 Oct 2023

Cloud-native firewalls are the next step in network security

The network security challenges associated with cloud provider and virtual firewalls are leading to third parties introducing cloud-native firewalls. Continue Reading
News 18 Oct 2023

Mandiant: Citrix zero-day actively exploited since August

Exploitation against CVE-2023-4966 is ongoing, and Mandiant CTO Charles Carmakal warned patching alone is insufficient against potential attacks that leverage MFA bypass techniques. Continue Reading
News 16 Oct 2023

Google Authenticator synchronization raises MFA concerns

Infosec experts say a synchronization feature added to Google's Authenticator app could lead to unintended consequences for organizations' multifactor authentication codes. Continue Reading
Podcast 12 Oct 2023

Risk & Repeat: Rapid Reset and the future of DDoS attacks

This podcast episode covers the record-breaking DDoS attack Rapid Reset, why it stands out among other DDoS campaigns and whether it will be widely replicated in the future. Continue Reading
News 10 Oct 2023

'Rapid Reset' DDoS attacks exploiting HTTP/2 vulnerability

Cloudflare said the Rapid Reset DDoS attack was three times larger than the attack it had on record. Google similarly called it 'the largest DDoS attack to date.' Continue Reading