Cloud security

The cloud offers improved efficiency, flexibility and scalability, but its benefits can be reversed if security isn't top of mind. Read cloud security best practices, including tips on data protection and IaaS, PaaS and SaaS security, as well as cloud-specific tools and services such as CASBs, CWPPs and CSPM.

Top Stories

Tip 05 Apr 2024
9 top cloud storage security issues and how to contain them

A handful of major cloud storage security issues, such as insufficient access controls and lack of compliance, remain. Learn how to successfully address them. Continue Reading
Feature 04 Apr 2024
Thought leaders tips to obtain a secure cloud environment

Securing the cloud ecosystem is a multifaceted endeavor requiring both strategy and cooperation. Learn best practices and practical advice from leading speakers in this space. Continue Reading

Tip 02 Apr 2024

Cloud computing forensics techniques for evidence acquisition

With the proper tools and methodologies, security teams can provide analysts with the critical pieces required to complete cloud computing forensics investigations. Continue Reading
Tip 27 Mar 2024

Private vs. public cloud security: Benefits and drawbacks

Uncover the differences between private vs. public cloud security -- as well as hybrid cloud security and multi-cloud security -- before deciding on an enterprise deployment model Continue Reading
Tip 25 Mar 2024

Cloud account hijacking: How it works and how to prevent it

The ability to identify the various methods of cloud account hijacking is key to prevention. Explore three ways to limit potential consequences of cloud credential compromise. Continue Reading
Tip 22 Mar 2024

How to build a data protection policy, with template

Enterprises can't afford to operate without a sound data protection policy that specifies business goals, stakeholders, regulatory obligations, data classifications and access. Continue Reading
News 21 Mar 2024

AWS fixes 'FlowFixation' vulnerability for account hijacking

A Tenable researcher discovered a session fixation flaw in AWS Managed Workflows for Apache Airflow that, combined with a misconfiguration, could enable account hijacking. Continue Reading
Tip 21 Mar 2024

10 remote work cybersecurity risks and how to prevent them

Larger attack surfaces, limited oversight of data use and more vulnerable technologies are among the security risks faced in remote work environments. Continue Reading
Tip 19 Mar 2024

How to manage third-party risk in the cloud

Third parties, including CSPs, remain a weak point in the supply chain. Adding CSPs into your organization's third-party risk management processes is crucial. Continue Reading
Definition 18 Mar 2024

cloud application

A cloud application, or cloud app, is a software program where cloud-based and local components work together. Continue Reading
Definition 18 Mar 2024

cloud load balancing

Cloud load balancing is the process of distributing workloads across computing resources in a cloud computing environment and carefully balancing the network traffic accessing those resources. Continue Reading
Opinion 15 Mar 2024

Cloud detection and response is, and will stay, a team sport

CISOs should push for federated technologies, common processes and formal communications between teams to ensure cloud detection and response is effective and efficient. Continue Reading
Definition 14 Mar 2024

cloud encryption

Cloud encryption is a service cloud storage providers offer whereby a customer's data is transformed using encryption algorithms from plaintext into ciphertext and stored in the cloud. Continue Reading
Tip 11 Mar 2024

5 PaaS security best practices to safeguard the app layer

Underlying APIs, language choice and cybersecurity features can vary widely across PaaS providers. These five security best practices can help in almost any PaaS scenario. Continue Reading
Tip 07 Mar 2024

5-step IaaS security checklist for cloud customers

Get expert advice on patching, data encryption, and identity and access management responsibilities in this enterprise IaaS security checklist. Continue Reading
Tip 28 Feb 2024

Multi-cloud security challenges and best practices

Where multi-cloud goes, security complexity follows. From configuration to visibility, organizations must be aware of these main challenges and how to overcome them. Continue Reading
News 26 Feb 2024

CISA: APT29 targeting cloud accounts for initial access

U.K. and U.S. government agencies have observed the Russian nation-state group increasingly target dormant and inactive cloud service accounts to gain initial access. Continue Reading
Definition 22 Feb 2024

cloud architect

A cloud architect is an IT professional who is responsible for overseeing a company's cloud computing strategy. Continue Reading
Tip 22 Feb 2024

Use cloud threat intelligence to protect critical data and assets

Cloud threat intelligence helps identify and analyze cloud-based threats, enabling security teams to better understand attacks and more proactively defend against them. Continue Reading
Tip 22 Feb 2024

Optimize data protection as a service with these essential tips

As a one-stop shop, DPaaS and its array of data management and protective cloud services provide security, access control, backup and recovery to safeguard mission-critical data. Continue Reading
News 21 Feb 2024

CrowdStrike 'Global Threat Report': Cloud intrusions up 75%

This year's report covered cloud intrusions, data extortion attacks, and the ongoing conflict between Israel and Hamas. Continue Reading
Tip 12 Feb 2024

Benefits and challenges of managed cloud security services

The rapid drive to hybrid and multi-cloud environments has organizations scrambling to get proper protections into place. For many, external security support is critical. Continue Reading
Tip 05 Feb 2024

6 multi-cloud identity management tips and best practices

The more cloud services organizations adopt, the more identity challenges they face. Follow these five tips to improve multi-cloud identity management. Continue Reading
Tip 01 Feb 2024

Top 8 cloud IAM best practices to implement

Cloud adds a level of complexity to identity and access management. Be sure to follow these cloud IAM best practices to prevent identity-related security issues. Continue Reading
Definition 31 Jan 2024

cloud access security broker (CASB)

A cloud access security broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure. Continue Reading
Tip 31 Jan 2024

7 cloud IAM challenges and how to address them

Cloud use affects how organizations manage access and identity governance. Learn about seven cloud IAM challenges and how to handle them. Continue Reading
Tip 30 Jan 2024

Why organizations need risk-based vulnerability management

As organizations become increasingly dispersed, they need a risk-based vulnerability management approach to achieve the best protection against cybersecurity threats. Continue Reading
Tip 29 Jan 2024

Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
Tip 11 Jan 2024

Cloud incident response: Frameworks and best practices

Cloud incident response, like it sounds, involves responding to incidents in the cloud. But there are nuances to be aware of and unique best practices to follow. Continue Reading
Definition 05 Jan 2024

cloud provisioning

Cloud provisioning is the allocation of a cloud provider's resources and services to a customer. Continue Reading
News 03 Jan 2024

SonicWall acquires Banyan to boost zero-trust, SSE offerings

With its second acquisition in two months, SonicWall aims to help enterprises with growing remote workforces through zero-trust network and security service edge offerings. Continue Reading
Tip 02 Jan 2024

The 10 best cloud security certifications for IT pros in 2024

Certifications can help security pros prove their baseline knowledge of infosec topics. Consider adding these top cloud security certifications to your arsenal. Continue Reading
Feature 21 Dec 2023

Top enterprise hybrid cloud management tools to review

The techniques used to build hybrid cloud architectures have come a long way, but managing these environments long term is plenty more complex without the right software. Continue Reading
Tip 20 Dec 2023

Top 8 benefits of hybrid cloud for business

Why choose between public cloud and private systems when you can have both? With hybrid cloud, enterprises can address workload requirements, business demands and budgetary needs. Continue Reading
Definition 19 Dec 2023

hybrid cloud security

Hybrid cloud security is the combination of technologies and practices that protect a hybrid cloud user's sensitive data, infrastructure and applications. Continue Reading
Opinion 13 Dec 2023

Cloud threat detection and response priorities for 2024

To improve cloud detection and response, security pros need to get closer to cloud applications and software development processes. Here's how that can be accomplished. Continue Reading
Opinion 12 Dec 2023

Application security consolidation remains nuanced

As web application and API protection converge into cloud-based WAAP, Enterprise Strategy Group research shows enterprise interest, but security concerns remain. Continue Reading
Definition 12 Dec 2023

cyber attack

A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Continue Reading
Feature 12 Dec 2023

Multi-cloud vs. hybrid cloud: The main difference

As businesses digitally transform across increasingly distributed environments, know the benefits, challenges, similarities and differences between hybrid cloud and multi-cloud. Continue Reading
Opinion 08 Dec 2023

Key cybersecurity takeaways from AWS re:Invent

Security was strongly emphasized throughout the AWS re:Invent user conference, with product updates to help companies secure data as they build apps and scale in the cloud. Continue Reading
Tip 07 Dec 2023

Assess security posture with the Cloud Security Maturity Model

The Cloud Security Maturity Model enables organizations to assess their cloud security posture and optimize it as they continue their cloud journey. Continue Reading
Opinion 06 Dec 2023

How organizations can learn from cloud security breaches

Research shed light on cloud security breaches. It's time to learn from the past and mitigate these attacks in the future with strong cloud security and posture management. Continue Reading
Tip 28 Nov 2023

Hybrid cloud connectivity best practices and considerations

Private and public clouds stress networks in different ways and don't always play well together. Here's what to know to set up a cost-effective hybrid cloud network architecture. Continue Reading
Opinion 20 Nov 2023

Security continues to lag behind cloud app dev cycles

Enterprise Strategy Group research revealed security gaps in cloud-native software development -- issues that should be addressed as soon as possible. Continue Reading
News 15 Nov 2023

VMware discloses critical, unpatched Cloud Director bug

A manual workaround is currently available for a critical VMware Cloud Director Appliance flaw, tracked as CVE-2023-34060, but no patch is available at press time. Continue Reading
Conference Coverage 07 Nov 2023

Microsoft Ignite 2023 conference coverage

Bookmark this guide and check back regularly to see all the news and analysis related to the latest innovations launching at this year's Microsoft Ignite show. Continue Reading
News 02 Nov 2023

Microsoft launches Secure Future Initiative to bolster security

In the wake of several significant attacks, Microsoft announced new initiatives to address software development and vulnerability mitigation, among other security risks. Continue Reading
Opinion 27 Oct 2023

Cloud-native app security? Ignore acronyms, solve problems

When building a cloud-native application security strategy, avoid new acronym and product category confusion. Look for products that effectively address top challenges instead. Continue Reading
Tip 26 Oct 2023

Top 7 cloud misconfigurations and best practices to avoid them

Cloud security means keeping a close eye on the configuration of cloud resources and assets. These best practices can keep you safe from attackers and other malicious activities. Continue Reading
Feature 24 Oct 2023

What is cloud security management? Guide and best practices

This cloud security guide explains challenges enterprises face today, best practices for securing and managing SaaS, IaaS and PaaS, and comparisons of cloud-native security tools. Continue Reading
Opinion 19 Oct 2023

Cloud-native firewalls are the next step in network security

The network security challenges associated with cloud provider and virtual firewalls are leading to third parties introducing cloud-native firewalls. Continue Reading
News 18 Oct 2023

Mandiant: Citrix zero-day actively exploited since August

Exploitation against CVE-2023-4966 is ongoing, and Mandiant CTO Charles Carmakal warned patching alone is insufficient against potential attacks that leverage MFA bypass techniques. Continue Reading
News 16 Oct 2023

Google Authenticator synchronization raises MFA concerns

Infosec experts say a synchronization feature added to Google's Authenticator app could lead to unintended consequences for organizations' multifactor authentication codes. Continue Reading
Podcast 12 Oct 2023

Risk & Repeat: Rapid Reset and the future of DDoS attacks

This podcast episode covers the record-breaking DDoS attack Rapid Reset, why it stands out among other DDoS campaigns and whether it will be widely replicated in the future. Continue Reading
News 10 Oct 2023

'Rapid Reset' DDoS attacks exploiting HTTP/2 vulnerability

Cloudflare said the Rapid Reset DDoS attack was three times larger than the attack it had on record. Google similarly called it 'the largest DDoS attack to date.' Continue Reading
News 04 Oct 2023

Okta debuts passkey support to combat account compromises

The identity and access management vendor introduced products and features that addressed new social engineering techniques that require additional security measures beyond MFA. Continue Reading
Opinion 02 Oct 2023

Transitioning to single-vendor SASE will take time

New Enterprise Strategy Group research reveals enterprises are interested in single-vendor SASE -- but with multiple tools on hand, the transition will take planning and time. Continue Reading
Opinion 26 Sep 2023

CrowdStrike makes a breakout move

CrowdStrike's annual user conference emphasized the company's future vision for AI, automation and an integrated security IT approach. Continue Reading
News 18 Sep 2023

Microsoft AI researchers mistakenly expose 38 TB of data

Microsoft said no customer data was affected by the Azure Storage exposure and 'no other internal services were put at risk because of this issue,' which has been mitigated. Continue Reading
Opinion 18 Sep 2023

What to consider when creating a SaaS security strategy

Securing SaaS applications is more important and confusing than ever. Consider visibility, UX and workflow when creating a SaaS security strategy and adopting tools. Continue Reading
Tip 18 Sep 2023

Secure Azure Functions with these authentication methods

Securing Azure Functions is paramount to maintaining the integrity and reliability of your applications. Read over the methods, tools and best practices. Continue Reading
News 14 Sep 2023

Developer platform Retool breached in vishing attack

A successful vishing attack against a Retool employee led to account takeovers of 27 cloud customers, but the company is pointing the finger at Google. Continue Reading
Opinion 14 Sep 2023

Google Cloud Next focuses on generative AI for security

Google discussed its vision for applying generative AI to cybersecurity at its Google Cloud Next conference in August, with announcements about new features and capabilities. Continue Reading
News 14 Sep 2023

Palo Alto Networks: 80% of security exposures exist in cloud

It's no surprise that organizations struggle with cloud security, but a new report reveals an alarming split between cloud and on-premise security exposures. Continue Reading
Podcast 12 Sep 2023

Risk & Repeat: Big questions remain on Storm-0558 attacks

Microsoft revealed that Storm-0558 threat actors stole a consumer signing key from its corporate network, but many questions about the breach and subsequent attacks remain. Continue Reading
Tip 11 Sep 2023

How to develop a cloud backup ransomware protection strategy

Deploying cloud backups for ransomware protection has become a common security strategy. Here's how to properly vet cloud storage vendors to ensure backups stay secure. Continue Reading
Podcast 30 Aug 2023

Risk & Repeat: Digging into Microsoft security criticisms

Executives, researchers and former employees told TechTarget Editorial about issues with Microsoft security practices, including patch bypasses, poor transparency and more. Continue Reading
News 30 Aug 2023

CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security

CrowdStrike's Elia Zaitsev discusses the rise in credential-based attacks, as well as the common errors organizations make in the cloud that often lead to breaches. Continue Reading
News 25 Aug 2023

CloudNordic loses most customer data after ransomware attack

The Danish cloud host said the ransomware attack it suffered last week 'has paralyzed CloudNordic completely' and that 'it has proved impossible' to recover more customer data. Continue Reading
News 23 Aug 2023

Google launches AI-powered data classification for Workspace

Available now in preview, the new capability can automatically label files across a customer's Drive environment to protect data from exposure and exfiltration. Continue Reading
News 21 Aug 2023

Vendors criticize Microsoft for repeated security failings

Microsoft is facing frustration for numerous security issues, including problematic transparency, numerous patch bypasses and inconsistent communication practices. Continue Reading
Tip 18 Aug 2023

How to conduct a cloud security assessment

Cloud environments are complicated by visibility issues, misconfigurations and more. Cloud security assessments are one way to ensure everything is protected. Continue Reading
Podcast 17 Aug 2023

Risk & Repeat: Highlights from Black Hat USA 2023

Black Hat USA 2023 in Las Vegas covered several trends, such as generative AI and cloud security issues, as well as new vulnerabilities, including the Downfall flaw in Intel chips. Continue Reading
News 10 Aug 2023

Palo Alto: SugarCRM zero-day reveals growing cloud threats

Recent incident response investigations reveal that attackers are becoming more advanced when it comes to the cloud, but there are steps enterprises can take to mitigate risks. Continue Reading
News 10 Aug 2023

Trend Micro discloses 'silent threat' flaws in Azure ML

During a Black Hat 2023 session, Trend Micro researchers discussed several vulnerabilities they discovered in Azure Machine Learning that allow sensitive information disclosure. Continue Reading
News 09 Aug 2023

Wiz warns of exposed multi-tenant apps in Azure AD

During a Black Hat USA 2023 session, a Wiz researcher explained how a common misconfiguration in Azure Active Directory led to the exposure of nearly 1,300 applications. Continue Reading
News 08 Aug 2023

Rubrik acquires Laminar for cloud security, data visibility

Rubrik snags Laminar Security, adding to its data security and R&D portfolio. It's a move that underscores the changes Rubrik is making to become a cybersecurity vendor. Continue Reading
Podcast 03 Aug 2023

Risk & Repeat: Microsoft takes heat over Storm-0558 attacks

The Storm-0558 attacks have raised questions about Microsoft's response to a cloud flaw and a stolen MSA key that was used to compromise customer email accounts. Continue Reading
Feature 20 Jul 2023

Enterprise communication security a growing risk, priority

Enterprise Strategy Group's Dave Gruber discusses survey results on security threats related to the use of email and other communication and collaboration tools. Continue Reading
News 19 Jul 2023

Microsoft to expand free cloud logging following recent hacks

Microsoft faced criticism over a lack of free cloud log data after a China-based threat actor compromised email accounts of several organizations, including some federal agencies. Continue Reading
Opinion 19 Jul 2023

Using defense in depth to secure cloud-stored data

To better secure cloud-resident data, organizations are deploying cloud-native tools from CSPs and third-party tools from MSPs to achieve a defense-in-depth strategy. Continue Reading
Tip 18 Jul 2023

Supercloud security concerns foreshadow concept's adoption

Supercloud lets applications work together across multiple cloud environments, but organizations must pay particular attention to how they protect their assets. Continue Reading
News 18 Jul 2023

Orca: Google Cloud design flaw enables supply chain attacks

Orca Security says threat actors can use a design flaw in Google Cloud Build's default permissions to gain access to Artifact Registry code repositories and poison software. Continue Reading
News 17 Jul 2023

Microsoft still investigating stolen MSA key from email attacks

While Microsoft provided additional attack details and techniques used by Storm-0558, it remains unclear how the Microsoft account signing key was acquired. Continue Reading
News 17 Jul 2023

JumpCloud breached by nation-state threat actor

JumpCloud's mandatory API key rotation earlier this month was triggered by a breach at the hands of a nation-state threat actor that gained access through spear phishing. Continue Reading
News 13 Jul 2023

Microsoft: Government agencies breached in email attacks

While Microsoft mitigated the attacks and found no evidence of further access beyond the email accounts, the Outlook breaches raised questions for the software giant. Continue Reading
Tip 12 Jul 2023

IaC security scanning tools, features and use cases

Infrastructure-as-code templates help organizations track cloud assets and other important items. Proper IaC scanning can help companies avoid potential security pitfalls. Continue Reading
Opinion 11 Jul 2023

Top developer relations trends for building stronger teams

Learn about enterprise trends for optimizing software engineering practices, including developer relations, API use, community building and incorporating security into development. Continue Reading
Definition 07 Jul 2023

ransomware as a service (RaaS)

Ransomware as a service (RaaS) is a subscription-based business model that enables affiliates to launch ransomware attacks by accessing and using pre-developed ransomware tools. Continue Reading
Definition 06 Jul 2023

cloud security posture management (CSPM)

Cloud security posture management (CSPM) is a market segment for IT security tools that are designed to identify misconfiguration issues and compliance risks in the cloud. Continue Reading
Definition 06 Jul 2023

cloud security architecture

Cloud security architecture is a security strategy designed around securing an organization's data and applications in the cloud. Continue Reading
Feature 29 Jun 2023

8 blockchain-as-a-service providers to have on your radar

You don't have to build your blockchain project from the ground up. These cloud-based service providers can provide the necessary infrastructure, networking and development tools. Continue Reading
Opinion 29 Jun 2023

AI helps humans speed app modernization, improve security

Enterprises are looking at AI-driven approaches to help human teams modernize and accelerate application development to refactor or build new apps and beef up cybersecurity. Continue Reading
News 28 Jun 2023

DDoS attacks surging behind new techniques, geopolitical goals

A rise in massive DDoS attacks, some of which target the application layer and cause significant disruptions, might require new defense strategies from cybersecurity vendors. Continue Reading
Tip 22 Jun 2023

Plan ahead to reduce cloud forensics challenges

Laying out a detailed framework that governs how -- and how quickly -- information is shared by CSPs can help ease the problems associated with collecting forensics data. Continue Reading
Feature 20 Jun 2023

Blockchain security: Everything you should know for safe use

Despite its reputation, blockchain is subject to many of the same vulnerabilities as other software. It helps to have a clear idea of its inherent strengths and weaknesses. Continue Reading
News 20 Jun 2023

Attackers discovering exposed cloud assets within minutes

Cloud security vendor Orca Security used honeypots to learn more about how threat actors compromise cloud resources such as misconfigured AWS S3 buckets and GitHub repositories. Continue Reading
News 19 Jun 2023

Microsoft: DDoS attacks caused M365, Azure disruptions

Microsoft confirmed widespread service disruptions earlier this month were caused by layer 7 DDoS attacks by a threat group it identified as Storm-1359. Continue Reading
Opinion 19 Jun 2023

New AWS security tools, updates help IT protect cloud apps

AWS released a slew of updates to improve security as IT pros develop and deploy more enterprise applications via public cloud services. Continue Reading
Tutorial 16 Jun 2023

Guard information in cloud with a data classification policy

The cloud's need for special data classification attention arises from a combination of risk factors. With proper care, classification and compliance can limit these risks. Continue Reading
Opinion 14 Jun 2023

Cisco releases new security offerings at Cisco Live 2023

At Cisco Live 2023, Cisco emphasized its plans to emphasize security, rolling out a host of new initiatives from secure access to AI-aided security to cloud-native app security. Continue Reading
News 13 Jun 2023

AWS launches EC2 Instance Connect Endpoint, Verified Permissions

At re:Inforce 2023, AWS launched a new service that allows customers to connect to their EC2 instances through SSH and RDP connections, removing the need for a public IP address. Continue Reading

1
2
3
4

Networking

The effects of network downtime and ways to fix it
Causes of network downtime include human error, misconfigurations and security threats. Experts weigh in on the consequences of ...
SASE vs. SD-WAN: What's the difference?
SASE and SD-WAN are two similar architectures administrators use to provide secure network access, but they differ in terms of ...
Infrastructure requirements for Kubernetes cluster networking
A well-architected network infrastructure is vital for Kubernetes cluster networking, providing seamless communication and ...

CIO

CHIPS and Science Act funds TSMC, Intel projects
The Biden administration has awarded billions through the CHIPS and Science Act to five companies to invest in building and ...
How to create a proof of concept with 6 free templates
What is a proof of concept and how does it help an organization? We dive into the importance of writing a PoC and provide a list ...
GDPR, EU AI Act will overlap as businesses face enforcement
Enforcement of the new EU AI Act remains up in the air as governing bodies are being established. Meanwhile, DPAs grapple with ...

Enterprise Desktop

Windows XP EOL anniversary: 10 years of endpoint evolution
Windows XP EOL meant upgrading to Windows 7, but times have changed. IT pros can use the next upgrade cycle as an opportunity to ...
Guide to Linux patch management
While patching desktops has some universal aspects across systems, there are specific Linux best practices that Linux ...
How to change a Windows device name with Intune
There are several ways that IT administrators and users can change the name of Intune-managed Windows devices, but first they ...

Cloud Computing

Compare ESG tools from AWS, Azure and Google Cloud
ESG standards are beginning to influence how large enterprises procure and consume cloud services. Take a closer look at the ...
Thought leaders tips to obtain a secure cloud environment
Securing the cloud ecosystem is a multifaceted endeavor requiring both strategy and cooperation. Learn best practices and ...
How to Create an AWS Lambda Function with CloudFormation
Do you want to enhance automation, consistency, scalability and cost-effectiveness? Follow this step-by-step tutorial on how to ...

ComputerWeekly.com

What Cisco’s Splunk acquisition means for APAC customers
APAC organisations can expect better visibility and insights into their networks and applications along with automation and ...
UK vet network CVS hit by cyber attack
Operations at UK-based veterinary network CVS have been disrupted by a cyber incident of an as-yet undisclosed nature
Virgin Media O2 rolls out smart support service
Operator launches smart support service to tackle customers’ network niggles as research finds more than one in three British ...

Close