Cloud security
The cloud offers improved efficiency, flexibility and scalability, but its benefits can be reversed if security isn't top of mind. Read cloud security best practices, including tips on data protection and IaaS, PaaS and SaaS security, as well as cloud-specific tools and services such as CASBs, CWPPs and CSPM.
Top Stories
-
Tip
28 Nov 2023
Hybrid cloud connectivity best practices and considerations
Private and public clouds stress networks in different ways and don't always play well together. Here's what to know to set up a cost-effective hybrid cloud network architecture. Continue Reading
-
Opinion
20 Nov 2023
Security continues to lag behind cloud app dev cycles
Enterprise Strategy Group research revealed security gaps in cloud-native software development -- issues that should be addressed as soon as possible. Continue Reading
-
Opinion
20 Nov 2023
Security continues to lag behind cloud app dev cycles
Enterprise Strategy Group research revealed security gaps in cloud-native software development -- issues that should be addressed as soon as possible. Continue Reading
-
News
15 Nov 2023
VMware discloses critical, unpatched Cloud Director bug
A manual workaround is currently available for a critical VMware Cloud Director Appliance flaw, tracked as CVE-2023-34060, but no patch is available at press time. Continue Reading
-
Conference Coverage
07 Nov 2023
Microsoft Ignite 2023 conference coverage
Bookmark this guide and check back regularly to see all the news and analysis related to the latest innovations launching at this year's Microsoft Ignite show. Continue Reading
-
News
02 Nov 2023
Microsoft launches Secure Future Initiative to bolster security
In the wake of several significant attacks, Microsoft announced new initiatives to address software development and vulnerability mitigation, among other security risks. Continue Reading
-
Opinion
27 Oct 2023
Cloud-native app security? Ignore acronyms, solve problems
When building a cloud-native application security strategy, avoid new acronym and product category confusion. Look for products that effectively address top challenges instead. Continue Reading
-
Tip
26 Oct 2023
Top 7 cloud misconfigurations and best practices to avoid them
Cloud security means keeping a close eye on the configuration of cloud resources and assets. These best practices can keep you safe from attackers and other malicious activities. Continue Reading
-
Feature
24 Oct 2023
What is cloud security management? Guide and best practices
This cloud security guide explains challenges enterprises face today, best practices for securing and managing SaaS, IaaS and PaaS, and comparisons of cloud-native security tools. Continue Reading
-
Opinion
19 Oct 2023
Cloud-native firewalls are the next step in network security
The network security challenges associated with cloud provider and virtual firewalls are leading to third parties introducing cloud-native firewalls. Continue Reading
-
News
18 Oct 2023
Mandiant: Citrix zero-day actively exploited since August
Exploitation against CVE-2023-4966 is ongoing, and Mandiant CTO Charles Carmakal warned patching alone is insufficient against potential attacks that leverage MFA bypass techniques. Continue Reading
-
News
16 Oct 2023
Google Authenticator synchronization raises MFA concerns
Infosec experts say a synchronization feature added to Google's Authenticator app could lead to unintended consequences for organizations' multifactor authentication codes. Continue Reading
-
Podcast
12 Oct 2023
Risk & Repeat: Rapid Reset and the future of DDoS attacks
This podcast episode covers the record-breaking DDoS attack Rapid Reset, why it stands out among other DDoS campaigns and whether it will be widely replicated in the future. Continue Reading
-
News
10 Oct 2023
'Rapid Reset' DDoS attacks exploiting HTTP/2 vulnerability
Cloudflare said the Rapid Reset DDoS attack was three times larger than the attack it had on record. Google similarly called it 'the largest DDoS attack to date.' Continue Reading
-
News
04 Oct 2023
Okta debuts passkey support to combat account compromises
The identity and access management vendor introduced products and features that addressed new social engineering techniques that require additional security measures beyond MFA. Continue Reading
-
Opinion
02 Oct 2023
Transitioning to single-vendor SASE will take time
New Enterprise Strategy Group research reveals enterprises are interested in single-vendor SASE -- but with multiple tools on hand, the transition will take planning and time. Continue Reading
-
Opinion
26 Sep 2023
CrowdStrike makes a breakout move
CrowdStrike's annual user conference emphasized the company's future vision for AI, automation and an integrated security IT approach. Continue Reading
-
News
18 Sep 2023
Microsoft AI researchers mistakenly expose 38 TB of data
Microsoft said no customer data was affected by the Azure Storage exposure and 'no other internal services were put at risk because of this issue,' which has been mitigated. Continue Reading
-
Opinion
18 Sep 2023
What to consider when creating a SaaS security strategy
Securing SaaS applications is more important and confusing than ever. Consider visibility, UX and workflow when creating a SaaS security strategy and adopting tools. Continue Reading
-
Tip
18 Sep 2023
Secure Azure Functions with these authentication methods
Securing Azure Functions is paramount to maintaining the integrity and reliability of your applications. Read over the methods, tools and best practices. Continue Reading
-
News
14 Sep 2023
Developer platform Retool breached in vishing attack
A successful vishing attack against a Retool employee led to account takeovers of 27 cloud customers, but the company is pointing the finger at Google. Continue Reading
-
Opinion
14 Sep 2023
Google Cloud Next focuses on generative AI for security
Google discussed its vision for applying generative AI to cybersecurity at its Google Cloud Next conference in August, with announcements about new features and capabilities. Continue Reading
-
News
14 Sep 2023
Palo Alto Networks: 80% of security exposures exist in cloud
It's no surprise that organizations struggle with cloud security, but a new report reveals an alarming split between cloud and on-premise security exposures. Continue Reading
-
Podcast
12 Sep 2023
Risk & Repeat: Big questions remain on Storm-0558 attacks
Microsoft revealed that Storm-0558 threat actors stole a consumer signing key from its corporate network, but many questions about the breach and subsequent attacks remain. Continue Reading
-
Tip
11 Sep 2023
How to develop a cloud backup ransomware protection strategy
Deploying cloud backups for ransomware protection has become a common security strategy. Here's how to properly vet cloud storage vendors to ensure backups stay secure. Continue Reading
-
Podcast
30 Aug 2023
Risk & Repeat: Digging into Microsoft security criticisms
Executives, researchers and former employees told TechTarget Editorial about issues with Microsoft security practices, including patch bypasses, poor transparency and more. Continue Reading
-
News
30 Aug 2023
CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security
CrowdStrike's Elia Zaitsev discusses the rise in credential-based attacks, as well as the common errors organizations make in the cloud that often lead to breaches. Continue Reading
-
News
25 Aug 2023
CloudNordic loses most customer data after ransomware attack
The Danish cloud host said the ransomware attack it suffered last week 'has paralyzed CloudNordic completely' and that 'it has proved impossible' to recover more customer data. Continue Reading
-
News
23 Aug 2023
Google launches AI-powered data classification for Workspace
Available now in preview, the new capability can automatically label files across a customer's Drive environment to protect data from exposure and exfiltration. Continue Reading
-
News
21 Aug 2023
Vendors criticize Microsoft for repeated security failings
Microsoft is facing frustration for numerous security issues, including problematic transparency, numerous patch bypasses and inconsistent communication practices. Continue Reading
-
Tip
18 Aug 2023
How to conduct a cloud security assessment
Cloud environments are complicated by visibility issues, misconfigurations and more. Cloud security assessments are one way to ensure everything is protected. Continue Reading
-
Podcast
17 Aug 2023
Risk & Repeat: Highlights from Black Hat USA 2023
Black Hat USA 2023 in Las Vegas covered several trends, such as generative AI and cloud security issues, as well as new vulnerabilities, including the Downfall flaw in Intel chips. Continue Reading
-
News
10 Aug 2023
Palo Alto: SugarCRM zero-day reveals growing cloud threats
Recent incident response investigations reveal that attackers are becoming more advanced when it comes to the cloud, but there are steps enterprises can take to mitigate risks. Continue Reading
-
News
10 Aug 2023
Trend Micro discloses 'silent threat' flaws in Azure ML
During a Black Hat 2023 session, Trend Micro researchers discussed several vulnerabilities they discovered in Azure Machine Learning that allow sensitive information disclosure. Continue Reading
-
News
09 Aug 2023
Wiz warns of exposed multi-tenant apps in Azure AD
During a Black Hat USA 2023 session, a Wiz researcher explained how a common misconfiguration in Azure Active Directory led to the exposure of nearly 1,300 applications. Continue Reading
-
News
08 Aug 2023
Rubrik acquires Laminar for cloud security, data visibility
Rubrik snags Laminar Security, adding to its data security and R&D portfolio. It's a move that underscores the changes Rubrik is making to become a cybersecurity vendor. Continue Reading
-
Podcast
03 Aug 2023
Risk & Repeat: Microsoft takes heat over Storm-0558 attacks
The Storm-0558 attacks have raised questions about Microsoft's response to a cloud flaw and a stolen MSA key that was used to compromise customer email accounts. Continue Reading
-
Feature
20 Jul 2023
Enterprise communication security a growing risk, priority
Enterprise Strategy Group's Dave Gruber discusses survey results on security threats related to the use of email and other communication and collaboration tools. Continue Reading
-
News
19 Jul 2023
Microsoft to expand free cloud logging following recent hacks
Microsoft faced criticism over a lack of free cloud log data after a China-based threat actor compromised email accounts of several organizations, including some federal agencies. Continue Reading
-
Opinion
19 Jul 2023
Using defense in depth to secure cloud-stored data
To better secure cloud-resident data, organizations are deploying cloud-native tools from CSPs and third-party tools from MSPs to achieve a defense-in-depth strategy. Continue Reading
-
Tip
18 Jul 2023
Supercloud security concerns foreshadow concept's adoption
Supercloud lets applications work together across multiple cloud environments, but organizations must pay particular attention to how they protect their assets. Continue Reading
-
News
18 Jul 2023
Orca: Google Cloud design flaw enables supply chain attacks
Orca Security says threat actors can use a design flaw in Google Cloud Build's default permissions to gain access to Artifact Registry code repositories and poison software. Continue Reading
-
News
17 Jul 2023
Microsoft still investigating stolen MSA key from email attacks
While Microsoft provided additional attack details and techniques used by Storm-0558, it remains unclear how the Microsoft account signing key was acquired. Continue Reading
-
News
17 Jul 2023
JumpCloud breached by nation-state threat actor
JumpCloud's mandatory API key rotation earlier this month was triggered by a breach at the hands of a nation-state threat actor that gained access through spear phishing. Continue Reading
-
News
13 Jul 2023
Microsoft: Government agencies breached in email attacks
While Microsoft mitigated the attacks and found no evidence of further access beyond the email accounts, the Outlook breaches raised questions for the software giant. Continue Reading
-
Tip
12 Jul 2023
IaC security scanning tools, features and use cases
Infrastructure-as-code templates help organizations track cloud assets and other important items. Proper IaC scanning can help companies avoid potential security pitfalls. Continue Reading
-
Opinion
11 Jul 2023
Top developer relations trends for building stronger teams
Learn about enterprise trends for optimizing software engineering practices, including developer relations, API use, community building and incorporating security into development. Continue Reading
-
Feature
29 Jun 2023
8 blockchain-as-a-service providers to have on your radar
You don't have to build your blockchain project from the ground up. These cloud-based service providers can provide the necessary infrastructure, networking and development tools. Continue Reading
-
Opinion
29 Jun 2023
AI helps humans speed app modernization, improve security
Enterprises are looking at AI-driven approaches to help human teams modernize and accelerate application development to refactor or build new apps and beef up cybersecurity. Continue Reading
-
News
28 Jun 2023
DDoS attacks surging behind new techniques, geopolitical goals
A rise in massive DDoS attacks, some of which target the application layer and cause significant disruptions, might require new defense strategies from cybersecurity vendors. Continue Reading
-
Tip
22 Jun 2023
Plan ahead to reduce cloud forensics challenges
Laying out a detailed framework that governs how -- and how quickly -- information is shared by CSPs can help ease the problems associated with collecting forensics data. Continue Reading
-
Feature
20 Jun 2023
Blockchain security: Everything you should know for safe use
Despite its reputation, blockchain is subject to many of the same vulnerabilities as other software. It helps to have a clear idea of its inherent strengths and weaknesses. Continue Reading
-
News
20 Jun 2023
Attackers discovering exposed cloud assets within minutes
Cloud security vendor Orca Security used honeypots to learn more about how threat actors compromise cloud resources such as misconfigured AWS S3 buckets and GitHub repositories. Continue Reading
-
News
19 Jun 2023
Microsoft: DDoS attacks caused M365, Azure disruptions
Microsoft confirmed widespread service disruptions earlier this month were caused by layer 7 DDoS attacks by a threat group it identified as Storm-1359. Continue Reading
-
Opinion
19 Jun 2023
New AWS security tools, updates help IT protect cloud apps
AWS released a slew of updates to improve security as IT pros develop and deploy more enterprise applications via public cloud services. Continue Reading
-
Tutorial
16 Jun 2023
Guard information in cloud with a data classification policy
The cloud's need for special data classification attention arises from a combination of risk factors. With proper care, classification and compliance can limit these risks. Continue Reading
-
Opinion
14 Jun 2023
Cisco releases new security offerings at Cisco Live 2023
At Cisco Live 2023, Cisco emphasized its plans to emphasize security, rolling out a host of new initiatives from secure access to AI-aided security to cloud-native app security. Continue Reading
-
News
13 Jun 2023
AWS launches EC2 Instance Connect Endpoint, Verified Permissions
At re:Inforce 2023, AWS launched a new service that allows customers to connect to their EC2 instances through SSH and RDP connections, removing the need for a public IP address. Continue Reading
-
News
01 Jun 2023
Mitiga warns free Google Drive license lacks logging visibility
The ability to view logs is critical for enterprises to detect and attribute malicious activity. Mitiga said the Google Drive issue allows data exfiltration without a trace. Continue Reading
-
Tip
25 May 2023
Prepare for the Azure Security Engineer Associate certification
Are you ready to boost your resume or further your cloud career path? Review this preparation guide to get ready for Exam AZ-500 to become Microsoft certified. Continue Reading
-
News
15 May 2023
CrowdStrike warns of rise in VMware ESXi hypervisor attacks
As enterprise adoption of virtualization technology increases, CrowdStrike has observed a rise in ransomware attacks on servers running VMware's ESXi bare-metal hypervisors. Continue Reading
-
Feature
12 May 2023
Security experts share cloud auditing best practices
A cloud audit allows organizations to assess cloud vendor performance. Auditing experts Shinesa Cambric and Michael Ratemo talk about the role of compliance in auditing. Continue Reading
-
Tip
10 May 2023
How to reduce risk with cloud attack surface management
Attack surfaces continue to expand, fueled in part by the cloud. Attack surface management is a key way to identify vulnerable assets and reduce the risk to a corporate network. Continue Reading
-
Opinion
09 May 2023
Addressing the confusion around shift-left cloud security
To clarify how shift-left security should work in terms of cloud-based application development, Enterprise Strategy Group analyst Melinda Marks dives deep into the process. Continue Reading
-
Feature
05 May 2023
How to implement principle of least privilege in Azure AD
Restricting users' permissions in Microsoft Azure AD to only what they need to complete their job helps secure and reduce the cloud attack surface. Continue Reading
-
Feature
05 May 2023
How to start handling Azure network security
Before adopting Microsoft Azure, it's important to consider how to secure the cloud network. That's where network security groups and Azure Firewall come in. Continue Reading
-
News
02 May 2023
CrowdStrike focuses on ChromeOS security, rising cloud threats
Raj Rajamani, CrowdStrike's chief product officer of data, identity, cloud and endpoint security, said ChromeOS devices are gaining increasing adoption in the enterprise space. Continue Reading
-
Opinion
25 Apr 2023
Cloud-native security metrics for CISOs
Author and chief risk officer Rich Seiersen talks about the challenges of securing cloud-native applications and how to use metrics to improve their effectiveness. Continue Reading
-
News
13 Apr 2023
Western Digital restores service; attack details remain unclear
While Western Digital confirmed that it suffered a data breach on March 26, the storage company has not offered details about the attack scope or whether ransomware was involved. Continue Reading
-
Tip
12 Apr 2023
How to use a CASB to manage shadow IT
Shadow IT can cost organizations time, money and security. One way to combat unauthorized use of applications is to deploy a CASB. Continue Reading
-
News
12 Apr 2023
Cisco provides extra-secure Webex for U.S. government
Cisco will provide a higher-security cloud-based unified communications platform for U.S. national security and defense personnel to monitor classified data, starting in 2024. Continue Reading
-
Feature
11 Apr 2023
How to use Azure AD Connect synchronization for hybrid IAM
Organizations face many challenges authenticating and authorizing users in hybrid infrastructures. One way to handle hybrid IAM is with Microsoft Azure AD Connect for synchronization. Continue Reading
-
Feature
11 Apr 2023
Practice Microsoft SC-100 exam questions with answers
Use these practice multiple-choice questions, with answers, to assess your knowledge of the Microsoft Cybersecurity Architect exam. Continue Reading
-
News
30 Mar 2023
Azure Pipelines vulnerability spotlights supply chain threats
Legit Security researchers discovered a remote code execution flaw within Microsoft's Azure DevOps platform that could give threat actors complete control of development pipelines. Continue Reading
-
Tip
28 Mar 2023
How to mitigate low-code/no-code security challenges
Don't adopt low-code/no-code application development approaches without considering these best practices to mitigate and prevent their inherent security risks. Continue Reading
-
Tip
20 Mar 2023
4 cloud API security best practices
APIs make up the majority of web traffic now, but they aren't always kept as secure as needed. Consider implementing these four cloud API security best practices. Continue Reading
-
Tip
17 Mar 2023
8 cloud detection and response use cases
Unsure whether cloud detection and response could be useful for your organization? These eight use cases could make CDR indispensable. Continue Reading
-
News
15 Mar 2023
Dell launches new security offerings for data protection, MDR
Dell's new and expansive services focus on top security challenges enterprises face, such as data protection, ransomware recovery and supply chain threats. Continue Reading
-
Tip
24 Feb 2023
Cloud incident response: Frameworks and best practices
Cloud incident response, like it sounds, involves responding to incidents in the cloud. But there are nuances to be aware of and unique best practices to follow. Continue Reading
-
Tip
16 Feb 2023
Web 3.0 security risks: What you need to know
Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0. Continue Reading
-
Opinion
14 Feb 2023
Top takeaways from first CloudNativeSecurityCon
TechTarget's Enterprise Strategy Group offers the main takeaways from the first vendor-neutral, practitioner-driven conference for security. Continue Reading
-
News
09 Feb 2023
Hypervisor patching struggles exacerbate ESXiArgs attacks
Ransomware hit a high number of unpatched VMware ESXi servers by exploiting two- and three-year-old flaws, which has put hypervisor patching difficulties in the spotlight. Continue Reading
-
News
06 Feb 2023
Widespread ransomware campaign targets VMware ESXi servers
The attacks exploited a two-year-old heap overflow vulnerability in VMware ESXi. Many questions remain about the scope of the campaign and the threat actor behind it. Continue Reading
-
Opinion
24 Jan 2023
5 ways to enable secure software development in 2023
Security teams have to help developers ensure security software development, but in today's rapidly scaling cloud environments, it's a challenging task. Continue Reading
-
News
17 Jan 2023
Microsoft fixes SSRF vulnerabilities found in Azure services
Orca Security, which discovered the Azure flaws, warned enterprises to be aware of SSRF attacks, which can result in a threat actor accessing or modifying sensitive data. Continue Reading
-
News
21 Dec 2022
Play ransomware actors bypass ProxyNotShell mitigations
CrowdStrike is urging organizations to apply the latest Microsoft Exchange updates after investigations revealed attackers developed a bypass for ProxyNotShell mitigations. Continue Reading
-
Tip
19 Dec 2022
The 14 best cloud security certifications for IT pros in 2023
Certifications can help security pros prove their baseline knowledge of infosec topics. Consider adding these top cloud security certifications to your arsenal. Continue Reading
-
Podcast
08 Dec 2022
Risk & Repeat: Breaking down Rackspace ransomware attack
This Risk & Repeat podcast episode discusses the recent ransomware attack against cloud provider Rackspace, as well as the major service outage affecting its customers. Continue Reading
-
News
06 Dec 2022
Cisco teases new capabilities with SD-WAN update
Cisco SD-WAN 17.10 enhancements give enterprises the option of using security service edge providers Cloudflare and Netskope in secure access service edge deployments. Continue Reading
-
Tip
06 Dec 2022
How to implement least privilege access in the cloud
More organizations are moving their resources to the cloud but are not paying attention to how cloud access privileges are allocated. Learn how to limit access in the cloud. Continue Reading
-
News
06 Dec 2022
Rackspace confirms ransomware attack after Exchange outages
The cloud service provider said that because the investigation of the ransomware attack is in the early stages, it is unknown what, if any, customer data was stolen. Continue Reading
-
News
05 Dec 2022
Rackspace 'security incident' causes Exchange Server outages
Rackspace has not said what caused the security incident, but the cloud provider said it proactively disconnected its Hosted Exchange offering as it investigates the matter. Continue Reading
-
Opinion
10 Nov 2022
Secure development focus at KubeCon + CloudNativeCon 2022
The pressure is on. It's time for better security that can keep up with modern software developers. That was the message at this year's KubeCon + CloudNativeCon. Continue Reading
-
Tip
02 Nov 2022
Kusto Query Language primer for IT administrators
Administrators who use Microsoft cloud services, such as Microsoft Sentinel and Microsoft 365, can learn how to pull information from those products with KQL queries. Continue Reading
-
Tip
27 Oct 2022
Types of cloud malware and how to defend against them
Cloud malware isn't going away anytime soon, but organizations have a growing number of tools at their disposal to combat the threat. Continue Reading
-
News
20 Oct 2022
Microsoft confirms data leak caused by misconfiguration
Microsoft criticized SOCRadar's reporting of the data leak, saying the threat intelligence vendor "greatly exaggerated" its claim that 65,000-plus entities had data exposed. Continue Reading
-
Guest Post
19 Oct 2022
3 cloud security posture questions CISOs should answer
As cloud adoption continues to accelerate, CISOs must help IT and cybersecurity teams keep pace with evolving cloud markets, especially when it comes to cloud security posture. Continue Reading
-
News
19 Oct 2022
Azure vulnerability opens door to remote takeover attacks
Orca Security researchers uncovered a flaw in Azure Service Fabric that was fixed in last week's Patch Tuesday. It allows elevation of privilege and remote takeover of nodes. Continue Reading
-
Tip
30 Sep 2022
How to decide on what Office 365 add-on licenses to use
Missing certain functionality and want to supplement your subscription to Office 365 or Microsoft 365? Find out what extras make sense for your organization. Continue Reading
-
Opinion
21 Sep 2022
Planning the journey from SD-WAN to SASE
Enterprises need integrated security and networking frameworks to manage distributed IT environments and are looking to SD-WAN and security options like SASE to get the job done. Continue Reading
-
Opinion
14 Sep 2022
5 ways to improve your cloud security posture
With more applications deployed to multiple clouds, organizations must shore up their security posture, and cloud security posture management is designed to help. Find out why. Continue Reading
-
News
13 Sep 2022
Secureworks reveals Azure Active Directory flaws
Secureworks published details of what it claims are significant security flaws in Azure's authentication system, but Microsoft has dismissed them as non-issues. Continue Reading