Discover the multifaceted world of cloud security. Our hub is a treasure trove of insightful resources, emerging trends, best practices, and expert viewpoints.
- Introduction
- Resources
- Policies & Standards
- Tools & Solutions
- Case Studies & Whitepapers
- Community & Events
- Expert Opinions & Blogs
The cloud has transformed businesses, offering flexibility and scalability like never before. But with great power comes great responsibilityβsecuring these cloud environments. Understand the nuances of cloud security, its challenges, and its solutions.
Official Documentation & Guides
- AWS: AWS Security Best Practices
- Azure: Azure Security and Compliance Blueprint
- Google Cloud: Google Cloud Security Command Center
Essential Reads
π Extended Resource Collection
Securing the cloud isn't just about tools; it's about following standards that have been tried and tested.
- CIS Benchmarks: Best practices for securing cloud systems
- NIST SP 800-144: Guidelines on Security and Privacy in Public Cloud Computing
- ISO/IEC 27017: Information technology β Security techniques β Code of practice for information security controls based on ISO/IEC 27002 for cloud services
π Complete List of Standards
Cloud Security Management
- Prisma Cloud: A comprehensive cloud-native security platform.
- CloudGuard: Protect and automate your multi-cloud environment.
IAM Solutions
- AWS IAM: Centralize access control across your AWS environment.
- Azure AD: Identity services built for a diverse workforce.
Data Encryption
- Vormetric: Secure sensitive data across multiple cloud providers.
- Google Cloud KMS: Manage cryptographic keys in a cloud-native way.
Real stories. Real scenarios:
- FinTech Corp: How We Secured Our Multi-cloud Infrastructure
- HealthData Inc.: Strategies Against Ransomware in Cloud
Become part of the movement:
- Discuss: CSA Forum: Global discussions on evolving cloud threats.
- Learn: RSA Conference: Stay updated on CloudSec's cutting-edge developments.
- Certify: CCSP Certification: Solidify your cloud security knowledge.
- Engage: fwd:cloudsec: A community-driven conference exploring the forefront of cloud security. Their slack has over 3,500 members. This group is for a plethora of AWS (and Cloud) Security debate & info-sharing, not just a place where people can get a quick answer to something (though there are awesome people on here willing to help). Code of Conduct: https://fwdcloudsec.org/conduct.html (edited)
Cloud Security Thought Leadership:
- Bruce Schneier's Blog: A renowned security expert, Bruce regularly discusses cloud security issues.
- Krebs on Security: Brian Krebs provides in-depth investigative reports on security topics, including those related to cloud.
- Troy Hunt's Blog: Troy, the creator of "Have I Been Pwned", shares insights on various security topics, including breaches in cloud environments.
- Sreaming in the Cloud Podcast: Corey Quinn has quests regularly who focus on cloud security.
- Keeping Workflows Secure in an Ever-Changing Environment with Adnan Khan: Adnan Khan, Lead Security Engineer at Praetorian, joins Corey on Screaming in the Cloud to discuss software bill of materials and supply chain attacks. Adnan describes how simple pull requests can lead to major security breaches, and how to best avoid those vulnerabilities. Adnan and Corey also discuss the rapid innovation at Github Actions, and the pros and cons of having new features added so quickly when it comes to security.
- Exposing the Latest Cloud Threats with Anna Belak: Anna Belak, Director of The Office of Cybersecurity Strategy at Sysdig, joins Corey on Screaming in the Cloud to discuss the findings in this yearβs (2023) newly-released Sysdig Global Cloud Threat Report. Anna explains the challenges that teams face in ensuring their cloud is truly secure, including quantity of data versus quality, automation, and more.
- Navigating Continuous Change in Cloud Security with Brandon Sherman: Brandon Sherman, Cloud Security Engineer at Temporal Technologies Inc., joins Corey on Screaming in the Cloud to discuss his experiences at recent cloud conferences and the ongoing changes in cloud computing. Brandon shares why he enjoyed fwd:cloudsec more than this yearβs re:Inforce, and how heβs seen AWS events evolve over the years.
- Creating an API Security Solution at FireTail with Jeremy Snyder: Jeremy Snyder, Founder of FireTail, joins Corey on Screaming in the Cloud to discuss his career journey and what led him to start FireTail. Jeremy reveals whatβs changed in cloud since he was an AE and AWS, and walks through how the need for customization in cloud security has led to a boom in the number of security companies out there.
- Centralizing Cloud Security Breach Information with Chris Farris: Chris Farris, Cloud Security Nerd at PrimeHarbor Technologies, LLC, joins Corey on Screaming in the Cloud to discuss his new project, breaches.cloud, and why he feels having a centralized location for cloud security breach information is so important. Corey and Chris also discuss what it means to dive into entrepreneurship, including both the benefits of not having to work within a corporate structure and the challenges that come with running your own business. Chris also reveals what led him to start breaches.cloud, and what heβs learned about some of the biggest cloud security breaches so far.
Panel Discussions & Webinars:
- AWS re:Invent Security Sessions: Amazon's annual cloud conference which includes numerous security talks and panel discussions.
- Google Cloud Next '23: Security & Identity: Google's cloud conference sessions focusing on security and identity.
- Microsoft's Azure Security Webinars: Webinars discussing security best practices, trends, and features in Azure.