About
Hi, my name is Craig Balding and I established cloudsecurity.org in April 2008 as Cloud Computing was just getting started.
Today, I am an independent cyber security consultant and advisor to the CSA (Cloud Security Alliance). For the avoidance of any doubt, all opinions expressed on this blog are mine and mine alone - they do not necessarily represent the views of the CSA.
On this site, I share expert knowledge on Cloud Security, covering the technology and tools, hacks and human factors, policy, regulation and strategy.
Who am I writing for?
- Developers & DevOps teams handling sensitive data: how to use cloud services safely, norms, minimum standards, best tools, OPSEC
- Incident Response and forensic teams: how to integrate threat management tooling, talk about response teams at cloud providers, facilitate intros, create helpful tools
- Security Assessment and Red teams: 101, cloud specific assessment tooling, useful tricks and tips
- Decision makers: CISOs, risk and policy people, regulators and insurance - inform about breaches, controls gaps, shared responsibility security model, influence policy, educate about breaches, network
- SME customers: risks, tips, easy to use security tools
Coverage
- Cloud related offense & defence tools, attacks and tactics (open source focused but some commercial)
- Cloud provider security: major developments, analysis of breaches and security controls and security - claims, technical walk throughs, gaps, certifications and regulatory issues
- Cloud research, studies and reports
- My observations, annoyances and suggestions for cloud services
- Occasional interviews, book reviews