Hi, my name is Craig Balding and I established cloudsecurity.org in April 2008 as Cloud Computing was just getting started.
Today, I am an independent cyber security consultant and advisor to the CSA (Cloud Security Alliance). For the avoidance of any doubt, all opinions expressed on this blog are mine and mine alone - they do not necessarily represent the views of the CSA.
On this site, I share expert knowledge on Cloud Security, covering the technology and tools, hacks and human factors, policy, regulation and strategy.
notion image

Who am I writing for?

  1. Developers & DevOps teams handling sensitive data: how to use cloud services safely, norms, minimum standards, best tools, OPSEC
  1. Incident Response and forensic teams: how to integrate threat management tooling, talk about response teams at cloud providers, facilitate intros, create helpful tools
  1. Security Assessment and Red teams: 101, cloud specific assessment tooling, useful tricks and tips
  1. Decision makers: CISOs, risk and policy people, regulators and insurance - inform about breaches, controls gaps, shared responsibility security model, influence policy, educate about breaches, network
  1. SME customers: risks, tips, easy to use security tools


  • Cloud related offense & defence tools, attacks and tactics (open source focused but some commercial)
  • Cloud provider security: major developments, analysis of breaches and security controls and security - claims, technical walk throughs, gaps, certifications and regulatory issues
  • Cloud research, studies and reports
  • My observations, annoyances and suggestions for cloud services
  • Occasional interviews, book reviews

Are you curious about artificial intelligence and cyber security? Join my Threat Prompt newsletter to stay up to date.