About
TLDR: Cloudsecurity.org is an independent directory of cloud security tools, curated to help CTOs and security professionals discover and compare available solutions for their cloud security needs.
Where Cloud Meets Security
Hi, I’m Craig Balding. I created cloudsecurity.org as a blog in April 2008.
At the time, I was remote-working from our first family home, just a few months after the birth of my daughter. My employer, GE Capital - the financial engine of General Electric - was navigating the early tremors of the 2008 financial crisis. Investors were pulling back, and uncertainty was everywhere.
It felt like a storm was coming. Major financial institutions were under pressure, Northern Rock in the UK had been nationalized, Bear Stearns had narrowly avoided bankruptcy, and the FTSE 100 had suffered its worst drop since 9/11. Amid those dark clouds, I decided to establish a professional outpost beyond LinkedIn: a public blog.
For security professionals in regulated industries like finance, blogging can be tricky. My role at GE involved evaluating global banking systems and supporting internal fraud investigations, topics that did not lend themselves easily to public commentary. But one topic was clearly worth discussing: cloud computing.
In 2007, AWS had already attracted 180,000 developers to its platform, while GE's early adoption of VMware highlighted the cost-cutting potential of infrastructure abstraction. It was clear that businesses would soon push to migrate those newly abstracted workloads to the cloud. Security teams, however, were not ready. My goal was simple: encourage security professionals to dive into this emerging field, experiment, and identify the gaps before the business raced ahead.
Much to my surprise, the blog gained traction quickly. Just 11 posts in, I was interviewed on US National Public Radio - an unexpected milestone that gave the blog wider visibility.
Between 2008 and 2010, I published dozens of posts before stepping away to focus on the growing demands of my role. After 20 years at GE, I joined Barclays PLC as Global Head of Cyber Risk and later served as Group Security CTO, overseeing cloud security on a global scale.
In 2017, I left the corporate world to become an independent consultant. Jim Reavis from the Cloud Security Alliance was my first client, taking me on as a part-time Senior Cloud Security Advisor. I guided the Financial Services Security Platform and provided advisory services to CSA enterprise members.
Since then, I have helped hundreds of organizations secure cloud environments across public, hybrid and private cloud. My work includes advising intergovernmental organizations, helping technology startups respond to enterprise security reviews, and helping teams move quickly toward ISO 27001 certification.
Throughout this journey, one question kept coming up: What cloud security tools and solutions do you recommend? That question inspired me to bring cloudsecurity.org back - not just as a blog, but as a directory for cloud security tools and resources.
What You'll Find Here
Cloudsecurity.org is a curated directory designed to help security professionals and CTOs navigate the landscape of cloud security tools. It draws from:
- Hands-on consulting experience
- Community-curated lists, including GitHub awesome projects
- Marco Lancini's CloudSecList newsletter - dedicated to cloud security
- Clint Gibler's tl;dr sec newsletter - one of my favourite security newsletters
- Contributions from the wider security community
The directory covers technology startups, open-source tools, major cloud provider services, books, courses and papers.
I have personally used many of these tools, but the directory is not a recommendations list. It is a technical resource to help you quickly discover available cloud security solutions and decide what is worth deeper evaluation.
Why I Built This
Cloud security is complex, and finding the right tools can be overwhelming. I built this site to make that process faster and more transparent.
Cloudsecurity.org is:
- Independent: an unbiased collection of available tools and resources.
- Comprehensive: broad coverage across cloud security categories, vendors and open-source projects.
- Straightforward: clear, factual information to support discovery and comparison.
My Goal
I want this site to be a useful starting point for anyone trying to make sense of cloud security solutions. Whether you are just starting out or have been doing this for years, the goal is to help you find what you need faster so you can focus on solving real cloud security problems.
Cloud computing is not getting simpler, but finding the right tools should not be harder than it needs to be.