About
TLDR: Cloudsecurity.org is an independent directory of cloud security tools, curated to help CTOs and security professionals discover and compare available solutions for their cloud security needs.
Where Cloud Meets Security
Hi, I’m Craig Balding, I created cloudsecurity.org started as a blog in April 2008.
At the time, I was remote-working from our first family home, just a few months after the birth of my daughter. My employer, GE Capital—the financial engine of General Electric—was navigating the early tremors of the 2008 Financial Crisis. Investors were pulling back, and uncertainty was everywhere.
It felt like a storm was coming. Major financial institutions were crumbling: Northern Rock in the UK was nationalized, Bear Stearns barely survived bankruptcy, and the FTSE 100 suffered its worst drop since 9/11. Amid these dark clouds, I decided to establish a professional outpost beyond LinkedIn: a public blog.
For security professionals in regulated industries like finance, blogging can be tricky. My role at GE involved evaluating global banking systems and supporting internal fraud investigations—topics that didn’t lend themselves easily to public commentary. But one topic seemed ripe for discussion: cloud computing.
In 2007, AWS had already attracted 180,000 developers to its platform, while GE’s early adoption of VMware highlighted its significant cost-cutting potential. It was clear that businesses would soon push to migrate those now abstracted workloads to the cloud. Security teams, however, weren’t ready. My goal was simple: encourage security professionals to dive into this emerging field, experiment, and identify the gaps before the business world raced ahead.
Much to my surprise, the blog gained traction quickly. Just 11 posts in, I was interviewed on US National Public Radio - an unexpected milestone that gave the blog even more visibility.
Between 2008 and 2010, I published dozens of posts before stepping away to focus on the growing demands of my role. After 20 years at GE, I joined Barclays PLC as Global Head of Cyber Risk and later served as Group Security CTO, overseeing cloud security on a global scale.
In 2017, I left the corporate world to become an independent consultant. Jim Reavis from the Cloud Security Alliance was my very first client (thanks Jim!) - taking me on as a part-time Senior Cloud Security Advisor. I guided the Financial Services Security Platform and provided advisory services to CSA enterprise members.
Separately, I’ve helped hundreds of organizations secure their cloud environments, whether public, hybrid, or private. My work spans advising IGOs, helping tech startups respond effectively to enteprise prospect security questoinnaires and to rapidly achieve ISO 27001 certification.
Throughout this journey, one question kept coming up: What cloud security tools and solutions do you recommend? That question inspired me to bring cloudsecurity.org back—not as a blog, but as a directory for cloud security tools and resources.
What You'll Find Here
Cloudsecurity.org is a curated directory designed to help security professionals and CTOs navigate the vast landscape of cloud security tools. It includes resources from:
- Hands-on consulting experience
- Community-curated lists, like GitHub’s awesome projects
- The Marco Lancini's CloudSecList newsletter - dedicated to cloud security
- The tl;dr sec newsletter by Clint Gibler - easily one of my favourite cyber security newsletters
- Contributions from the wider security community
The directory covers:
- Solutions from Tech startups
- Open-source tools
- Solutions from major cloud providers
While I’ve personally used many of these tools, the directory isn’t a list of recommendations. It’s a comprehensive technical resource to help you quickly discover cloud security solutions tailored to your needs.
Why I Built This
Cloud security is complex, and finding the right tools can be overwhelming. I created this site to simplify that process, offering a clear, unbiased resource for discovering what’s out there.
Cloudsecurity.org is:
- Independent: An unbiased collection of available tools
- Comprehensive: Covering the broad spectrum of cloud security solutions
- Straightforward: Clear, factual information to aid decision-making
My Goal
I want this site to be the go-to resource for anyone trying to make sense of cloud security solutions. Whether you’re just starting out or you’ve been doing this for years, my goal is to help you get what you need faster so you can focus on solving real cloud security challenges.
Cloud computing isn’t getting any simpler, but finding the right tools doesn’t have to be hard.