CloudSec Academy

Welcome to CloudSec Academy, your guide to navigating the alphabet soup of cloud security acronyms and industry jargon. Cut through the noise with clear, concise, and expertly crafted content covering fundamentals to best practices.

Azure Security Risks & Mitigation Steps

Wiz Experts Team

This article offers an extensive examination of Azure environments’ most pressing security risks along with suggested approaches for effectively mitigating these challenges.

Remote Code Execution Attacks Explained

Wiz Experts Team

Remote code execution refers to a security vulnerability through which malicious actors can remotely run code on your systems or servers.

Understanding Cloud Security Risks

Wiz Experts Team

A cloud security risk is any threat that might impact the confidentiality, integrity, and availability (CIA) of data and applications hosted in the cloud.

Cloud Sprawl Explained

Wiz Experts Team

Cloud sprawl is a phenomenon that involves the unmanaged growth of cloud-based resources and services.

CSPM vs DSPM: Why You Need Both

Wiz Experts Team

Discover the similarities between CSPM and DSPM, what factors set them apart, and which one is the best choice for your organization’s needs.

Container monitoring explained

Container monitoring is the process of collecting, analyzing, and reporting metrics and data related to the performance and health of containerized applications and their hosting environments.

Data Exfiltration Explained

Wiz Experts Team

Data exfiltration is when sensitive data is accessed without authorization or stolen. Just like any data breach, it can lead to financial loss, reputational damage, and business disruptions.

Cloud Migration Security Explained

Cloud migration security is a facet of cybersecurity that protects organizations from security risks during a transition to cloud environments from legacy infrastructure, like on-premises data centers.

Kubernetes RBAC Explained

Kubernetes role-based access control (RBAC) serves as a foundational security layer within Kubernetes. It is essential for regulating access to the K8s API and its resources, allowing organizations to define user roles with specific permissions to effectively control who can see or interact with what resources within a cluster.

What is CWPP? [Cloud Workload Protection Platform]

Wiz Experts Team

A cloud workload protection platform (CWPP) is a security solution that provides continuous threat monitoring and protection for cloud workloads across different types of cloud environments.

Code Security

Code security, also known as secure coding, refers to the practices, methodologies, and tools designed to ensure that the code written for applications and systems is secure from vulnerabilities and threats.

Principle of Least Privilege (POLP)

Wiz Experts Team

The principle of least privilege (PoLP) is a cybersecurity concept in which users, processes, and devices are granted the minimum access and permissions necessary to perform their tasks

Cloud Infrastructure Security Explained

Wiz Experts Team

Cloud infrastructure security describes the strategies, policies, and measures that organizations implement to protect cloud-based systems, data, and infrastructure from threats and vulnerabilities.

Lateral Movement Explained

Wiz Experts Team

Lateral movement is a cyberattack technique used by threat actors to navigate a network or environment in search of more valuable information after gaining initial access.

Credential Stuffing Explained

Wiz Experts Team

Credential stuffing is a type of cyberattack where automated tools are used to repeatedly inject stolen username/password combinations into various services to gain access to legitimate users’ accounts in addition to those that were originally breached.

Container Orchestration

Container orchestration involves organizing groups of containers that make up an application, managing their deployment, scaling, networking, and their availability to ensure they're running optimally.

Native Azure Security Tools

Wiz Experts Team

This blog explores the significance of security in Azure environments and provides an overview of native as well as third-party security tools available to improve an organization’s Azure security stance.

Cross-site scripting

Wiz Experts Team

Cross-site scripting (XSS) is a vulnerability where hackers insert malicious scripts inside web applications with the aim of executing them in a user’s browser.

SBOM Security

A Software Bill of Material (SBOM) is a comprehensive inventory that details every software component that makes up an application.

What is a man-in-the-middle attack?

Wiz Experts Team

A man-in-the-middle (MitM) attack is a type of cyberattack where a hacker intercepts data transferred between two parties.

Kubernetes secrets

A Kubernetes secret is an object in the Kubernetes ecosystem that contains sensitive information (think keys, passwords, and tokens)

What is containerization?

Containerization encapsulates an application and its dependencies into a container image, facilitating consistent execution across any host operating system supporting a container engine.

Containers vs. VMs: What’s the difference?

Wiz Experts Team

In a nutshell, containers and virtual machines (VMs) are two inherently different approaches to packaging and deploying applications/services in isolated environments.

Kubernetes as a service

Kubernetes as a service (KaaS) is a model in which hyperscalers like AWS, GCP, and Azure allow you to quickly and easily start a Kubernetes cluster and begin deploying workloads on it instantly.

Brute Force Attacks

Wiz Experts Team

A brute force attack is a cybersecurity threat where a hacker attempts to access a system by systematically testing different passwords until a correct set of credentials is identified.

CSPM vs. SSPM

Wiz Experts Team

This post discusses CSPM and SSPM in depth to reveal their respective use cases. You'll also learn how CSPM and SSPM complement each other to strengthen your overall security posture.

AWS Security Risks

Wiz Experts Team

This article examines common AWS security challenges, including identity and access control gaps, data exposure risks, and monitoring blind spots.

CIEM vs. IAM

Wiz Experts Team

In this article, we'll compare CIEM and IAM to explain how these crucial techniques help reduce your attack surface.

Shadow Data

Wiz Experts Team

Shadow data is any data that is created, stored, or shared outside of an organization's formal IT environment and management policies.

Vulnerability Scanning

Wiz Experts Team

Vulnerability scanning is the process of detecting and evaluating security flaws in IT systems, networks, and software.

Cloud Data Security

Wiz Experts Team

Cloud data security is the comprehensive strategy of preventing data loss or leakage in the cloud from security threats like unauthorized access, data breaches, and insider threats.

What is privilege escalation?

Privilege escalation is when an attacker exploits weaknesses in your environment or infrastructure to gain higher access and control within a system or network.

Kubernetes Vulnerability Scanning

Kubernetes vulnerability scanning is the systematic process of inspecting a Kubernetes cluster (including its container images and configurations) to detect security misconfigurations or vulnerabilities that could compromise the security posture of the cluster.

Understanding the Shared Responsibility Model

Wiz Experts Team

The shared responsibility model is a framework establishing cloud security responsibilities between cloud service providers (AWS, GCP, Azure) and customers.

Serverless Security Explained

Wiz Experts Team

Serverless security is the extra layer of protection designed for applications built on a serverless architecture. In this type of cloud computing, you write the code (functions) but the cloud provider handles the servers. This creates a different security approach.

Multi Cloud Security

Wiz Experts Team

Multi Cloud Security is the combination of strategies, controls, and technologies designed to address the complex challenges of a multi cloud environment.

Cloud Security Strategy

Wiz Experts Team

A cloud security strategy is the combination of the measures, tools, policies, and procedures used to secure cloud data, applications, and infrastructure.

Rootkits Explained

Wiz Experts Team

A rootkit is a suite of software designed to grant a cyberattacker privileged access while disguising the invasion to evade detection.

Risk-Based Vulnerability Management

Wiz Experts Team

Risk-based vulnerability management is a vulnerability management approach that prioritizes vulnerabilities that pose the greatest risk to an organization.

Container Registries Explained

A container registry is a service that stores, manages, and distributes application images. Its architecture is designed to ensure availability by providing a centralized resource for container image discovery, distribution, and deployment.

Top Docker Alternatives

Wiz Experts Team

In this guide, we'll look at a variety of Docker alternatives that provide different benefits for your workloads—such as daemonless operation, a simplified management experience, improved container security, and enhanced scalability and orchestration for production environments.

What is DevSecOps?

DevSecOps, which stands for Development, Security, and Operations, is a software development practice that emphasizes integrating security considerations throughout the entire development lifecycle, from initial design to deployment and ongoing maintenance.

What is Container Security?

Container security is the process of securing the container pipeline, the content running inside the containers, and the infrastructure on which the containers run.

Kubernetes Alternatives for Container Orchestration

Wiz Experts Team

This blog post explores the world of container orchestration tools beyond Kubernetes, highlighting cloud provider tools and open-source alternatives that promise to redefine how we deploy and manage applications.

What is a Reverse Shell Attack?

Wiz Experts Team

A reverse shell attack is a type of cyberattack where a threat actor establishes a connection from a target machine (the victim's) to their machine.

What is Cloud Encryption?

Cloud encryption is the process of transforming data into a secure format that's unreadable to anyone who doesn't have the key to decode it.

Microservices Security Best Practices

Microservices security is the practice of protecting individual microservices and their communication channels from unauthorized access, data breaches, and other threats, ensuring a secure overall architecture despite its distributed nature.

AI Security Tools: The Open-Source Toolkit

We’ll take a deep dive into the MLSecOps tools landscape by reviewing the five foundational areas of MLSecOps, exploring the growing importance of MLSecOps for organizations, and introducing six interesting open-source tools to check out

CIEM vs CSPM: Why You Need Both

Wiz Experts Team

CSPM focuses on securing cloud infrastructure by identifying and remediating misconfigurations, while CIEM centers on managing and securing user identities and access permissions within cloud environments, addressing threats related to unauthorized access and entitlements.

What is DSPM? [Data Security Posture Management]

Wiz Experts Team

Data security posture management (DSPM) is a solution designed to continuously monitor an organization's data security policies and procedures to detect vulnerabilities and potential risks.

DevSecOps Best Practices Checklist

Wiz Experts Team

In this article, we’ll look at the emergence of DevSecOps and then discuss actionable best practices for integrating DevSecOps into your workflows.

CNAPP vs CSPM

Wiz Experts Team

Learn where CNAPP and CSPM overlap, where they differ, and which one is right for your organization.

IAM Security Explained

IAM security consists of policies and technologies designed to ensure that only authorized individuals gain access to the relevant resources within an organization.

Cloud Compliance: A Fast-Track Guide

Cloud compliance is the series of procedures, controls, and organizational measures you need to have in place to ensure your cloud-based assets meet the requirements of the data protection regulations, standards, and frameworks that are relevant to your organization.

AKS Security Best Practices

Azure Kubernetes Service (AKS) delivers Kubernetes as a managed service in Azure and is popular among organizations looking for a hassle-free Kubernetes solution in the cloud.

Enterprise Cloud Security 101

Wiz Experts Team

Enterprise cloud security is the comprehensive set of practices, policies, and controls used by organizations to protect their data, applications, and infrastructure in the cloud.

Container Platforms

Wiz Experts Team

A container platform is a comprehensive solution that allows organizations to efficiently create, deploy, and manage containers.

CSPM vs CWPP

Wiz Experts Team

Learn where CSPM and CWPP overlap, where they differ, and which one is right for your organization.

What is CSPM?

Cloud security posture management (CSPM) is a set of tools and practices that help organizations monitor and manage their cloud security posture.

Cloud Management 101

Wiz Experts Team

Cloud management refers to the monitoring, maintenance, and operation of data, apps, and infrastructure hosted on the cloud.

Cloud Governance

Wiz Experts Team

Cloud governance entails the policies, processes, and controls an organization puts in place to ensure the effective and secure management of its cloud resources and services.

What is an Attack Surface?

Wiz Experts Team

An attack surface is refers to all the potential entry points an attacker could exploit to gain unauthorized access to a system, network, or data.

Secure Coding Explained

Wiz Experts Team

Secure coding is the practice of developing software that is resistant to security vulnerabilities by applying security best practices, techniques, and tools early in development.

Cloud Security Architecture

Wiz Experts Team

Cloud security architecture is a broad set of principles designed to guide the implementation of security controls, practices, and solutions within a cloud computing environment.

Security Posture Explained

Wiz Experts Team

Security posture is the overall defensive strength of an enterprise’s IT infrastructure, which comprises hardware, software, practices, policies, and personnel.

Types of Cloud Security Tools

Wiz Experts Team

Explore the security roles your tools should cover, then outline the key tool types to help you build your security workflows.

Essential Cloud Security Controls

Wiz Experts Team

Learn to navigate the complexities of cloud security, including the knowledge and tools required to build a robust and proactive defense against ever-evolving cyber threats.

What is KSPM?

Kubernetes Security Posture Management (KSPM) is the practice of monitoring, assessing, and ensuring the security and compliance of Kubernetes environments.

Cloud Native Security

Wiz Experts Team

Cloud native security refers to the practices, tools, and policies that protect cloud native applications and infrastructures.

Software Composition Analysis

Wiz Experts Team

Software composition analysis (SCA) tools index your software dependencies to give you visibility into the packages you're using and any vulnerabilities they contain.

Cloud Vulnerability Management

Wiz Experts Team

Cloud vulnerability management is the continuous process of identifying, classifying, prioritizing, and remediating security vulnerabilities in your cloud environment.

Container Security Scanning

Container security scanning is a process that systematically analyzes container images for vulnerabilities and security issues, allowing developers to address potential threats before they escalate into breaches.

Container Image Signing

Container image signing is a critical security process for establishing trust. Just as you'd expect a signature to verify the authenticity of a document, image signing does the same for container images—those neat packages that carry your code along with all the necessary parts to run it anywhere.

Container Scanning Tools

Looking to make the most of containerization while minimizing risk? Container scanning solutions are a critical line of defense that help ensure the safe and secure deployment of applications.

What is Shadow AI?

Wiz Experts Team

Shadow AI is the unauthorized use or implementation of AI that is not controlled by, or visible to, an organization’s IT department.

Malicious Code Explained

Wiz Experts Team

Malicious code is any software or programming script that exploits software or network vulnerabilities and compromises data integrity.

Secure SDLC

Secure SDLC (SSDLC) is a framework for enhancing software security by integrating security designs, tools, and processes across the entire development lifecycle.

Cloud Workload Security Explained

Wiz Experts Team

Cloud workload security, also known as cloud workload protection, is a set of security controls and tools aimed at protecting cloud-based workloads.

Azure Security vs. AWS Security: A Comparative Analysis

Wiz Experts Team

To help you make an informed decision, we've crafted a comprehensive comparison of AWS and Azure security, empowering you to select the cloud provider that seamlessly integrates with your unique needs.

Hybrid Cloud Security Explained

Wiz Experts Team

Hybrid cloud security is a combination of strategies, technologies, and teams working in unison to secure an organization’s hybrid cloud environment.

Public Cloud Security Explained

Wiz Experts Team

Public cloud security describes establishing cybersecurity measures to secure public cloud environments accessible to multiple users or organizations.

AI Security Explained: How to Secure AI

Wiz Experts Team

AI is the engine behind modern development processes, workload automation, and big data analytics. AI security is a key component of enterprise cybersecurity that focuses on defending AI infrastructure from cyberattacks.

Private Cloud Security Explained

Wiz Experts Team

Private cloud security is a term that describes the tools and techniques used to secure private cloud environments.

Cloud Security Standards

Wiz Experts Team

Cloud security standards include clear steps that organizations can take to secure their cloud environments and mitigate the risk of cyberattacks.

CI/CD Pipeline Security Best Practices

Continuous integration and continuous delivery (CI/CD) have become the backbone of modern software development, enabling rapid, reliable, and consistent delivery of software products. To bolster your CI/CD pipeline, ensuring resilience against ever-evolving threats, follow the best practices in this guide.

6 Key HIPAA Considerations in the Cloud

Wiz Experts Team

Although the HIPAA doesn't make any specific reference to the cloud, it is a completely different IT environment from the on-premises data center—with different compliance challenges. Learn some of the key HIPAA considerations when you host your healthcare workloads in the cloud.

IaC Security Explained

Infrastructure as Code (IaC) security is the practice of securing cloud infrastructure by embedding security controls into IaC templates and scripts.

Essential Azure Security Best Practices

Wiz Experts Team

Between its reliability and its robust scalability, Azure has become an integral part of many organizations' cloud architecture. Learn how to secure your Azure deployment with these 5 essential best practices.

Security Misconfigurations

Wiz Experts Team

A security misconfiguration is when incorrect security settings are applied to devices, applications, or data in your infrastructure.

FISMA Compliance Fast Track Guide

Wiz Experts Team

FISMA compliance is the set of processes, controls, and protocols an organization must have in place to ensure its information assets satisfy the requirements of the Federal Information Security Management Act (FISMA).

The most common Kubernetes security issues and challenges

Wiz Experts Team

The open-source nature of Kubernetes means that it is continually being updated and improved, which introduces new features and functionalities—as well as new vulnerabilities. Understand the most pressing K8 security challenges.

The top 11 open-source Kubernetes security tools

It’s a good idea to consider a range of Kubernetes security tools. Open source solutions can greatly improve the security of your Kubernetes clusters, so this section explores the top 11 open-source Kubernetes security tools that can help to safeguard your Kubernetes environment.

Patch Management Explained

Wiz Experts Team

Patch management is the process of planning, testing, and applying updates to software systems and applications to address vulnerabilities, fix bugs, and improve overall system performance.

Will AI Replace Cybersecurity?

Wiz Experts Team

The short answer is no, AI is not expected to replace cybersecurity or take cybersecurity jobs.

AWS Security Best Practices

Wiz Experts Team

10 essential AWS security best practices every organization should start with

7 Cloud Security Challenges

Wiz Experts Team

As companies transition to the cloud, they are sure to be confronted with these seven security challenges.

What is cloud security?

Wiz Experts Team

Cloud security refers to a set of policies, controls, procedures, and technologies that work together to protect cloud-based systems, data, and infrastructure.

The CSPM Solutions Landscape 2024

Wiz Experts Team

A walk through of what the cloud security posture management (CSPM) landscape will look like this year.

8 All-Too-Common Cloud Vulnerabilities

Wiz Experts Team

We outline the most common cloud vulnerabilities with real-life examples of attacks that exploited these vulnerabilities, and simple steps you can take to mitigate them.

Top Native AWS Security Tools

Wiz Experts Team

11 native tools for IAM, data protection, network and application protection, compliance management, and threat detection

What is API security?

API security encompasses the strategies, procedures, and solutions employed to defend APIs against threats, vulnerabilities, and unauthorized intrusion.

What is Vulnerability Management?

Wiz Experts Team

Vulnerability management involves continuously identifying, managing, and remediating vulnerabilities in IT environments, and is an integral part of any security program.

Shadow IT Explained

Wiz Experts Team

Shadow IT is an employee’s unauthorized use of IT services, applications, and resources that aren’t controlled by—or visible to—an organization’s IT department.