Rocks, Pebbles, Shadow IT

By Rich Campagna, Chief Marketing Officer, Bitglass Way back in 2013/14, Cloud Access Security Brokers (CASBs) were first deployed to identify Shadow IT, or unsanctioned cloud applications. At the time, the prevailing mindset amongst security professionals was that cloud was bad, and discovering Shadow IT was viewed as the first step towards stopping the spread of cloud […]

Rethinking Security for Public Cloud

Symantec’s Raj Patel highlights how organizations should be retooling security postures to support a modern cloud environment By Beth Stackpole, Writer, Symantec Enterprises have come a long way with cyber security, embracing robust enterprise security platforms and elevating security roles and best practices. Yet with public cloud adoption on the rise and businesses shifting to […]

Bitglass Security Spotlight: Financial Services Facing Cyberattacks

By Will Houcheime, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent months: —Customer information exposed in Bankers Life hack—American Express India leaves customers defenseless—Online HSBC accounts breached—Millions of dollars taken from major Pakistani banks—U.S. government infrastructure accessed via DJI drones Customer information exposed in Bankers Life hack566,000 individuals have been notified […]

The 12 Most Critical Risks for Serverless Applications

By Sean Heide, CSA Research Analyst and Ory Segal, Israel Chapter Board Member When building the idea and thought process around implementing a serverless structure for your company, there are a few key risks one must take into account to ensure the architecture is gathering proper controls when speaking to security measures and how to […]

SaaS Apps and the Need for Specialized Security

By Paul Sullivan, Software Engineer, Bitglass Keeping cloud services running is a complex, multi-faceted endeavor for cloud service providers. They need to juggle adding new features, keeping their customers’ sensitive data secure, and having high uptime for their services – there is virtually no room for error. Microsoft learned about the need for high uptime […]

Deciphering DevSecOps

Security needs to be an integral part of the DevOps roadmap. Enterprise Strategy Group’s Doug Cahill shows the way By Beth Stackpole, Writer, Symantec Security has moved to the forefront of the IT agenda as organizations push forward with digital transformation initiatives. At the same time, DevOps, a methodology that applies agile and lean principles […]

Bitglass Security Spotlight: Breaches Expose Millions of Emails, Texts, and Call Logs

By Will Houcheime, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks:  —773 million email accounts published on hacking forum— Unprotected FBI data and Social Security numbers found online — Millions of texts and call logs exposed on unlocked server—South Korean Defense Ministry breached by hackers—Ransomware forces City Hall of Del […]

Security Risks and Continuous Development Drive Push for DevSecOps

How the need to speed application creation and subsequent iterations has catalyzed the adoption of the DevOps philosophy By Dwight B. Davis, Writer, Symantec The sharp rise in cyber security attacks and damaging breaches in recent years has driven a new mantra among both application developers and security professionals: “Build security in from the ground […]

CCSK Success Stories: From the Financial Sector

By the CSA Education Team This is the second part in a blog series on Cloud Security Training. Today we will be interviewing an infosecurity professional working in the financial sector. John C Checco is President Emeritus for the New York Metro InfraGard Members Alliance, as well as an Information Security professional providing subject matter […]

CCM Addenda Updates for Two Additional Standards

By the CSA CCM Working Group Dear Colleagues, We’re happy to announce the publication of the updated Cloud Controls Matrix (CCM) Addenda for the following standards: — German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5) — ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018 These CCM addenda aim to help organizations assess […]