Cloud 101
Circle
Events
Blog

All Articles

All Articles
Your Guide to IAM – and IAM Security in the Cloud

Blog Published: 01/27/2023

Originally published by Ermetic. As user credentials become a coveted target for attackers, IAM (Identity Access Management) technologies are gaining popularity among enterprises. IAM tools are used in part to implement identity-based access security practices in the cloud. But is IAM security en...

Everything You Need to Know About ISO 27001 Certification

Blog Published: 01/27/2023

Originally published by A-LIGN. With bad actors targeting sensitive data, many organizations are looking for new ways to monitor and improve their data security. Enter: ISO/IEC 27001:2013. A useful way to establish credibility with stakeholders, customers, and partners, ISO 27001 can help demon...

5 Timely SaaS Security Recommendations for 2023

Blog Published: 01/27/2023

Written by Jesse Butts, Head of Content & Communications, AppOmni. While our colleagues were winding down for the holidays, cybersecurity professionals spent the tail-end of 2022, and first week of 2023, responding to major SaaS breaches. Late December ushered in disclosures of Okta, ...

Herding Cats: How to Lead a Digital Transformation in a Federated Organization

Blog Published: 01/26/2023

Originally published by CXO REvolutionaries. Written by Yves Le Gelard, Former Group CIO and Chief Digital Officer, ENGIE. A tale of two types of organization Organizations embarking on digital transformations typically fall somewhere on a spectrum between rigidly hierarchical – in which leaders’...

What Are the DoD Cloud Computing Security Assessment Requirements?

Blog Published: 01/26/2023

Originally published by Schellman. Written by Jon Coffelt, Schellman. When you compare the two tallest mountains in the world—K2 and Everest—some of the facts might surprise you. For instance, did you know that K2’s climbing route is more technical than that of the tallest mountain in the world? ...

On the Criticality of SDLC Context for Vulnerability Remediation

Blog Published: 01/25/2023

Originally published by Dazz. Written by Eyal Golombek, Director of Product Management, Dazz. Risk can go undetected when full context of the SDLC is missing Risk to cloud environments originates from multiple possible sources. Managing cloud risk requires a deep understanding of how that risk en...

If You Could Only Ask One Question About Your Data, It Should be This

Blog Published: 01/25/2023

Originally published by Sentra. Written by Guy Spilberg, VP R&D, Sentra. When security and compliance teams talk about data classification, they speak in the language of regulations and standards. Personal Identifiable Information needs to be protected one way. Health data another way. Employ...

Egress URL Filtering: The Most Important Cloud Security Control You’re Probably Missing

Blog Published: 01/25/2023

Originally published by Valtix. Written by Vijay Chander, Valtix. As we work with enterprise cloud security architects daily, it’s abundantly clear that one of the top priorities in 2023 is how to standardize security policy enforcement through improved network architecture across project teams a...

Oops, I Leaked It Again — PII in Exposed Amazon RDS Snapshots

Blog Published: 01/24/2023

Originally published by Mitiga on November 16, 2022. Written by Ariel Szarf, Doron Karmi, and Lionel Saposnik. TL; DR: The Mitiga Research Team recently discovered hundreds of databases being exposed monthly, with extensive Personally Identifiable Information (PII) leakage. Leaking PII in th...

Cloud Economics: A Federal Perspective

Blog Published: 01/24/2023

Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. Migration to the cloud ecosystem has had a profound impact on all aspects of business, as the cloud provides many benefits and gives an enterprise a strategic advantage. The application of...

What is an Access Control Server in 3DS?

Blog Published: 01/24/2023

Originally published by TokenEx. Written by Anni Burchfiel, TokenEx. Quick Hits 3DS is a form of multifactor authentication used to reduce card-not-present fraud by verifying cardholder identities. The 3DS Access Control Server is a tool used by issuing banks to confirm the identity of the cardh...

Designing for Recovery: Infrastructure in the Age of Ransomware

Blog Published: 01/23/2023

Originally published by Nasuni. Written by Joel Reich, Nasuni. The menace of ransomware is driving increased security spending as organizations try to harden their systems against potential attacks, but ransomware is a new kind of threat. You can’t simply deploy tools to defend against the malwar...

Who Has Control: The SaaS App Admin Paradox

Blog Published: 01/23/2023

Originally published by Adaptive Shield. Written by Eliana Vuijsje, Adaptive Shield. Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization's external admin attempts to disable MFA for themselves. They don't think to consult with the security team and d...

To Secure the Atomized Network, Don’t Bring a Knife to a Gunfight

Blog Published: 01/23/2023

Originally published by Netography. Written by Martin Roesch, CEO, Netography. You don’t bring a knife to a gunfight. Yet, that’s exactly what we’re doing when we try to secure today’s atomized networks with piecemeal approaches and network security architectures designed decades ago. To fully ap...

5 Steps to Managing Third-Party Risk in the Healthcare Industry

Blog Published: 01/21/2023

Written by the Health Information Management Working Group. Healthcare organizations are struggling to identify, protect, detect, respond, and recover from third-party or vendor-related data breaches, vulnerabilities, and threat events. The number of third-party vendors that handle sensitive data...

Why Your Cloud Services Need the CSA STAR Registry Listing

Blog Published: 01/20/2023

Originally published by CAS Assurance. What is the CSA STAR Registry? The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry maintained by CSA and it documents the security, privacy and compliance postures of the cloud services off...

Double Trouble for Cyberinsurers

Blog Published: 01/20/2023

Originally published by Ericom Software. Written by Stewart Edelman, Ericom Software. Read Part 1 of this blog, "How Well Will Cyberinsurance Protect You When You Really Need It?," here. Times are tough for insurers, who face two distinct types of cybersecurity challenges: profiting from the cy...

Enabling Secure Cloud Migration to Enterprise Cloud Environments

Blog Published: 01/20/2023

Written by Andy Packham, Chief Architect and Senior Vice President, Microsoft Business Unit, and Syam Thommandru, Global Alliances and Product Management, Cybersecurity & GRC Services, HCLTech. Global enterprises are at an exciting new threshold of possibilities in the new normal. As remote w...

Social Engineering Tactics are Changing. Awareness Training Must Too.

Blog Published: 01/19/2023

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO - Americas, Zscaler. After hardening my corporate environment and improving our device management as CISO with previous organizations, I noticed that the would-be fraudsters quickly evolved their attack methods in response. I...

Proxying Your Way to SaaS Security? There’s a Better Approach!

Blog Published: 01/19/2023

Originally published by DoControl. Written by John Newsome, DoControl. Over the course of my 20 plus years in cybersecurity, I’ve had the opportunity to work for some outstanding companies and thought leaders in the industry. One of the most controversial and debated topics throughout this time h...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.