All Articles

All Articles
US CLOUD Act Drives Adoption of Cloud Encryption

Blog Published: 09/05/2018

By Rich Campagna, Chief Marketing Officer, BitglassThe US Clarifying Lawful Overseas Use of Data (CLOUD) Act was quietly enacted into law on March 23, 2018. I say quietly due to the controversial nature of how it was passed—snuck into the back of a 2,300 page Federal spending bill on the eve of C...

California's CCPA Brings EU Data Privacy to the US

Blog Published: 08/27/2018

By Rich Campagna, Chief Marketing Officer, BitglassOver the summer a new data privacy law, the California Consumer Privacy Act of 2018 (CCPA), was passed. Assembly Bill 375 is scheduled to go into effect on Jan 1, 2020, which means there will likely be a lot of change before we see the final, enf...

Software-Defined Perimeter Architecture Guide Preview: Part 2

Blog Published: 08/23/2018

Part 2 in a four-part seriesBy Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc.Thanks for returning for the second blog posting, providing a preview of the forthcoming Software-Defined Perimeter (SDP) Architecture Guide (Read Part 1). In this article, we focus on the...

EU GDPR vs US: What Is Personal Data?

Blog Published: 08/20/2018

  By Rich Campagna, Chief Marketing Officer, Bitglass May 25, 2018—GDPR enforcement day,—has come and gone with little fan fare (and about 6 quadrillion privacy policy updates), but that doesn't mean we all know what to do to get into compliance. In fact, some measures put only one third of org...

Cloud Security Alliance Releases Malaysia Financial Sector Cloud 
Adoption Report

Press Release Published: 08/20/2018

Survey offers insight into areas of cloud adoption, IT security budgets, cloud computing, cyber security skills KUALA LUMPUR, MALAYSIA – August 20, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to hel...

CVE and Cloud Services, Part 1: The Exclusion of Cloud Service Vulnerabilities

Blog Published: 08/13/2018

By Kurt Seifried, Director of IT, Cloud Security Alliance and Victor Chin, Research Analyst, Cloud Security Alliance The vulnerability management process has traditionally been supported by a finely balanced ecosystem, which includes such stakeholders as security researchers, enterprises, and ve...

CSA Releases Top Threats to Cloud Computing: Deep Dive

Press Release Published: 08/08/2018

Paper identifies chief cloud security risks, how they fit in a greater security analysis BLACKHAT LAS VEGAS – AUGUST 8, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure clou...

CSA, OWASP Issue Updated Guidance for Secure Medical 
Device Deployment

Press Release Published: 08/07/2018

Report includes enhanced sections on purchasing and mechanism controls, as well as relevant FDA guidance BLACKHAT LAS VEGAS – AUGUST 7, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure...

Software-Defined Perimeter Architecture Guide Preview

Blog Published: 07/31/2018

Part 1 in a four-part series.By Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc.The Software-Defined Perimeter (SDP) Working Group was founded five years ago, with a mission to promote and evangelize a new, more secure architecture for managing user access to applica...

Convincing Organizations to Say “Yes to InfoSec”

Blog Published: 07/20/2018

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Security departments have their hands full. The first half of my career was government-centric, and we always seemed to be the "no" team, eliminating most initiatives before they started. The risks were often found to outweigh the benefits, ...

What Is a CASB?

Blog Published: 07/16/2018

By Dylan Press, Director of Marketing, Avanan Email is the #1 attack vector. Cloud Account Takeover is the #1 attack target. A CASB is the best way to protect against these threats. Gartner first defined the term Cloud Access Security Broker (CASB) in 2011, when most IT applications were hoste...

Avoiding Cyber Fatigue in Four Easy Steps

Blog Published: 07/12/2018

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Cyber alert fatigue. In the cybersecurity space, it is inevitable. Every day, there will be a new disclosure, a new hack, a new catchy title for the latest twist on an old attack sequence. As a 23-year practitioner, the burnout is a real th...

Methodology for the Mapping of the Cloud Controls Matrix

Blog Published: 07/09/2018

By Victor Chin, Research Analyst, Cloud Security AllianceThe Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud customers seeking to assess the overall security risk of a cloud service. To reduce compliance fatigue i...

Cloud Migration Strategies and Their Impact on Security and Governance

Blog Published: 06/29/2018

By Peter HJ van Eijk, Head Coach and Cloud Architect, ClubCloudComputing.com Public cloud migrations come in different shapes and sizes, but I see three major approaches. Each of these has very different technical and governance implications. Three approaches to cloud migration Companies dying...

Top Security Tips for Small Businesses

Blog Published: 06/27/2018

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Most small businesses adopt some sort of cloud offering, be it Software as a Service like Quickbooks or Salesforce, or even renting computers in Amazon Web Services or Microsoft’s Azure, in an Infrastructure as a Service environment. You get...

Updated CCM Introduces Reverse Mappings, Gap Analysis

Blog Published: 06/26/2018

By Sean Cordero, VP of Cloud Strategy, NetskopeSince its introduction in 2010, the Cloud Security Alliance’s Cloud Control Matrix (CCM) has led the industry in the measurement of cloud service providers (CSP). The CCM framework continues to deliver for CSPs and cloud consumers alike a uniform set...

Cybersecurity Trends and Training Q and A

Blog Published: 06/22/2018

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Q: Why is it important for organizations and agencies to stay current in their cybersecurity training? A: Changes accelerate in technology. There's an idea called Moore's Law, named after Gordon Moore working with Intel, that the power of a ...

Cybersecurity Certifications That Make a Difference

Blog Published: 06/14/2018

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC The security industry is understaffed. By a lot. Previous estimates by the Ponemon Institute suggest as much as 50 percent underemployment for cybersecurity positions. Seventy percent of existing IT security organizations are understaffed ...

Microsoft Workplace Join Part 2: Defusing the Security Timebomb

Blog Published: 06/13/2018

By Chris Higgins, Technical Support Engineer, Bitglass In my last post, I introduced Microsoft Workplace Join. It’s a really convenient feature that can automatically log users in to corporate accounts from any devices of their choosing. However, this approach essentially eliminates all sense of...

Cloud Security Alliance Issues Recommendations on Firmware Integrity 
in the Cloud Data Center

Press Release Published: 06/12/2018

Group calls for more standardization from hardware manufacturers to improve security SEATTLE, WA – JUNE 12, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing env...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.