Cloud Security Alliance Expands CCSK Training Program
Press Release Published: 06/25/2014
CSA selects HP as Master Training Partner for China and Japan Seattle, WA – June 17, 2014 – The Cloud Security Alliance (CSA) today announced that in recognition of the success and growth of the CSA Certificate of Cloud Security Knowledge (CCSK) Certification training program conducted by HP, t...
The 5 Steps to Prepare for a PCI Assessment
Blog Published: 06/19/2014
Preparing for a Payment Card Industry (PCI) compliance assessment is a major task for any size organization. However, companies that store, process, or transmit credit card transactions are required to comply with PCI's Data Security Standards (DSS). PCI DSS includes up to 13 requirements that sp...
Security as a Service (SecaaS) Working Group 2014 Kick-Off Call
Press Release Published: 06/16/2014
The Security as a Service (SecaaS) Working Group will be kicking off their latest research efforts on: Monday June 16th at 9:00am PDT (GMT-7) (Meeting details are below) The latest developments will be towards an updated "Defined Categories of Service v2.0" and includes: Proposals for new...
OpenSSL CCS Injection Vulnerability Countdown
Blog Published: 06/16/2014
By Krishna Narayanaswamy, Netskope Chief ScientistOn June 5, researchers discovered an OpenSSL vulnerability (CVE-2014-0224) that could result in a man-in-the-middle attack exploiting some versions of OpenSSL. Called the OpenSSL Change Cipher Spec (CCS) Injection, this vulnerability requires that...
Virtualization Working Group 2014 Kick-Off Call
Press Release Published: 06/13/2014
The Cloud Security Alliance Virtualization Working Group is seeking volunteers to participate in developing and maintaining a research portfolio providing capabilities to assist the cloud provider industry in research of the combined virtualized operating systems and future technologies. The grou...
TweetDeck — Just another hack or a missed opportunity to tighten cloud security?
Blog Published: 06/13/2014
June 12, 2014By Harold Byun, Senior Director of Product Management, Skyhigh Networks The recent TweetDeck hack on Twitter presents a common cloud dilemma for information security teams. On the one hand, the BYOX trends that drive cloud service adoption and worker self-enablement are transform...
DON’T GET SNOWDENED: 5 QUESTIONS EVERY CEO SHOULD ASK THEIR CIO / CISO
Blog Published: 06/05/2014
By Sekhar Sarukkai, Founder, VP of EngineeringSkyhigh NetworksToday is the 1-year anniversary of the historic Snowden disclosure. In the year since the first stories about Edward Snowden appeared, one of the lasting affects of the scandal is a heightened awareness of the risk posed by rogue insi...
The Evolution of Threats against Keys and Certificates
Blog Published: 06/05/2014
By George Muldoon, Regional Director, Venafi In my blog post about the Heartbleed hype, I stress that threats against keys and certificates neither started with the Heartbleed vulnerability, nor certainly will end with it. Threats specifically against keys and certificates go back to 2009 and 20...
The Cloud Multiplier Effect on Data Breaches
Blog Published: 06/04/2014
by Krishna Narayanaswamy, Chief Scientist at NetskopeAll of the things we love about cloud and SaaS apps can also put us at risk of a data breach. First, we love that we can get our favorite apps quickly and easy without having to answer to anyone. This leads to massive app growth, usually of inh...
Heartbleed Hype Left Enterprises Uninformed
Blog Published: 06/03/2014
By George Muldoon, Regional Director, Venafi In early April, the vulnerability known simply as “Heartbleed” became the latest rage. During the first week after discovery, the mainstream media aggressively reported on Heartbleed, stirring up a tornado of fear, uncertainty, and doubt amongst all I...
Too Many Employees Ignore BYOD Security
Blog Published: 06/02/2014
By Nina Seth, AccellionConsidering the risks that BYOD mobile activity can pose to enterprises, CIOs have a right to be dismayed by two recent surveys showing just how little some employees care about protecting data on mobile devices.A recent survey by Centrify found that: 43% have accessed se...
5 Ways to Prevent Unauthorized Access of Misused Mobile Certificates
Blog Published: 05/28/2014
By Patriz Regalado, Product Marketing Manager, Venafi Mobile devices and mobile applications are becoming more dangerous threat vectors against the corporate network. Android devices seem to be continually under attack with new reports of malware appearing at an astounding rate of 197% from 2012...
Join CSA at Black Hat 2014 – Registration Discounts for Members
Press Release Published: 05/27/2014
We invite CSA members to join us at Black Hat 2014 taking place August 2-7 at the Mandalay Bay in Las Vegas. Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 17th year to Las Vegas, it will bring together the brightest in the wor...
CSA APAC Update
Press Release Published: 05/21/2014
1) Cloud Vulnerabilities Working Group Founded by the CSA APAC region in May 2013, the CSA Cloud Vulnerabilities Working Group (CVWG) is a global work group chartered to conduct research in the area of cloud computing vulnerabilities, with the goals of understanding and educating the classificati...
Volunteer Spotlight: Henry St Andre
Press Release Published: 05/21/2014
Henry St. Andre’s work in the IT and telecom industries dates back to the divestiture of AT&T and the creation of the competitive long distance industry. Henry spent those years in operations managing network operation centers. In 2003, Henry went to work for inContact, a cloud provider of co...
Cloud Security Alliance Opens Registration for CSA Congress 2014
Press Release Published: 05/19/2014
Special Pricing Offered for Early Registration to Event Covering All Aspects of Privacy and Cloud Security Seattle, WA – May 19, 2014 – The Cloud Security Alliance (CSA) today announced the opening of registration for its annual CSA Congress 2014 scheduled to take place September 17-19, 2014, a...
Cloud Security Alliance Announces China Representative Office, Forms Strategic Partnership With China Government-Academia-Industry Partners, And Expands Its Chinese Corporate Members.
Press Release Published: 05/19/2014
CSA Makes Strong Long-Term Commitments in China Beijing – May 19, 2014 – The Cloud Security Alliance (CSA) today held a special event to announce the establishment of the new CSA China Representative Office in Beijing. The CSA also signed a total of seven strategic partnership agreements with m...
Have You Budgeted for the Next Heartbleed?
Blog Published: 05/15/2014
By Gavin Hill, Director/Product Marketing and Threat Intelligence, Venafi Last month the Heartbleed vulnerability took the world by storm. IT groups across the globe scrambled to patch systems that were susceptible to the OpenSSL vulnerability known as Heartbleed. Y2K—the millennium bug—has been...
SOC in 5 Simple Steps
Blog Published: 05/09/2014
By Ryan Dean, Senior AssociateBrightLineAs an audit firm, we are frequently contacted by service organizations that know they need a SOC report (usually by way of a client request), but don’t know where to begin. With that in mind, I have broken down the process of obtaining a SOC report into fiv...
CLOUD SECURITY INNOVATORS – Q+A WITH GEORGE DO, CISO, EQUINIX
Blog Published: 05/07/2014
April 30, 2014 By Brandon Cook, director of product marketing (@BCookshow) Skyhigh Networks We are incredibly excited to feature a Q+A session with George Do, CISO of Equinix, as the first in our new monthly Skyhigh Networks Cloud Security Innovators blog series. Every month we will inter...