All Articles

All Articles
A Technical Analysis of the Capital One Cloud Misconfiguration Breach

Blog Published: 08/09/2019

This article was originally published on Fugue's blog here. By Josh Stella, Co-founder & Chief Technology Officer, Fugue This is a technical exploration of how the Capital One breach might have occurred, based on the evidence we have from the criminal complaint. I want to start by say...

Uncovering the CSA Top Threats to Cloud Computing with Jim Reavis

Blog Published: 08/08/2019

By Greg Jensen, Sr. Principal Director - Security Cloud Business Group, Oracle For the few that attend this year’s BlackHat conference kicking off this week in Las Vegas, many will walk away with an in depth understanding and knowledge on risk as well as actionable understandings on h...

Challenges & Best Practices in Securing Application Containers and Microservices

Blog Published: 08/08/2019

By Anil Karmel, Co-Chair, CSA Application Containers and Microservices (ACM) Working GroupApplication Containers have a long and storied history, dating back to the early 1960s with virtualization on mainframes up to the 2000s with the release of Solaris and Linux Containers (LXC). The rise of Do...

The Cloud in the Fight Against Cyber-Bullying

Blog Published: 08/07/2019

By the Cybersecurity International Institute (CSI) Learn about the upcoming innovative social project on Cyber-bullying using a cloud platform. The CSI Institute (Cybersecurity International Institute) is a non-governmental and not-for-profit organization. Our goal is to contribute to ...

Facebook Project Libra - the good, the bad, the ugly and why you should care

Blog Published: 08/05/2019

By Kurt Seifried, Chief Blockchain Officer, CSA So you’ve probably heard by now that Facebook will be creating a crypto-currency called “Project Libra” and if you haven’t well, now you know. So first let’s cover what is good about this. Facebook has announced Project Libra as a Stablec...

CCM v3.0.1. Update for AICPA, NIST and FedRAMP Mappings

Blog Published: 08/02/2019

Victor Chin and Lefteris Skoutaris, Research Analysts, CSA The CSA Cloud Controls Matrix (CCM) Working Group is glad to announce the new update to the CCM v3.0.1. This minor update will incorporate the following mappings: Association of International Certified Professional Accountants (AI...

Quantum Technology Captures Headlines in the Wall Street Journal

Blog Published: 08/01/2019

By the Quantum-Safe Security Working GroupLast month, we celebrated the 50th anniversary of the Apollo 11 moon landing. Apollo, which captured the imagination of the whole world, epitomizes the necessity for government involvement in long term, big science projects. What started as a fierce race ...

Use Cases for Blockchain Beyond Cryptocurrency

Blog Published: 07/31/2019

CSA’s white paper, Documentation of Relevant Distributed Ledger Technology and Blockchain Use Cases v2 is a continuation of the efforts made in v1. The purpose of this publication is to describe relevant use cases beyond cryptocurrency for the application of these technologies.In the process of o...

Organizations Must Realign to Face New Cloud Realities

Blog Published: 07/30/2019

Jim Reavis, Co-founder and Chief Executive Officer, CSAWhile cloud adoption is moving fast, many enterprises still underestimate the scale and complexity of cloud threatsTechnology advancements often present benefits to humanity while simultaneously opening up new fronts in the on-going and incre...

It's Time for Security Leadership to Embrace the Cloud-First Future

Blog Published: 07/29/2019

By Arif Kareem, CEO and President at ExtraHop NetworksOn the campus at Stanford Business School is a plaque engraved with a quote from Phil Knight, graduate of the business school and co-founder of Nike. I've visited the campus many times, and each time the words stop me in my tracks."There comes...

Cloud Security Alliance Releases Best Practices for Implementing a Secure Application Container Architecture

Press Release Published: 07/26/2019

Second report in series provides mitigation options for 18 possible risks surrounding integration of application containers into trustworthy, secure systemsSEATTLE – July 26, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications...

FedSTAR Pilot Program Status

Blog Published: 07/24/2019

As the use of cloud technology has become more widespread, the concern about cloud security has increased. Government agencies and private sector users are concerned with protecting data and ensuring service availability.  Many countries and private entities have designed and implemented securit...

4 Reasons Why IT Supervision is a Must in Content Collaboration

Blog Published: 07/23/2019

By István Molnár, Compliance Specialist, TresoritFor many organizations, workflow supervision is one of the biggest challenges to solve. Ideally users should be properly managed and monitored but sadly, countless organizations suffer from a lack of IT supervision. As a result, there is no telling...

Signal vs. Noise: Banker Cloud Stories by Craig Balding

Blog Published: 07/19/2019

A good question to ask any professional in any line of business is: which "industry events" do you attend and why?  Over a few decades of attending a wide variety of events - and skipping many more - my primary driver is "signal to noise" ratio.  In other words, I look for events attended by peo...

“Shift Left” to Harden Your Cloud Security Posture

Blog Published: 07/18/2019

This article was originally published on Fugue's blog here. By Josh Stella, Co-founder & Chief Technology Officer, Fugue After a decade-long uneasy courtship with cloud computing, enterprises are migrating their IT systems to platforms like AWS and Azure as fast as they can. This means...

Cloud Security Alliance Releases New Research Identifying Challenges in Securing Application Containers and Microservices

Press Release Published: 07/16/2019

Report identifies challenges in securing application containers and microservices through the lens of the developer, operator and architect SEATTLE – July 16, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best pra...

Cloud Security Alliance Releases Cloud Penetration Testing Playbook

Press Release Published: 07/12/2019

Reports provides foundation for public cloud penetration testing methodology SEATTLE – July 12, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, tod...

How Traffic Mirroring in the Cloud Works

Blog Published: 07/08/2019

By Tyson Supasatit, Sr. Product Marketing Manage, ExtraHop Learn how Amazon traffic mirroring and the Azure vTAP fulfill the SOC visibility triad After years of traffic mirroring not being available in the cloud, between Amazon VPC traffic mirroring and the Azure vTAP, it's finally here! ...

Highlights from the CSA Summit at Cyberweek

Blog Published: 07/03/2019

By Moshe Ferber, Chairman, Cloud Security Alliance, Israel and Damir Savanovic, Senior Innovation Analyst, Cloud Security AllianceThe city of Tel Aviv is crowded throughout the year with a buzzing cybersecurity ecosystem, but in the last week of June, this ecosystem comes to boil when Tel Aviv Un...

Cloud Security Alliance Congress EMEA 2019 Call for Papers 
Deadline Extended

Press Release Published: 07/02/2019

Papers examining new frontiers accelerating change in information security are sought Berlin, Germany – June 26, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.