Cloud 101CircleEventsBlog
Register now for CSA’s free Virtual AI Summit taking place January 17-18th

All Articles

All Articles
Leveraging Metrics to Enhance Your Insider Risk Management Program

Blog Published: 10/18/2023

Originally published by Code42. Written by Wendy Overton.In today’s dynamic cybersecurity landscape, organizations must proactively manage and monitor their Insider Risk. Effectively measuring the performance of an Insider Risk program and communicating its effectiveness and needs to senior leade...

Cracking the Code: How to Protect Secrets in Dev Environments

Blog Published: 10/18/2023

Originally published by BigID. Written by Sarah Hospelhorn, Chief Marketing Officer, BigID. As the digital ecosystem continues to grow, so does the risk of data breaches and security vulnerabilities. One common and overlooked danger is the presence of “secrets” in code repositories.Secrets, which...

The Importance of the Shared Responsibility Model for Your Data Security Strategy

Blog Published: 10/17/2023

Originally published by Dig Security. Written by Sharon Farber. A shared responsibility model is a cloud security framework that outlines the distribution of security and compliance responsibilities between the cloud service provider (CSP) and the customer. There has been a long debate about who ...

New Container Exploit: Rooting Non-Root Containers with CVE-2023-2640 and CVE-2023-32629, aka GameOver(lay)

Blog Published: 10/17/2023

Originally published by CrowdStrike. Two new privilege escalation CVEs, CVE-2023-2640 and CVE-2023-32629, have been discovered in the Ubuntu kernel OverlayFS module. The CVEs affect not only any Ubuntu hosts running with vulnerable kernel versions but also any containers running on those hosts.Cr...

Espionage Fuels Global Cyberattacks

Blog Published: 10/16/2023

Originally published by Microsoft. Written by Tom Burt, Corporate Vice President, Customer Security & Trust, Microsoft. In the past year, cyberattacks have touched 120 countries, fueled by government-sponsored spying and with influence operations (IO) also rising. At times, nearly half of the...

BEC and VEC Attacks on the Rise in 2023

Blog Published: 10/16/2023

Originally published by Abnormal Security. Written by Jade Hill. Despite advancements in legacy security and increased employee awareness, cybercriminals still see email as a primary channel for attacks. And it’s easy to understand why—employees continue to fall for social engineering and financi...

Demystifying Secure Architecture Review of Generative AI-Based Products and Services

Blog Published: 10/16/2023

Written by Satish Govindappa. AbstractIn the era of transformative technologies, Generative AI (GenAI) has emerged as a powerful force, redefining how we interact with data and information. It has unlocked the potential for innovation across various domains, from content generation to problem-sol...

​Zero Trust Approach: Elevating Secure Identity and Access Management

Blog Published: 10/13/2023

In a digital landscape where the term “Zero Trust” (ZT) seems both everywhere and elusive, it can be difficult to separate the wheat from the chaff. CSA’s Zero Trust Training (ZTT) series provides clarity and gives you the knowledge and skills necessary to implement and execute a strategy for ZT....

Security Advisory: Abusing the SSM Agent as a Remote Access Trojan

Blog Published: 10/13/2023

Originally Published by Mitiga. Written by Ariel Szarf and Or Aspir. OverviewMitiga has discovered a new potential post-exploitation technique in AWS (Amazon Web Services): running AWS’s Systems Manager (SSM) agent as a Remote Access Trojan (RAT) on both Linux and Windows machines, controlling th...

The Top Problems with Vulnerability Remediation Today

Blog Published: 10/12/2023

Originally published by Dazz.Written by Julie O’Brien, CMO, Dazz. As companies have transitioned development processes from building on-premises software to cloud applications, we’ve bled efficiencies—particularly at the intersection of development and security. When we design our cloud security ...

What You Need to Know About FedRAMP Continuous Monitoring

Blog Published: 10/12/2023

Originally published by Schellman.To become FedRAMP authorized, you must pass the initial, rigorous FedRAMP assessment. But in the following years, you’ll also need to complete Annual Assessments performed by a third-party assessment organization (3PAO) if you’re interested in maintaining that co...

The Common Cloud Misconfigurations That Lead to Cloud Data Breaches

Blog Published: 10/11/2023

Originally published by CrowdStrike. The cloud has become the new battleground for adversary activity: CrowdStrike observed a 95% increase in cloud exploitation from 2021 to 2022 and a 288% jump in cases involving threat actors directly targeting the cloud. Defending your cloud environment requir...

What to Look for (And Avoid) with Zero Trust Solutions

Blog Published: 10/11/2023

Originally published by CXO REvolutionaries. Written by Sanjit Ganguli, VP & CTO in Residence; Nathan HoweVP, Emerging Technology & 5G; and Daniel Ballmer, Senior Transformation Analyst, Zscaler. Zero trust architecture is part of a transformation journey that involves both technology and...

Moving Past MOVEit

Blog Published: 10/10/2023

Originally published by Coalfire. Written by Priti Patel, Security Consultant, FedRAMP/NIST Advisory and Dr. Stephanie Carter, Principal, FedRAMP Advisory Services. The MOVEit hack resembles successful cyberattacks from the past, leading us to ask if federal agencies and contractors are using all...

Top 5 Cybersecurity Trends in the Era of Generative AI

Blog Published: 10/06/2023

The landscape of cybersecurity is undergoing a seismic shift in the era of Generative AI (GenAI), redefining the frameworks and paradigms that have traditionally been in place. With the increasing deployment of GenAI technologies, we're stepping into an age where security measures need to be as d...

Architecting Cloud Instrumentation

Blog Published: 10/05/2023

Originally published by Sysdig.Written by Daniel Simionato. Architecting cloud instrumentation to secure a complex and diverse enterprise infrastructure is no small feat. Picture this: you have hundreds of virtual machines, some with specialized purposes and tailor-made configurations, thousands ...

The 5 SOC 2 Trust Services Criteria Explained

Blog Published: 10/05/2023

Originally published by BARR Advisory. Written by Christine Falk. So what goes into a SOC 2 report, anyway?There are five trust services criteria (TSC) that can be included in a SOC 2 report: security, availability, confidentiality, processing integrity, and privacy. Amanda Parnigoni, senior cons...

Insider Risk Management and IP Security: If It Were Easy, Everyone Would Be Doing It (Well)

Blog Published: 10/04/2023

Originally published by Code42.Written by Eric Ewald, Insider Risk Lead, Cyber Technology Solutions Group, Booz Allen Hamilton. Current challenges & risksAt this point, we can all admit that Insider Risk Management and IP security programs are difficult for many organizations to operationaliz...

From Compliance to Confidence: SEC’s New Cybersecurity Rules

Blog Published: 10/04/2023

Originally published by BigID. Written by Neil Patel, Director of Product Marketing, BigID. SEC’s New Cybersecurity RegulationThe Securities and Exchange Commission (SEC) has adopted new rules that require companies to disclose material cybersecurity incidents and information about their cybersec...

The Impact of Blockchain on Cloud Security

Blog Published: 10/03/2023

Written by Sayali Paseband, Senior Security Consultant, Verisk. We live in an era where cloud computing has become the backbone of all our business operations. Ensuring the security of data and transactions in the cloud has become more important than ever. Cyberattacks and data breaches are perva...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.