Register for CSA’s SECtember conference and trainings today




Circle
Events
Blog

All Articles

All Articles
The Components of IAM

Blog Published: 07/17/2022

This is Part 3 of our ‘What is IAM’ blog series. Read Part 1 here and Part 2 here. Written by Paul Mezzera, Ravi Erukulla, and Ramesh Gupta of the CSA IAM Working Group. As alluded to previously, IAM is a set of tools that implement a number of use cases. If broken down into access management and...

The Definition of IAM and Its Criticality to Good Security Hygiene

Blog Published: 07/17/2022

This is Part 2 of our ‘What is IAM’ blog series. Read Part 1 here. Written by Paul Mezzera, Ravi Erukulla, and Ramesh Gupta of the CSA IAM Working Group. What exactly is identity and access management (IAM)? It is the overall discipline that encompasses not only tools and technologies, but proces...

What is IAM: Identity in the Digital and Cloud Era

Blog Published: 07/17/2022

This is Part 1 of our ‘What is IAM’ blog series. Written by Paul Mezzera, Ravi Erukulla, and Ramesh Gupta of the CSA IAM Working Group. Identity and access management (IAM) is not a new concept, yet it is becoming much more essential in today's digital-first world. The modern workforce demands a ...

Financial Services Turn to Confidential Computing for Key Use Cases

Blog Published: 07/15/2022

This blog was originally published by Anjuna here. Why do highly regulated industries need the protection of Confidential Computing to secure personal data, MPC, and other applications?The very mention of today’s cloud-related financial risks raises goose-bumps: intensified money laundering campa...

An Introduction to Cloud Security for Infosec Professionals

Blog Published: 07/15/2022

Originally published on Fugue’s website. Written by Richard Park, Chief Product officer, Fugue / Senior Director Product Management, Snyk. As someone who has spent a long time in network and endpoint security then moved to cloud security, I can sympathize with people with security backgrounds...

Web Protocol - Uses Finite State Machine

Blog Published: 07/15/2022

Written by Gregory Machler, Cybersecurity Engineer, Daikin Applied. In an attempt to improve the cybersecurity of the communications between a browser and web server, I’ve been mulling over session protocols. In prior thoughts last year, I commented on the use of TLS 1.3 to encrypt traffic betwee...

How To Secure S3 Buckets Effectively

Blog Published: 07/14/2022

This blog was originally published by Panther here. Written by Kartikey Pandey, Panther. Six supercharged tips to reduce S3 bucket-related threats and ensure ‘water-tight’ cloud securityWhen it comes to AWS security, S3 buckets are undeniably the most vulnerable aspect of it all. Misconfigured S3...

How the Cloud Security Alliance Addresses Privacy

Blog Published: 07/14/2022

This blog was originally published by Pivot Point Security here. These days cloud service providers (CSPs) don’t just need to prove to customers and other stakeholders that they are secure—they also need to demonstrate that they have a strong privacy program. But how can CSPs make a convincing at...

Naming Adversaries and Why It Matters to Your Security Team

Blog Published: 07/14/2022

This blog was originally published by CrowdStrike here. Written by Bart Lenaerts-Bergmans, CrowdStrike. What is it with these funny adversary names such as FANCY BEAR, WIZARD SPIDER and DEADEYE JACKAL? You read about them in the media and see them referenced by MITRE in the ATT&CK framework. ...

Overview of Critical Controls for Oracle Cloud Applications

Blog Published: 07/13/2022

CSA’s Enterprise Resource Planning (ERP) Working Group is pleased to release the latest in a series of security guidance for deploying ERP systems in the cloud. This latest whitepaper focuses on Oracle Cloud Applications. Oracle Cloud Application clients share with Oracle Corporation the respo...

How to Secure Kubernetes Ingress?

Blog Published: 07/13/2022

This blog was originally published by ARMO here. Written by Ben Hirschberg, VP R&D & Co-founder, ARMO. Ingress aims to simplify the way you create access to your Kubernetes services by leveraging traffic routing rules that are defined during the creation of the Ingress resource. This ulti...

New Cloud Security Alliance Survey Finds 67% of Organizations Already Store Sensitive Data in Public Cloud Environments

Press Release Published: 07/13/2022

Confidential Computing in use by 27% of respondents, and 55% have plans to deploy it to lock down data and workloadsSEATTLE – July 13, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a se...

With Multi-Device Fido Credentials, You Can Now Go All-in on Passwordless

Blog Published: 07/13/2022

This blog was originally published by CXO REvolutionaries here. Written by Maneesh Sahu, Senior Director, OT and IIoT Product Management, Zscaler. In a previous post, The Passwordless future has arrived, here are your options, I enumerated some options for app developers and end-users to use inst...

Is Your CSP Capitalizing on the Rise in Federal Cloud Spending?

Blog Published: 07/12/2022

This blog was originally published by A-LIGN here. Written by Tony Bai, Federal Practice Lead, A-LIGN. With federal cloud spending at an all-time high, the government sector has become a lucrative market for technology companies. Analysis from Deltek indicates that federal agencies spent nearly $...

Hatchet & Scalpel

Blog Published: 07/12/2022

This blog was originally published by Nasuni here. Written by Andres Rodriguez, Nasuni. The frightening success of ransomware stems from an evil combination of social and software engineering. The devious minds behind the malware understand people as deeply as they understand technology, which...

An Easy Misconfiguration to Make: Hidden Dangers in the Cloud Control Plane

Blog Published: 07/12/2022

This blog was originally published by Mitiga here. Written by Andrew Johnston, Mitiga. There’s a good reason many developers are excited about the cloud. The advent of managed services has enabled solutions architecture to become an assortment of building blocks—configuration is simple, scaling i...

Shift Left is Only Part of Secure Software Delivery

Blog Published: 07/11/2022

This blog was originally published by Sysdig here. Written by Anna Belak, Sysdig and Effi Goldstein, Snyk. We’re living in the age of accelerated consumption and delivery. You can get a seemingly infinite selection of products delivered to your door within two days, for free, from thousands of mi...

View TPRM Risk Through Four Lenses

Blog Published: 07/11/2022

This blog was originally published by Coalfire here. Written by Jon Knohl, Coalfire. Organizations can more effectively evaluate their risk profile by measuring confidentiality, integrity, and availability as they each relate to the enterprise-wide domains of financial, regulatory, reputational, ...

Why You Need Application Security Testing for Business-Critical Applications: Part 3

Blog Published: 07/08/2022

This blog was originally published by Onapsis here. In this five part blog series, we discuss the importance of building secure business-critical applications with application security testing. In part one, we shared that while speed is the driving force behind application development, on-time ap...

Preparing for Web 3.0

Blog Published: 07/08/2022

This blog was originally published by Schellman here. Written by Scott Perry, Schellman. Ernest Cline’s sci-fi novel, Ready Player One, centers on users’ experience within the OASIS—a highly advanced, fully immersive simulation. In the book, people prefer living in virtual reality rather than the...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.