What Is a Trusted Threat?
Blog Published: 01/15/2014
Last month I co-presented a webinar with ISIGHT Partners, a leader in cyber-threat intelligence, to discuss a white paper that exposes how keys and certificates can be used for nefarious intentions. Our purpose was to highlight some of the tactics malicious actors use and outline their profiles i...
Health Checking for Cloud Performance
Blog Published: 01/15/2014
Steve Malmskog has more than 15 years of experience as a chief network architect.In this best practices video, Steve provides an in depth look at information you can gather about the health of nodes based on the traffic itself through in-band health checking vs. out-of-band checking which can be ...
Why companies are adopting more cloud based IT security solutions
Blog Published: 01/09/2014
We have entered the age of pervasive connectivity. Regardless of whether we are at home, in the office, or on the road, most of us are almost always connected. This trend is blurring the lines between work time and leisure time, with the same devices used for both contexts interchangeably...
Why Higher Education Institutions Need Cloud-Based Identity Providers
Blog Published: 01/09/2014
By Dan Dagnall, Chief Technology Strategist for Fischer International IdentityFederation is definitely a hot topic these days, with NSTIC attempting to create an identity ecosystem, InCommon continuing to build its service-providerfederation, and state-level initiatives gearing up (some are alrea...
Evolution of Distributed Policy Enforcement in the Cloud
Blog Published: 12/10/2013
By Krishna Narayanaswamy, chief scientist at NetskopeAs computing shifts to the cloud, so too must the way we enforce policy.Until recently, enterprise applications were hosted in private data centers under the strict control of centralized IT. Between firewalls and intrusion prevention systems, ...
Announcing the Consensus Assessments Initiative Questionnaire (CAIQ) V.3 Open Review Period
Press Release Published: 12/09/2013
At CSA Congress 2013 this week we are announcing the open review period of the Consensus Assessments Initiative Questionnaire (CAIQ) v.3 and we hope you will take a few moments and provide your input to this very important initiative. Lack of security control transparency is a leading inhibitor ...
What’s New With the Security as a Service Working Group?
Blog Published: 12/09/2013
CSA members are invited to join the Security-as-a-Service Working Group (SecaaS WG) which aims to promote greater clarity in the Security as a Service model. Why a Security as a Service Working Group? Numerous security vendors are now leveraging cloud based models to deliver security solutions....
CloudTrust Protocol (CTP) Working Group Kicks Off at CSA Congress
Blog Published: 12/06/2013
The Cloud Trust Protocol (CTP) aims to provide a protocol to enable Cloud Users to query Cloud Providers in real time about the security level of their service. It aims to foster transparency and trust in the cloud supply chain, bringing greater visibility to cloud users and providing them with d...
Cloud Security Alliance Releases Software Defined Perimeter (SDP) Framework Details
Press Release Published: 12/05/2013
New White Paper Outlines Best Practices to Deploy an SDP to Protect Application Infrastructure from Network-based Attacks Orlando, FL – CSA Congress 2013 – December 5, 2013 – The Cloud Security Alliance (CSA), a not-for-profit organization which promotes the use of best practices for providi...
SAFECode and the Cloud Security Alliance Release Guidance for the Secure Development of Cloud Applications
Press Release Published: 12/05/2013
New Paper Outlines Practical Software Security Recommendations to Address Threats Specific to Cloud Computing Orlando, Fla. – Cloud Security Alliance Congress – Dec. 5, 2013 – The Cloud Security Alliance (CSA), a not-for-profit organization which promotes the use of best practices for providing ...
Cloud Security Alliance Announces Annual Ron Knode Service Award Winners
Press Release Published: 12/04/2013
Six Outstanding Individual CSA Volunteers Selected to Honor the Legacy of Late CSA Member and Volunteer Contributor Ron Knode Orlando, FL – CSA CONGRESS 2013 - December 5, 2013 –The Cloud Security Alliance (CSA) today announced the recipients of its second annual Ron Knode Service Award, an annu...
Introducing the CSA Financial Services Working Group
Blog Published: 12/04/2013
At our annual CSA Congress today, the CSA is pleased to introduce the new Financial Services Working Group (FSWG), which aims to provide knowledge and guidance on how to deliver and manage secure cloud solutions in the financial industry, and to foster cloud awareness within the sector and relate...
Introducing the CSA’s Anti-Bot Working Group
Blog Published: 12/04/2013
Among the many exciting new working groups being established and meeting at CSA Congress, today we’d like to also introduce our Anti-Bot Working Group. Chaired by Shelbi Rombout from USBank, this group’s mission is to develop and maintain a research portfolio providing capabilities to assist the ...
Introducing the CSA’s New Virtualization Working Group
Blog Published: 12/03/2013
There’s been a lot of noise around the establishment of new working groups at this year’s Congress and today we’d like to also introduce another important addition: the Virtualization Working Group. Chaired by Kapil Raina of Zscaler, the Virtualization Working Group is chartered to lead research ...
Announcing the Consensus Assessments Initiative Questionnaire (CAIQ) V.3 Open Review Period
Blog Published: 12/03/2013
At CSA Congress 2013 this week we are announcing the open review period of the Consensus Assessments Initiative Questionnaire (CAIQ) v.3 and we hope you will take a few moments and provide your input to this very important initiative. Lack of security control transparency is a leading inhibitor ...
Cloud Security Alliance Announces Bonus Workshop Series At 2013 US Congress
Press Release Published: 11/22/2013
San Francisco, CA – November 21, 2013 –The Cloud Security Alliance (CSA) announced a series of five bonus workshops that will be featured at the 2013 US Congress event from December 3-6 in Orlando, Florida. The five workshops will provide participants with the opportunity to explore key topics in...
How Snowden Breached the NSA
Blog Published: 11/20/2013
NOVEMBER 12TH, 2013 - BY: KEVIN BOCEK How Edward Snowden did it and is your enterprise next? There’s one secret that’s still lurking at the NSA: How did Edward Snowden breach the world’s most sophisticated IT security organization? This secret has as much to do with the NSA as it does with your o...
Seeing Through the Clouds
Blog Published: 11/20/2013
By TK Keanini, CTO, LancopeThe economics of cyber-attacks have changed over the years. Fifteen years ago, it was all about network penetration, but today advanced attackers are more concerned about being detected. Similarly, good bank robbers are concerned about breaking into the bank, but great ...
Cloud Collaboration: Maintaining Zero Knowledge across International Boundaries
Blog Published: 11/20/2013
The increasingly global nature of business requires companies to collaborate more and more across borders, exchanging all manner of documents: contracts, engineering documents and other intellectual property, customer lists, marketing programs and materials, and so on. Unfortunately, the combinat...
Protecting Your Company from Backdoor Attacks – What You Need to Know
Blog Published: 11/20/2013
November 14th, 2013By Sekhar Sarukkai “We often get in quicker by the back door than the front” — Napoleon Bonaparte A rare example of a backdoor planted in a core industry security standard has recently come to light. It is now widely believed that the NSA compromised trust in NIST’s encrypti...