Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Align cybersecurity controls with evolving regulations and make a real impact in the industry. Join CSA's Regulatory Analysis and Compliance Engineering Working Group!

All Articles

Home
All Articles
Heartbleed Remediation: Replace ALL Keys and Certificates

Blog Published: 04/30/2014

By Kevin Bocek, VP, Security Strategy & Threat Intelligence, Venafi. Response is not complete until trust is re-establishedBy now most organizations have responded to the Heartbleed vulnerability by patching vulnerable systems. Good. The next step must be to replace ALL keys and certificat...

Heartbleed Changed the Security Landscape, but Few Organizations Realize It

Blog Published: 05/01/2014

With the media no longer focusing on the Heartbleed vulnerability, most people think that organizations have adequately addressed the problem, and the threat has passed. Because most people don’t understand the full impact of Heartbleed, however, they don’t realize that the fallout from this o...

CLOUD SECURITY INNOVATORS – Q+A WITH GEORGE DO, CISO, EQUINIX

Blog Published: 05/07/2014

April 30, 2014 By Brandon Cook, director of product marketing (@BCookshow) Skyhigh Networks We are incredibly excited to feature a Q+A session with George Do, CISO of Equinix, as the first in our new monthly Skyhigh Networks Cloud Security Innovators blog series. Every month we will interv...

SOC in 5 Simple Steps

Blog Published: 05/09/2014

By Ryan Dean, Senior AssociateBrightLineAs an audit firm, we are frequently contacted by service organizations that know they need a SOC report (usually by way of a client request), but don’t know where to begin. With that in mind, I have broken down the process of obtaining a SOC report into ...

Have You Budgeted for the Next Heartbleed?

Blog Published: 05/15/2014

By Gavin Hill, Director/Product Marketing and Threat Intelligence, Venafi Last month the Heartbleed vulnerability took the world by storm. IT groups across the globe scrambled to patch systems that were susceptible to the OpenSSL vulnerability known as Heartbleed. Y2K—the millennium bug—has be...

5 Ways to Prevent Unauthorized Access of Misused Mobile Certificates

Blog Published: 05/28/2014

By Patriz Regalado, Product Marketing Manager, Venafi Mobile devices and mobile applications are becoming more dangerous threat vectors against the corporate network. Android devices seem to be continually under attack with new reports of malware appearing at an astounding rate of 197% from 20...

Too Many Employees Ignore BYOD Security

Blog Published: 06/02/2014

By Nina Seth, AccellionConsidering the risks that BYOD mobile activity can pose to enterprises, CIOs have a right to be dismayed by two recent surveys showing just how little some employees care about protecting data on mobile devices.A recent survey by Centrify found that: 43% have accessed ...

Heartbleed Hype Left Enterprises Uninformed

Blog Published: 06/03/2014

By George Muldoon, Regional Director, Venafi In early April, the vulnerability known simply as “Heartbleed” became the latest rage. During the first week after discovery, the mainstream media aggressively reported on Heartbleed, stirring up a tornado of fear, uncertainty, and doubt amongst all...

The Cloud Multiplier Effect on Data Breaches

Blog Published: 06/04/2014

by Krishna Narayanaswamy, Chief Scientist at NetskopeAll of the things we love about cloud and SaaS apps can also put us at risk of a data breach. First, we love that we can get our favorite apps quickly and easy without having to answer to anyone. This leads to massive app growth, usually of ...

The Evolution of Threats against Keys and Certificates

Blog Published: 06/05/2014

By George Muldoon, Regional Director, Venafi In my blog post about the Heartbleed hype, I stress that threats against keys and certificates neither started with the Heartbleed vulnerability, nor certainly will end with it. Threats specifically against keys and certificates go back to 2009 and ...

DON’T GET SNOWDENED: 5 QUESTIONS EVERY CEO SHOULD ASK THEIR CIO / CISO

Blog Published: 06/05/2014

By Sekhar Sarukkai, Founder, VP of EngineeringSkyhigh NetworksToday is the 1-year anniversary of the historic Snowden disclosure. In the year since the first stories about Edward Snowden appeared, one of the lasting affects of the scandal is a heightened awareness of the risk posed by rogue i...

TweetDeck — Just another hack or a missed opportunity to tighten cloud security?

Blog Published: 06/13/2014

June 12, 2014By Harold Byun, Senior Director of Product Management, Skyhigh Networks The recent TweetDeck hack on Twitter presents a common cloud dilemma for information security teams. On the one hand, the BYOX trends that drive cloud service adoption and worker self-enablement are transfor...

OpenSSL CCS Injection Vulnerability Countdown

Blog Published: 06/16/2014

By Krishna Narayanaswamy, Netskope Chief ScientistOn June 5, researchers discovered an OpenSSL vulnerability (CVE-2014-0224) that could result in a man-in-the-middle attack exploiting some versions of OpenSSL. Called the OpenSSL Change Cipher Spec (CCS) Injection, this vulnerability requires t...

The 5 Steps to Prepare for a PCI Assessment

Blog Published: 06/19/2014

Preparing for a Payment Card Industry (PCI) compliance assessment is a major task for any size organization. However, companies that store, process, or transmit credit card transactions are required to comply with PCI's Data Security Standards (DSS). PCI DSS includes up to 13 requirements that...

Are Cloud Services Taking on a Life of Their Own?

Blog Published: 06/30/2014

By Nina Seth, Senior Product Marketing Manager, AccellionA new report from SkyHigh Networks – a company that tracks the use of cloud services for corporate customers – found that cloud services are growing exponentially within enterprises. The findings in the report were based on traffic gener...

New Study Highlights the Risks of Bring Your Own Cloud

Blog Published: 07/02/2014

By Hormazd Romer, Senior Director, Product Marketing, AccellionA new study by the Ponemon Institute, The Insider Threat of Bring Your Own Cloud (BYOC), analyzes the risks of enterprise employees using cloud services without the permission or oversight of the IT department—a practice that the s...

CLOUD SECURITY CUP: USA VS. EUROPE (SPOILER – IT’S NOT A 0-0 DRAW)

Blog Published: 07/03/2014

By Brandon Cook, Skyhigh NetworksWith the World Cup in full swing, one cannot help but compare the US to our neighbors around the world. The event begs it. We see our skills, our style, our strategy and our fans all juxtaposed with more established soccer powers from around the globe.And, I ha...

Securing the Cloud

Blog Published: 07/10/2014

By Robert Clauff, Security Engineer, SolutionaryMore and more organizations are moving to the “CLOUD." It seems as though you can't read an article about IT or turn on the TV without seeing someting about the increasingly ubiquitous cloud. Of course, the cloud is more than just an IT buzzword,...

12 MUST-KNOW STATISTICS ON CLOUD USAGE IN THE ENTERPRISE

Blog Published: 07/11/2014

By Kamal Shah, VP of Products and Marketing, Skyhigh Networks @kdshahIn our professional lives, we all seek to make more data-driven decisions. We know that logical choices made with complete information yield better results than those based on conjecture or suspicion. To that end, Skyhigh tod...

Take the New Cloud Security Alliance Survey: Cloud Risks and Opportunities

Blog Published: 07/17/2014

By Krishna Narayanaswamy, Chief Scientist, Netskope The Cloud Security Alliance is conducting a survey of global IT and security professionals on their organizations' usage of and perceived risk in enterprise cloud apps.Netskope, along with one of our identity management partners, Okta, are sp...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
32
33
34
36
38
39
40
Last »