Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
The Pros and Cons of Zero Trust Security

Blog Published: 05/08/2023

Originally published by TrueFort. As an industry best practice, Zero Trust Security has gained much respect in recent years as the recognized way to prevent insider threats and increase the overall security of a company’s network. Many in the cybersecurity industry are of the philosophy that a br...

A Tale for the Ages & How DSPM Saved the Day

Blog Published: 05/04/2023

Originally published by Laminar. Written by Karen Sung, Sr Director of Field & Channel Marketing, Laminar. Today, I want to tell a story of data security posture management (DSPM).The tale of DSPM is about a representative company that faced challenges in securing its sensitive data in the cl...

Zero Trust is a Journey. Not a Single Project.

Blog Published: 05/04/2023

Originally published by CXO REvolutionaries. Written by Larry Biagini, Chief Technology Evangelist, Zscaler. A successful digital transformation cannot be achieved while using antiquated networking concepts, tiptoeing toward change, and avoiding risk. Thinking about enterprise security in terms o...

I2Pminer MacOS Mineware Variant

Blog Published: 05/03/2023

Originally published by CrowdStrike on February 23, 2023. CrowdStrike analyzed an I2Pminer variant that targets macOSThe mineware utilizes I2P to hide XMRig network trafficCrowdStrike recently analyzed a macOS-targeted mineware campaign that utilized malicious application bundles to deliver open ...

Definitive Guide to Hybrid Clouds, Chapter 7: Selecting the Right Cloud VAF and NDR Vendor

Blog Published: 05/03/2023

Originally published by Gigamon. Written by Stephen Goudreault. Editor’s note: This final post of this series explores Chapter 7 of the “Definitive Guide™ to Network Visibility and Analytics in the Hybrid Cloud.” Read Chapter 1, Chapter 2, Chapter 3, Chapter 5, and Chapter 6.If you haven’t starte...

Identity Modernization for Customer-Facing Applications

Blog Published: 05/02/2023

Originally published by Strata. Want to loan a friend some money? There’s an app for that. Want to exchange some dollars for Euros? There’s an app for that. In fact, the number of mobile apps that let consumers complete financial tasks that used to require a big financial institution is growing b...

SCARLETEEL: Operation Leveraging Terraform, Kubernetes, and AWS for Data Theft

Blog Published: 05/02/2023

Originally published by Sysdig on February 28, 2023. Written by Alberto Pellitteri. The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL, that resulted in stolen proprietary data. The attacker exploited a containerized wo...

How To Use An Identity Fabric To Manage Identity Sprawl

Blog Published: 05/02/2023

Written by Lior Yaari, CEO, Grip Security. Originally published on Forbes. From HR to IT and factories to finance, the enterprise runs on SaaS. The rapid adoption of SaaS services, however, has led to the two-pronged threat of identity attacks and the hijacking of critical tools leveraged to run ...

Beyond the Inbox: Protecting Against Collaboration Apps as an Emerging Attack Vector

Blog Published: 05/01/2023

Originally published by Abnormal Security. Written by Mike Britton. Email has always been a lucrative attack vector for cybercriminals. Even today, it continues to be their most common path into an organization, and enterprises are undoubtedly feeling the impact. Losses due to business email comp...

A Security Work Stream Is Critical to IT Modernization

Blog Published: 05/01/2023

Originally published by Lookout. Written by Fazal Sadikali, Technology Managing Director of Cloud Insights, Lookout. With new technology being developed at a rapid pace, adaptability is crucial for a company to thrive against its competitors. IT cloud modernization is a great way to drive sal...

The State of Data Security: The Hard Truths

Blog Published: 05/01/2023

Originally published by Rubrik. Written by Steve Stone. Rubrik Zero Labs is excited to debut its second State of Data Security report: “The State of Data Security: The Hard Truths.” This in-depth global study uses telemetry data to provide objective data security insights. Rubrik data is ...

It May Only Take One Attack to Get Stung by OneNote!

Blog Published: 04/28/2023

Originally published by Skyhigh Security. Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. Part of Microsoft’s extensive 365 application suite, Microsoft OneNote offers users a powerful yet flexible information management workbench. As organizations continue their rampant...

Analysis for CVE-2023-23397 Microsoft Outlook Vulnerability

Blog Published: 04/28/2023

Originally published by InsiderSecurity. CVE-2023-23397 Threat Overview InsiderSecurity analysed the possible exploitation techniques for the recent Outlook vulnerability, as well as methods for early detection of such exploits, both for this specific vulnerability and future similar vulnerabilit...

Unintended Third-Party Access to Data Through Supported Azure Built-In Roles

Blog Published: 04/28/2023

Originally published by Symmetry Systems. Written by Sachin Tyagi. A combination of built-in contributor permissions could allow unintended data access in Azure Lighthouse Symmetry Systems would like to extend their appreciation and thanks to the Azure Lighthouse product managers and the ...

What Boards Need to Know About GRC and Atomized Networks

Blog Published: 04/27/2023

Originally published by Netography. Written by Martin Roesch, CEO, Netography. New regulations proposed by the Security Exchange Commission (SEC) around cybersecurity governance, risk management, and compliance (GRC) are forcing CEOs and board members to take a hard look at their governance capab...

3 Reasons Why Data Security Helps Ensure Cyber Recovery

Blog Published: 04/27/2023

Originally published by Rubrik. Written by Srujana Puttagunta. Are you still relying on legacy backup systems to protect your business from cyber attacks? If so, you might want to think twice. Cyber attacks have become so common that 98% of security and IT leaders reported that they dealt w...

Cloud Security Alliance Welcomes Three New Board Members

Press Release Published: 04/27/2023

New members bring wealth of cloud security expertise to CSARSA Conference (San Francisco) – April 27, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment,...

The Road to M&A Hell is Paved with Good (IP-based) Intentions

Blog Published: 04/27/2023

Originally published by Zscaler. Written by Martyn Ditchburn, Director of Transformation Strategy, Zscaler. TCP/IP-based communications have been the cornerstone of corporate networks for more than 30 years. Organisations like Cisco excelled at training an army of mechanical TCP/IP converts who t...

Discover the Cloud Security Alliance's STAR Program: A Must-Know for Enterprise CISOs

Blog Published: 04/26/2023

IntroductionCloud computing has unleashed unprecedented computational prowess and storage potential for businesses, but it comes with increased data privacy and security worries. The Cloud Security Alliance (CSA) spearheads efforts to tackle these concerns via its Security, Trust, Assurance and R...

An Overview of NIST Special Publications 800-34, 800-61, 800-63, and 800-218

Blog Published: 04/26/2023

Originally published by Schellman. Known more commonly as NIST, the National Institute of Standards and Technology provides cybersecurity frameworks that not only are integral for many government and Department of Defense contracts but are also widely accepted as a solid launch point for most org...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.