Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
A Case for Cyber Resilience

Blog Published: 04/18/2023

Originally published by Rubrik on March 28, 2023. Written by Bipul Sinha. Last month, The White House introduced a new National Cybersecurity Strategy for the first time since 2018. The landscape has changed rapidly over the past five years – a lifetime in cyber. Yet one thing remains constant, t...

ISF to Map its “Standard of Good Practice” with Cloud Security Alliance Controls Matrix

Press Release Published: 04/18/2023

Responding rapidly to mounting risks with ready-made frameworks of security controls designed to mitigate known and unknown threats and challengesLONDON – April 18, 2023: The Information Security Forum (ISF), an independent, not‑for‑profit cybersecurity association with 500+ corporate members, to...

The Best Way to Improve Your Cyber Security? Outline Where You Are Now and Roadmap to Your Target State.

Blog Published: 04/18/2023

Originally published by NCC Group. Written by Sourya Biswas, Technical Director, NCC Group. As anyone working in cyber security knows, 100% threat prevention/mitigation is a myth. One question we hear time and time again is, “how much security is enough?” There are so many different ways to answe...

Tackling the Four Horsemen with Modern Data Security

Blog Published: 04/17/2023

Originally published by Symmetry Systems. Written by Claude Mandy. Chief Information Security Officers are tasked with preparing their organizations and themselves for any number of impending apocalypse scenarios. Whether it’s ransomware, a phish, or an insecure API resulting in a career-ending d...

How to Mitigate Risks When Your Data is Scattered Across Clouds

Blog Published: 04/17/2023

Originally published by Lookout. Written by Sundaram Lakshmanan, CTO of SASE Products, Lookout. Cloud applications have opened up limitless opportunities for most organizations. They make it easier for people to collaborate and stay productive, and require a lot less maintenance to deploy, wh...

A Fool With a Tool is Still a Fool: A Cyber Take

Blog Published: 04/17/2023

Originally published by CXO REvolutionaries and Dark Reading. Written by Tony Fergusson, CISO - EMEA, Zscaler. New tech often requires new thinking — but that's harder to install Here's a provocative question: Is it possible, given the vast array of security threats today, to have too many securi...

The Importance of Zero Trust for Financial Services

Blog Published: 04/14/2023

With the 2023 RSA conference just around the corner, I am reminded that many of my first learnings about emerging security concepts came from the time at this event. In fact, it was at RSAC that I first began to explore how to secure data within cloud computing and the concept of ‘zero trust’.Si...

What is the New National Cybersecurity Strategy?

Blog Published: 04/14/2023

Originally published by Schellman. Throughout history, warfare has evolved. The Romans did it one way, the Vikings did it another—Sun Tzu, Richard the Lionheart, and the Allied forces all had different tactics that forced opponents to adjust their defenses and strategies.Now in the modern technol...

When Instant Messaging Goes Rogue: Safeguarding Your Corporate Communication Channels

Blog Published: 04/14/2023

By Alex Vakulov Six million dollars for two errors in the code. This is the amount that the Israeli company Aurora Labs paid to white hackers - cyber security specialists who test the reliability of IT systems. Thanks to the white hats, the company discovered critical bugs in the infrastructure t...

Top Cloud Security Challenges in 2023

Blog Published: 04/14/2023

Originally published by InsiderSecurity. Cloud adoption is speeding up in 2023, with Gartner estimating the worldwide spending on public cloud services to grow by 20% from 2022. This has beaten the initial forecasts of 18% for cloud growth, showing the high demand for public cloud services despit...

Containing Compromised EC2 Credentials Without (Hopefully) Breaking Things

Blog Published: 04/13/2023

Originally published by FireMon. Written by Rich Mogull, SVP of Cloud Security, FireMon. TL;DR: There are multiple techniques for containing compromised instance credentials. The easy ones are the most likely to break things, but there are creative options to lock out attackers without breaking a...

Cloud Security and Encrypted OT Traffic: Safeguarding Critical Infrastructure

Blog Published: 04/13/2023

Written by Keith Thomas, Principal Architect, AT&T Cybersecurity Consulting. As Operational Technology (OT) systems increasingly connect and use cloud-based services for daily operations, securing the encrypted traffic between OT systems and the cloud is crucial. This article provides an unde...

Three Ways to Help Your Organization Adopt a Secure by Default Mindset

Blog Published: 04/13/2023

Originally published by Contino. Written by Jim Curtis, Principal Consultant, Contino. The Secure by Default approach is designed to make security a core feature of software development, rather than an afterthought. But security takes more than software, so how can you factor security awareness i...

Examining Zero Trust From a Policy Perspective: Four Themes for CXOs

Blog Published: 04/12/2023

Originally published by CXO REvolutionaries. Written by Brett James, Director, Transformation Strategy, Zscaler. In many ways, an enterprise zero trust transformation is more about policy change than technology, an idea that may seem foreign to insiders contemplating change in the IT industry.It’...

Securing PostgreSQL from Cryptojacking Campaigns in Kubernetes

Blog Published: 04/12/2023

Originally published by CrowdStrike. PostgreSQL misconfiguration allows running shell commands on the underlying OS with the “COPY” SQL command and “pg_execute_server_program” role Kubernetes ingress can allow access to the PostgreSQL service, which can be targeted by the attackers to comprom...

Cloud Security Alliance Summit at RSA 2023 to Delve Into Lessons Learned as Cloud Becomes Leading Platform for Mission-Critical Business Systems

Press Release Published: 04/12/2023

Register today for RSA Conference’s premier thought-leadership eventSEATTLE – April 12, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announc...

Shadow Data is Inevitable, but Security Risks Aren’t

Blog Published: 04/12/2023

Originally published by Dig Security. Written by Benny Rofman. Shadow data is unavoidable. It’s always been around, but the move to the cloud and the push towards data democratization have made it far more common. It’s never been easier to create shadow data assets, and employees have an incentiv...

Trust, but Verify (Your Third-Party Vendors)

Blog Published: 04/11/2023

Originally published by NCC Group. Written by Sourya Biswas, Technical Director, NCC Group. As far back as 2010, Google estimated that more information was being created every two days than had existed in the entire world from the dawn of time to 2003. Granted, a lot of this information included ...

Four Ways You Can Lose Your Data

Blog Published: 04/11/2023

Written by Ravi Ithal, Cofounder and Chief Technology Officer, Normalyze. Originally published by Forbes. Losing your data does not mean accidentally dropping it on the ground. Everyone knows data is vital to the organization, and entities spend big on protecting the “oil” of modern business. My ...

Move Toward Zero Trust With an Automated Asset Inventory

Blog Published: 04/11/2023

Originally published by Axonius and MeriTalk. Written by Tom Kennedy. “You can’t secure what you can’t see” is a common refrain in cybersecurity circles. It’s echoed in multiple Federal IT mandates, including the zero trust strategy and the event logging memo from the Office of Management and...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.