The Big Guide to Data Security Posture Management (DSPM)
Blog Published: 03/31/2023
Originally published by Dig Security. Written by Sharon Farber. DSPM is a crucial piece of your cloud security puzzle. Learn what it is, why it matters, and how to choose the best solution to protect your sensitive data while growing your business. What is DSPM? Data security posture management (...
Understanding Identity and Access Management (IAM) and Authorization Management
Blog Published: 03/30/2023
Written by Alon Nachmany and Shruti Kulkarni of the CSA IAM Working Group. Introduction Identity and Access Management (IAM) is a crucial aspect of cybersecurity that ensures that only authorized individuals have access to sensitive information and resources. Within IAM, authorization management ...
Compliance in Italy: Navigating the New Cloud Italy Strategy
Blog Published: 03/30/2023
Originally published by Schellman. As the world becomes increasingly digital, governments around the world are taking measures to ensure the safety and security of their citizens' data. One such example is the recent Cloud Italy Strategy, initiated by the Italian Agency for National Cybersecurity...
Assessing The Maturity of Your SaaS Security Program
Blog Published: 03/30/2023
Originally published by Grip Security. Written by Lior Yaari, CEO, Grip Security. Buying something as a service has clear benefits over the traditional method of purchasing software that are undeniable: no setup, lower costs, faster ROI, scalability, fast upgrades and universal accessibility. Pur...
News of Note: Building Bridges for Business and Beyond
Blog Published: 03/29/2023
One of my CISO friends and I met recently to catch up and discuss the current cybersecurity challenges and priorities at the organization he moved to six to eight months ago. His company is fully embracing cloud services and trying to wed these with some existing on-prem operations. However, they...
Focusing on Endpoints Distracts from Effective Security
Blog Published: 03/29/2023
Originally published by CXO Revolutionaries. Written by Gary Parker, Field CTO - AMS, Zscaler. Endpoint security is a pivotal aspect of cybersecurity, but should it be a primary focus for CISOs? During the early days of networking (and through the early 2010s), focusing security efforts on endpoi...
EmojiDeploy: Smile! Your Azure Web Service Just Got RCE’d ._.
Blog Published: 03/29/2023
Originally published by Ermetic. Written by Liv Matan. The EmojiDeploy vulnerability is achieved through CSRF (Cross-site request forgery) on the ubiquitous SCM service Kudu. By abusing the vulnerability, attackers can deploy malicious zip files containing a payload to the victim's Azure applicat...
MITRE ATT&CK® Mitigations: Thwarting Cloud Threats With Preventative Policies and Controls
Blog Published: 03/28/2023
Originally published by Rapid7. Written by James Alaniz. As IT infrastructure has become more and more sophisticated, so too have the techniques and tactics used by bad actors to gain access to your environment and sensitive information. That’s why it's essential to implement robust security meas...
Survey Says: Leaders are Doubling Down on Cloud for Stability and Financial Resilience
Blog Published: 03/28/2023
Originally published by Google Cloud. Written by Blair Franklin, Contributing Writer, Google Cloud. While the future is uncertain, one thing is clear: decision makers are looking to the cloud to help prepare for whatever lies ahead. Cloud computing has come a long way since 2012, when one in t...
What Does the M-21-31 Requirement Mean for Federal Agencies?
Blog Published: 03/28/2023
Originally published by Axonius. Written by Tom Kennedy. The cybersecurity memorandum M-21-31, from the Office of Management and Budget, provides guidance on how to stop this type of leapfrogging before it can begin. M-21-31 focuses on visibility and incident response, and establishes a four-...
Your Cloud SDLC is a Goat Rodeo. Here are 6 Steps to Wrangle It.
Blog Published: 03/27/2023
Originally published by Dazz. Written by Julie O’Brien, CMO and Matt Brown, Solutions Engineer, Dazz. Companies are developing software in the cloud in a big way. The cloud has opened up a world of possibilities for application makers, enabling flexible architectures and ever more efficient ways ...
What is Microsegmentation?
Blog Published: 03/27/2023
Originally published by TrueFort. Written by Nik Hewitt. Microsegmentation: The Zero Trust “best practice” becoming “standard practice.” Often described by the broader term ‘Zero Trust,’ which is the name given to the overall security model, microsegmentation is the industry-recognized best pract...
How To Achieve InfoSec When Your Tools Do InfraSec
Blog Published: 03/27/2023
Written by Ravi Ithal, Cofounder and Chief Technology Officer, Normalyze. Originally published by Forbes. “Brings a knife to a gunfight,” sneers Sean Connery while aiming a sawed-off shotgun at the knife-wielding intruder. Since that line in the 1987 movie The Untouchables, we’ve heard the same a...
The 5 Stages to DevSecOps
Blog Published: 03/25/2023
Written by the DevSecOps Working Group. Organizations have a wide array of tools and solutions to choose from when implementing security into their Software Development Lifecycle (SDLC). Since every SDLC is different in terms of structure, processes, tooling, and overall maturity, there is no one...
Cascading and Concentration Risk: How do They Impact Your Digital Supply Chain?
Blog Published: 03/24/2023
Originally published by Black Kite. Written in part by Jeffrey Wheatman, Cyber Risk Evangelist. Within the world of third party risk, cascading and concentration risk have been the buzz of conversation as large events are frequently tied back to this explanation of risk. It is becoming increasing...
Understanding Data Protection Needs in a Cloud-Enabled Hybrid Work World
Blog Published: 03/24/2023
Originally published by Netskope. Written by Carmine Clementelli. Netskope partnered with the Cloud Security Alliance to release the Data Loss Prevention (DLP) and Data Security Survey Report, a survey focused on data protection needs in cloud and hybrid work environments. Unsurprisingly, the...
The Future of Cloud
Blog Published: 03/24/2023
Originally published by ManTech. Written by Sandeep Shilawat, Vice President, Cloud and Edge Computing, ManTech. Stock analysts and meteorologists are in the business of making predictions. IT professionals… not so much. But when we think about the cloud and the vast changes it has facilitated ac...
Insights from the Uber Breach: Ways to Prevent Similar Attacks
Blog Published: 03/23/2023
Originally published by InsiderSecurity on December 9, 2022. Uber Technologies disclosed it was investigating a cybersecurity incident after reports that hackers had breached the company’s network. An in-depth analysis of the attack reveals how the attack occurred and ways organizations can preve...
Becoming Cyber Resilient—Cybersecurity Trends to Watch in 2023
Blog Published: 03/23/2023
Originally published by BARR Advisory. Written by Kyle Cohlmia. According to the 2022 IBM Cost of Data Breach report, 83% of organizations surveyed experienced more than one data breach with an average total cost of $4.35 million. This cost was an all-time high for 2022 and a 2.6% increase from t...
What is FIPS 140 and What Does it Mean to Be “FIPS Compliant”?
Blog Published: 03/23/2023
Originally published by Titaniam. FIPS was developed by the Computer Security Division of the National Institute of Standards and Technology (NIST). It established a data security and computer system standard that businesses must follow in accordance with the Federal Information Security Manageme...