Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
Build a Strong SAP Security Strategy With the NIST Framework

Blog Published: 12/22/2022

Originally published by Onapsis. Written by JP Perez-Etchegoyen, CTO, Onapsis. Business applications like SAP are responsible for running the enterprise, powering operations and fueling the global economy. Considering 77% of the world’s transactional revenue touches an SAP system and 92% of the F...

Punisher Ransomware Spreading Through Fake COVID Site

Blog Published: 12/22/2022

Originally published by Cyble on November 25, 2022. New Variant Of Ransomware Targeting Chile Most organizations experienced an increase in cyber-attacks during the COVID-19 pandemic. Threat Actors (TAs) leveraged the COVID-19 pandemic as a thematic lure to infect users with different malware fam...

Microsegmentation is Finally Reaching the Mainstream – By Dropping the Network-Centric Approach

Blog Published: 12/21/2022

Originally published by TrueFort. Written by Matt Hathaway, TrueFort. In both Gartner’s Hype Cycle for Workload and Network Security, 2022 and Hype Cycle for Enterprise Networking, 2022, Microsegmentation is prominently placed in the ‘Slope of Enlightenment’ with the context that it “will reach t...

How Y2Q and the Quantum Threat Differs from Y2K

Blog Published: 12/21/2022

Originally published by Entrust. Written by Samantha Mabey, Entrust. There’s a new term making the rounds: Y2Q. As you might have already guessed, it’s a way of comparing the quantum threat to Y2K. Remember that? Everyone feared computer systems and infrastructures and industries globally would s...

Important Factors to Consider When Implementing an IAM System

Blog Published: 12/21/2022

By Alex Vakulov Identity and Access Management (IAM) solutions provide business applications with centralized authentication as well as credential management. Competent and thoughtful implementation is the key to success in building centralized authentication systems. Let me describe several vita...

Managing Cloud Security in a Multicloud Environment (Part 1)

Blog Published: 12/20/2022

Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. Cloud computing has become mainstream. The challenge for companies is how best to manage operations and security in a multicloud environment. Most large enterprises now use anywhere from t...

The Future of Security Solutions is Cloud-Native

Blog Published: 12/20/2022

Originally published by Netography. Written by Matt Wilson, Netography. More than a decade ago, the cloud became the next “hot thing” in computing. Today, we are seeing the culmination of this trend as organizations have an entire generation of employees and staff that, outside of their personal ...

For the Sake of its Cybersecurity, Australia Must Come Together

Blog Published: 12/20/2022

Originally published by CXO REvolutionaries. Written by Heng Mok, CISO APJ, Zscaler. The pandemic has exacerbated existing security problems As the cybersecurity threatscape continues to become more complex and challenging, the media have primarily focused on the struggles faced by businesses. Bu...

7 Significant Findings from the 2022 SaaS Security Survey Report

Blog Published: 12/19/2022

Originally published by Adaptive Shield. Written by Eliana Vuijsje, Adaptive Shield. Last year, we spearhead our first annual SaaS Security Survey Report, where the findings illuminated the SSPM landscape and where the market was holding. In the 2022 SaaS Security Survey Report, in collaboratio...

Make Cloud Defense a Team Sport by Turning DevOps into a Force Multiplier

Blog Published: 12/19/2022

Originally published by CrowdStrike. Written by David Puzas, CrowdStrike. Enterprises are embracing cloud-native applications in the name of business agility. These applications enable developers to take advantage of the cloud’s scalability and flexibility, allow customers and developers to benef...

What is a CASB and How Does it Integrate with DLP?

Blog Published: 12/19/2022

Originally published by DoControl. Written by Corey O'Connor, DoControl. Cloud Access Security Broker (CASB) solutions and Data Loss Prevention (DLP) are both aging technologies and markets, but conceptually are both very relevant for security and risk leaders. The need for controls to prevent th...

Top Threat #11 to Cloud Computing: Cloud Storage Data Exfiltration

Blog Published: 12/18/2022

Written by the CSA Top Threats Working Group. The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of worklo...

The Top Cloud Computing Risk Treatment Options

Blog Published: 12/17/2022

Cloud threats pose great harm to organizations’ business objectives. Storage, compute, and even network services have been subjected to nefarious attacks. Since cloud compliance and security is a shared responsibility, every organization should collaborate with their cloud service providers to im...

Why Do I Need a Next-Gen Secure Web Gateway?

Blog Published: 12/16/2022

Originally published by Lookout. Written by Stephen Banda, Senior Manager, Security Solutions, Lookout. The internet is now your default corporate network. This has some major perks — it means that your employees can access whatever they need from wherever they need it. But using the interne...

What It Means When We Say “It’s Encrypted”

Blog Published: 12/16/2022

Originally published by ShardSecure. Written by Julian Weinberger, Sales Engineering & Partner Lead, ShardSecure. In the realm of digital security, the term “encryption” is thrown around all the time. But encryption is not always the actual technique being leveraged. Instead, encryption...

How To Understand Impact Through Asset Management and Threat Intelligence, Part 2

Blog Published: 12/16/2022

Originally published by Axonius. Written by Katie Teitler, Axonius. In the first part of this series, “How To Understand Impact Through Asset Management and Threat Intelligence," we discussed cyber asset intelligence and how it, combined with threat intelligence, serves to inform cyber asset mana...

Redshift Security: Attack Surface Explained

Blog Published: 12/15/2022

Originally published by Dig Security. Written by Ofir Shaty and Ofir Balassiano, Dig Security. We have previously discussed (Access and Data Flows, Data Backups and Encryption) security best practices to implement least privileged access on Redshift and reduce the static risk associated with your...

Advanced BEC Scam Campaign Targeting Executives on O365

Blog Published: 12/15/2022

Originally published by Mitiga on August 27, 2022. Mitiga spotted a sophisticated, advanced business email compromise (BEC) campaign, directly targeting relevant executives of organizations (mostly CEOs and CFOs) using Office 365. The attackers combine high-end spear-phishing with an adversary-in...

AWS Security Groups Guide

Blog Published: 12/15/2022

Originally published by Sysdig. Written by Brett Wolmarans, Sysdig. AWS Security Groups (and Network ACLs and VPCs) are some of the fundamental building blocks of security in your cloud environment. They are similar to firewalls, but are ultimately different. You have to understand this topic ve...

Don’t Keep Us in the Dark: Addressing the Cloud Change Management Gap

Blog Published: 12/14/2022

Sean Heide, Research Technical Director at CSA Jez Goldstone, Director of Security Architecture, Cloud & Innovation | CSO Cyber Security Assurance at Barclays Hillary Baron, Sr. Research Technical Director at CSA John Yeoh, Global VP of Research at CSA The innovation in cloud services and pla...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.