Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Five Actions to Mitigate the Financial Damage of Ransomware

Published: 10/30/2020

By Eran Farajun, Executive Vice President at Asigra, Inc.Ransomware attacks have become a regular occurrence for organizations today, with events that are increasingly targeted, sophisticated, and costly. According to recent reports by the Federal Bureau of Investigation[1], cybercriminals are ta...

Cloud Security: The Necessity of Threat Hunting

Published: 10/28/2020

By the CSA Minnesota ChapterWhat is threat hunting?Threat hunting is the proactive search for real and potential threats that may be hidden in a network’s environment. These threats are tricky and malicious and are designed to pass through endpoint defenses undetected. If unfound, these attacks c...

6 Data Governance Best Practices in 2020

Published: 10/27/2020

By Dillon Phillips from TokenExData governance is an essential practice in today’s digital landscape, but it's a broad topic that needs to be deeply understood in order to be implemented efficiently and effectively. Building on the information we introduced in our previous post (“What is Data Gov...

Over 200 Documented Blockchain Attacks, Vulnerabilities and Weaknesses

Published: 10/26/2020

By Kurt Seifried, Chief Blockchain Officer at Cloud Security AllianceBlockchain attacks are very hot right now for one simple reason: it’s where the money is. If you attack and compromise a database you need to take that data and then sell it to monetize your attack. If you compromise a web serve...

​Vendor Management Software Evaluation: How to Get Executive Buy-In

Published: 10/23/2020

Written by WhisticFor most InfoSec teams, the benefits of a vendor risk management platform are well defined. From making it easier to mitigate third-party risk to ensuring your internal team and external vendors are on the same page, vendor management software is a must-have in today’s open-sour...

​Mitigation Measures for Risks, Threats, and Vulnerabilities in Hybrid Cloud Environment

Published: 10/22/2020

Written by: ZOU Feng, Co-Chair, Hybrid Cloud Security Working Group & Director of Cloud Security Planning and Compliance, HuaweiNarudom Roongsiriwong, Co-Chair, Hybrid Cloud Security Working Group & SVP and Head of IT Security, Kiatnakin BankGeng Tao, Senior Engineer of Cloud Security Pla...

Data Privacy vs. Data Security: What is the Core Difference?

Published: 10/20/2020

This blog was originally published on TokenEx.Written by Dillon Phillips from TokenExFor organizations that collect or manage data—and individuals who own it—private data and the security of that data should not be taken lightly. They are primary concerns when undertaking the process of protectin...

How secure are your SaaS applications?

Published: 10/19/2020

Written by Ian Sharpe, Product Leader at AppOmni The dynamic nature of protecting the enterprise technology stack has always been a challenge for security teams. The complexities of this year, however, have forced teams to consider a new set of paradigms and additional risks given the abrupt shif...

What is the Cloud Controls Matrix (CCM)?

Published: 10/16/2020

By Eleftherios Skoutaris, Program Manager for CCM Working Group at Cloud Security AllianceWhat is the Cloud Controls Matrix?The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing. It is a spreadsheet that lists 16 domains covering all key aspects of cloud tec...

How to Address the Security Risks of Cloud OS

Published: 10/15/2020

Written by: Xiaoyu Ge, co-chair of the Cloud Component Specifications Working GroupFrom a user perspective, the cloud is a service. However, for cloud service providers, integrators, and channel partners who construct or build the cloud, it is a system that may comprise many separate components. ...

AWS Cloud Security Report 2020 for Management: Managing the Rapid Shift to Cloud

Published: 10/14/2020

By CloudPassageNew cloud technologies, including infrastructure as code, containers, and machine learning help organizations increase efficiency and scalability, but also introduce the potential for new security vulnerabilities. As more companies rapidly migrate toward flexible cloud solutions th...

​Thinking Like a Cloud Hacker: Part 1

Published: 10/13/2020

Originally Published September 30, 2020 on Fugue’s websiteBy Josh Stella Co-Founder and CTO, FugueIn writing this, my objective is to examine some real world, published cloud exploits and examine both the motivations and techniques of the hackers responsible for them so that you can understand wh...

​CCSK Success Stories: From a Security Consultant

Published: 10/12/2020

By Dr. Ricci Ieong, Principal Consultant at eWalker Consulting In your current role at eWalker Consulting (HK) Ltd as a Consultant, you undertake consulting for clients. Can you tell us about what your job involves?As the principal consultant, I lead the security review, assessment, consultancy s...

Using CSA’s Implementation Guide for SAP to securely migrate and operate ERP applications in the cloud.

Published: 10/09/2020

By Juan Perez-Etchegoyen, chair of the Enterprise Resource Planning working group, and CTO of Onapsis.With the increasingly growing adoption of cloud models across Enterprise Resource Planning (ERP) applications, organizations need to increase the level of attention and controls provided to the ...

New 2020 Survey Report on Security Practices in HPC & HPC Cloud

Published: 10/08/2020

Written by: Guan Sin Ong and Andrew HowardWith the current trend of HPC workloads and infrastructure increasingly becoming cloud-like (e.g., resource pooling, rapid elasticity, on-demand self-service), or interacting with the cloud (e.g., bursting), security will become a greater concern at an ac...

Complementing Your CSPM with Runtime Cloud Workload Protection

Published: 10/07/2020

Written by IntezerThere are many solutions available for securing your cloud applications and workloads. Even after doing your due diligence and making an investment, it can take a long time to provide value. CISOs report Cloud Security Posture Management (CSPM) and other pre-runtie vulnerability...

Improving Data Security for SaaS Apps - 5 Key Questions every CISO needs to ask

Published: 10/06/2020

By Matt Hines, VP of Marketing at CipherCloud & Neeraj Nayak, Sr. Product Marketing Manager at CipherCloud Summary: The rapid uptake of game-changing SaaS applications has been transforming the way organizations do business long before COVD-19 emerged and the remote workforce exploded overn...

AWS Security Best Practices: Cloud Security Report 2020 for InfoSec

Published: 10/05/2020

By CloudPassageThis year, many companies have made a rapid shift to the cloud in response to the enduring COVID-19 pandemic. By adopting new IaaS and PaaS solutions or expanding their existing footprints in the cloud, companies are able to support a growing work-from-anywhere workforce. However, ...

No Free Rides With Your OAuth Tokens

Published: 10/03/2020

By Ian Sharpe, Product Leader at AppOmni It’s just another typical Wednesday in May. You’ve received an email from one of your contacts, someone with whom you haven’t spoken to in years. They’ve shared a Google Docs with you. It seems a bit odd, but you’re curious, so you click on the “Open in D...

Shared Responsibility Model Automation: Automating Your Share Part 2

Published: 09/30/2020

By CloudPassageIn Part 1 of our Shared Responsibility blog series, we provided a detailed overview to help you understand security in a public, hybrid or multi-cloud environment. We broke down the infrastructure stack, explained the responsibilities taken by the cloud service provider, and where ...

Browse by Topic