Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Data States Security Experts Unhappy With Traditional Tokenization
Published: 12/08/2022

Originally published by Titaniam. Titaniam’s 2022 State of Enterprise Tokenization Survey shows that the vast majority of cybersecurity experts are dissatisfied with their current tokenization tools. In fact, despite spending 1 million dollars annually on tokenization security tools, 99% of respo...

Preventing Unauthorized Usage of Non-Person Entities (NPEs)
Published: 12/08/2022

Originally published by TrueFort. Written by Trish Reilly, TrueFort. What is an “NPE”? For those of you not working at a Federal agency, the acronym ‘NPE’ may be foreign. Or you may know it as service accounts for non-federal organizations. Like any other industry, the US Federal government oft...

What Is eBPF and What Are Its Use Cases?
Published: 12/08/2022

Originally published by Tigera. Written by Reza Ramezanpour, Tigera. With the recent advancements in service delivery through containers, Linux has gained a lot of popularity in cloud computing by enabling digital businesses to expand easily regardless of their size or budget. These advancements ...

Security Program Management (SPM) and Governance, Risk and Compliance (GRC): What’s the Difference?
Published: 12/07/2022

Originally published by Blue Lava. Written by Emily Shipman, Blue Lava. Compliant but not Secure: The Differences Between Governance, Risk and Compliance (GRC) and Security Program Management (SPM) and Why it Matters Security programs bear many responsibilities, but chief among them is the duty t...

Zero Trust is Key to Supply Chain Security
Published: 12/07/2022

Originally published by CXO REvolutionaries. Written by Jeff Lund, Global CISO - Global Information Security, Marsh McLennan. When former director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Chris Krebs spoke at Black Hat 2022, he highlighted two factors that regularly und...

Manual vs. SSPM: Research on What Streamlines SaaS Security Detection and Remediation
Published: 12/07/2022

Originally published by Adaptive Shield. Written by Zehava Musahanov, Adaptive Shield. When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However, w...

5 Tips for CISOs and Boards Navigating the Evolving Regulatory Landscape
Published: 12/06/2022

Originally published by ShardSecure. Written by Marc Blackmer, VP of Marketing, ShardSecure. Corporate boards are facing mounting pressure to “get smart” about data protection as they navigate an evolving regulatory landscape. It starts with a deeper understanding of cybersecurity, but under...

Advancing Trust in a Digital World
Published: 12/06/2022

Originally published by Thales. Written by Welland Chu, Business Development Director, Asia Pac, Thales. The pandemic has accelerated digital transformation beyond anyone’s imagination. Considering the increased cybersecurity risks introduced by digital technologies, what should society do to pre...

“Ahhh, So That’s Why Everyone’s Talking About DSPM”
Published: 12/06/2022

Originally published by Sentra. Written by Galia Nedvedovich, VP Marketing, Sentra. The most satisfying part of working at a startup in the hottest space in cybersecurity - cloud data security - is when I get to witness cloud security pros realize how Data Security Posture Management solves o...

’Tis the Season for eCrime
Published: 12/05/2022

Originally published by CrowdStrike. Written by Bart Lenaerts-Bergmans, CrowdStrike. Financially motivated criminal activities, aka “eCrime,” happen in waves. They come and go as adversaries develop new tools and target vulnerable victims. Similar to how investors track stock market activity usin...

How To Understand Impact Through Asset Management and Threat Intelligence, Part 1
Published: 12/05/2022

Originally published by Axonius. Written by Katie Teitler, Axonius. Cyber attack surface sprawl has become a top concern — and risk factor — for enterprise organizations. Even before the early 2020 mass exodus out of corporate offices, the proliferation of devices and device types touching corpor...

Social Engineering and VPN Access: The Making of a Modern Breach
Published: 12/05/2022

Originally published by Lookout. Written by Hank Schless, Senior Manager, Security Solutions, Lookout. In what seems to be a constant drip of headlines about large enterprises experiencing security incidents, the world most recently learned of a successful data infiltration of rideshare and de...

Top Threat #10 to Cloud Computing: Organized Crime, Hackers, and APT
Published: 12/04/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...

CISOs of the World, Unite!
Published: 12/03/2022
Author: Jim Reavis

This article represents personal commentary from CSA’s Chief Executive Officer Jim Reavis. I have been in the industry long enough to have observed the creation of the Chief Information Security Officer role and the journey to making this person a crucial part of our ecosystem. For almost all ...

Uber’s Internal Network Breach and Business-Critical SaaS Data Compromise
Published: 12/02/2022

Originally published by DoControl on September 16, 2022. Written by Corey O'Connor, DoControl. Multiple sources have reported that Uber has become the next victim to a man-in-the-middle attack with social engineering and Multi-factor Authentication (MFA) compromise at its core. In this example, t...

Detecting and Mitigating CVE-2022-42889 a.k.a. Text4shell
Published: 12/02/2022

Originally published by Sysdig. Written by Miguel Hernández, Sysdig. A new critical vulnerability CVE-2022-42889 a.k.a. Text4shell, similar to the old Spring4Shell and Log4Shell, was originally reported by Alvaro Muñoz on the very popular Apache Commons Text library. The vulnerability is rated...

IBM Cost of a Data Breach 2022 – Highlights for Cloud Security Professionals
Published: 12/02/2022

Originally published by Ermetic. Security professionals are constantly inundated with warnings about the potentially colossal impact of security threats and risks to their organization. But what is colossal in real currency? By understanding how much the cost of a data breach can impact one's org...

Altruism in Information Security, Part 2: Identifying Hurdles Along the Path
Published: 12/01/2022

Originally published by Tentacle. Written by Matt Combs, Tentacle. Welcome back! If you’re joining me for the second part of this series, I’m assuming I didn’t turn you off with my optimistic and ‘rosy’ view of the Altruism-Information Security relationship. That, or you didn’t read Part 1 and ha...

Advisory: Persistent MFA Circumvention in an Advanced BEC Campaign on Microsoft 365 Targets
Published: 12/01/2022

Originally published by Mitiga. Written by Mitiga's Research Team. Mitiga spotted a sophisticated, advanced business email compromise campaign, targeting Microsoft 365 organizations, leveraging inherent weaknesses in Microsoft 365 MFA, Microsoft Authenticator, and Microsoft 365 Identity Protectio...

Definitive Guide to Hybrid Clouds, Chapter 2: Exploring the Roles of NetOps, CloudOps, and SecOps
Published: 12/01/2022

Originally published by Gigamon. Written by Stephen Goudreault, Gigamon. This post explores Chapter 2 of the “Definitive Guide™ to Network Visibility and Analytics in the Hybrid Cloud.” Read Chapter 1 and check back for future posts covering Chapters 3–7. As more organizations move forward with t...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.