Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
CCSK Success Stories: From a CISO and Chief Privacy Officer
Published: 07/01/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

What is the CSA Cloud Controls Matrix and Why Should Everyone on the Cloud Care?
Published: 07/01/2022

This blog was originally published by Pivot Point Security here. If you’re not on the cloud you must be very afraid of heights. With nearly 100% of businesses now using cloud services, how are cloud service providers (CSPs) proving to customers and other stakeholders that they are secure?To talk ...

Five Steps to a Secure Cloud Architecture
Published: 06/30/2022

This blog was originally published by Fugue here. By Josh Stella, Chief Architect, Snyk, Co-Founder, Fugue. Cloud computing cyberattacks don’t play out like the scenes from Hollywood thrillers. No one is slowly lowering Tom Cruise into a preselected target’s secure data center equipped with u...

Definitive Guide to Kubernetes Admission Controller
Published: 06/30/2022

This blog was originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO.What is Kubernetes Admission Controller?Kubernetes Admission Controller is an advanced plugin for gating and governing the configuration changes and workload deployment in a cluster. Admission Contr...

Understanding Compliance Platform Capabilities: Black Box Automation Has its Limitations
Published: 06/29/2022

This blog was originally published by Coalfire here.Written by Dixon Wright, VP of Product Management, Coalfire.Compliance is hard. It is not a “black box” of opaque inputs and outputs, where systems and data are hidden and where users are oblivious to their inner workings. There has yet to be a ...

How to Protect Your Crypto from Hackers
Published: 06/29/2022

This blog was originally published by TokenEx here.Written by Valerie Hare, Content Marketing Specialist, TokenEx.A McAfee report, "The Hidden Costs of Cybercrime," states that over $4 billion in cryptocurrency was stolen and nearly $1.4 billion was stolen in the first five months of 2020. While ...

What We Get Wrong About Ransomware
Published: 06/29/2022

This blog was originally published by Forbes and Nasuni. Written by Andres Rodriguez, founder and CTO of Nasuni. We live in the age of ransomware. This persistent threat remains top of mind for CEOs, their boards, CIOs, CISOs and everyone in the line of fire in IT. Yet we still get so much wrong ...

SynLapse – Technical Details for Critical Azure Synapse Vulnerability
Published: 06/28/2022

This blog was originally published by Orca Security on June 14, 2022. Written by Tzah Pahima, Orca Security. One attack vector closed, additional hardening is recommended This blog describes the technical details of SynLapse, in continuation to our previous blog. We waited to publish until now in...

Enabling Pervasive Zero Trust
Published: 06/28/2022

This blog was originally published by CrowdStrike on March 9, 2022. Written by George Kurtz, CrowdStrike. The security problems that plague organizations today actually haven’t changed much in 30 years. Weak and shared passwords, misconfigurations and vulnerabilities are problems that have tormen...

CSA and the Cyber Risk Institute: CCM Addendum for the Financial Sector
Published: 06/28/2022
Author: Daniele Catteddu

The CSA Cloud Controls Matrix (CCM) is 11 years old. Almost a teenager! Over time it has evolved and matured and has been a fundamental piece of the cloud journey for several thousands of organizations worldwide. Virtually any organization willing to implement cloud computing in a secure way has ...

Securing Your Cloud Transformation Journey with Smart Cybersecurity Investments
Published: 06/27/2022

Written by Syam Thommandru, VP, Global Alliances and Product Management, Cybersecurity & GRC Services, HCL Technologies and Vinay Anand, VP, Prisma Cloud, Palo Alto Networks. There is no denying that cloud is the new norm. As a critical enabler of business during the pandemic, more businesses hav...

What a More Holistic Approach to Cloud-Native Security and Observability Looks Like
Published: 06/27/2022

This blog was originally published by Tigera here. Written by Laura Ferguson, Tigera. The rise of cloud native and containerization, along with the automation of the CI/CD pipeline, introduced fundamental changes to existing application development, deployment, and security paradigms. Because clo...

Organizations Strengthen Their Cybersecurity Defense Against Ransomware and Cyber Attacks
Published: 06/27/2022

This blog was originally published by A-LIGN here. Written by Patrick Sullivan, VP of Customer Success, A-LIGN. To date, 2021 was the most disruptive year with regards to cyberattacks — and it’s looking like 2022 could be even more challenging for organizations who are still working to implement ...

#1 Threat to Cloud Computing: Insufficient Identity, Credential, Access, and Key Management
Published: 06/25/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...

Four Reasons for Alert Fatigue and How to Make It Stop
Published: 06/24/2022

This blog was originally published by LogicHub here. Written by Ryan Thomas, VP of Product Management, LogicHub. Alert (or alarm) fatigue is the phenomenon of becoming desensitized (and thus ignoring or failing to respond appropriately) to signals meant to warn us about emergencies.IT security...

What to Look for in a CNAPP Solution
Published: 06/24/2022

Written by Aqua Security. As large-scale cloud native deployments become more prevalent, enterprises are trying to bring greater efficiency and speed to cloud native security. To do this, they’re moving to shift security left, implementing intelligent automation, cloud security posture management...

Security as a Differentiator: How to Market the Secure Customer Experience
Published: 06/23/2022

This blog was originally published by Coalfire here.Written by Nathan DeMuth, Vice President, Cloud Services, Coalfire.Leveraging software development lifecycle security as a go-to-market differentiator is imperative in setting companies apart from competitors. As Coalfire’s Cloud Advisory Board ...

3 Vulnerability Management Challenges for SAP Applications (and How to Overcome Them)
Published: 06/23/2022

This blog was originally published by Onapsis here.Written by Maaya Alagappan, Social Media and Content Strategist, Onapsis.Business-critical applications have never been more vulnerable. The increasing complexity and size of application environments, customization of individual apps, and growing...

Supply Chain Attack: CTX Account Takeover and PHPass Hijack Explained
Published: 06/23/2022

This blog was originally published by Orca Security on June 13, 2022. Written by Lidor Ben Shitrit, Orca Security. When discussing supply chain attacks, it is important to remember that they rely on a trusted third-party vendor who offers essential services or software to the supply chain. If a p...

The War On Data: Three Defense Mechanisms Your Business Needs To Adopt
Published: 06/22/2022

This blog was originally posted to the Forbes Technology Council and Nasuni.Written by Andres Rodriguez, Nasuni. We have entered an unusual new age of security. The Colonial Pipeline incident, which cut off a major source of fuel for the Eastern United States, was a reminder that bad actors are o...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.