Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Letting The Right One In: A Preamble to Device Trust

Published: 11/26/2020

Written by Dave Lewis, Advisory CISO — Global at Duo I’m sorry, do I know you? A typical query that people may ask when confronted by an unknown person who walks up abruptly and starts asking them questions. Oddly though, this sort of response does not happen in many network environments. When ...

CSA Survey Finds Organizations are Shifting their Use of IAM Capabilities in 2021

Published: 11/25/2020

The use of cloud services have continued to increase over the past decade. Particularly in the wake of the COVID-19 public health crisis, many enterprises' digital transformations are on an accelerated track to enable employees to work from home. CSA surveyed these organizations to better underst...

Roadmap to Earning Your Certificate in Cloud Security Knowledge (CCSK)

Published: 11/24/2020

Save 15% off your purchase of a CCSK exam with code CYBERCCSK → In this blog we’ll be taking a look at how to earn your Certificate of Cloud Security Knowledge (CCSK), from study materials, to how to prepare, to the details of the exam, including a module breakdown, passing rates, format etc. Bel...

Cloud Network Security 101: Azure Private Link & Private Endpoints

Published: 11/24/2020

By Becki Lee, Fugue, Inc. | Originally published on Fugue’s Website on September 25th, 2020.Azure offers two similar but distinct services to allow virtual network (VNet) resources to privately connect to other Azure services. Azure VNet Service Endpoints and Azure Private Endpoints (powered by ...

3 Reasons Why You Need to Include a VRM Platform in 2021

Published: 11/23/2020

This blog was originally published by Whistic here. 2020 has been an incredibly long year for all of us. Honestly, we’re ready to start afresh in 2021. As the past months have brought on some unique challenges for InfoSec teams, they have also revealed areas of opportunity and growth regarding ho...

Rent to Pwn the Blockchain - 51% Attacks Made Easy

Published: 11/20/2020

By Kurt SeifriedThis article is not legal or investment advice. This article covers some aspects of 51% attacks (and 34% attacks and some other variations) in DeFi, and some potential solutions to prevent these attacks from succeeding. So where I say “51% Attack” I mean “all attacks where you get...

CCSK Success Stories: Common Pitfalls in Managing Outsourced Cloud Projects

Published: 11/19/2020

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

The Multi-Factor Factor (or How to Manage Authentication Risk)

Published: 11/18/2020

By Wendy Nathers, Head of Advisory CISOs at DuoAs we debate the necessity of various authentication factors, particularly for passwordless projects, it’s good to take a step back and remember how we got here. There are key three types of authentication:The 3 Key Types of Authentication1. “Somethi...

What is Cloud-Based Tokenization?

Published: 11/17/2020

By Dillon Phillips from TokenExAs more technologies migrate to the cloud in pursuit of digital transformation, security is no exception. Many people are likely familiar with the term "cloud," but not everyone knows just what is cloud security. Overall, cloud computing offers an effective, afforda...

Circle - The Most Vital Cybersecurity Community

Published: 11/16/2020

Written by Jaclyn Parton, Marketing Coordinator at CSA At CSA, building community is at the core of our mission. Since our beginning in 2009, CSA has been providing a forum through which diverse parties, such as CISOs, security practitioners, students, professors, and all of the cybersecurity ...

Seven Steps to defining the art of the possible in DevOps

Published: 11/14/2020

By Craig Thomas from the CSA Washington DC Chapter and VP of Engineering at C2 LabsWe all love buzzwords, and one over the last couple/few years has been DevOps. What in the world does it mean? I have talked to people that think it means Agile/SCRUM methodology, while others think it is just Dock...

​California Privacy Rights Act: What Are the Consequences for Cloud Users?

Published: 11/13/2020

Francoise Gilbert, DataMinding, Inc.California voters approved Proposition 24 on November 3, 2020, paving the way to the California Privacy Rights Act (CPRA), which, on January 1, 2023, will replace California’s current data protection law, the California Consumer Privacy Act (CCPA). CPRA slightl...

Cloud Network Security 101: Azure Virtual Network Service Endpoints

Published: 11/12/2020

By Becki Lee, Fugue, Inc.Originally published on Fugue’s Website on October 8, 2020Level: AdvancedReading Time: 4 minutesMicrosoft Azure offers two similar but distinct services to allow virtual network (VNet) resources to privately connect to other Azure services. Azure VNet Service Endpoints an...

The Way You Protect Your Customers' Data Is Fundamentally Changing

Published: 11/10/2020

By WhisticAs an InfoSec professional, you’ve seen your fair share of growth and change in the industry. Information security presents an interesting challenge because the technology is actively solving for very real threats and risks. As the technology used by malicious forces grows and expands i...

What is cloud security? How is it different from traditional on-premises network security?

Published: 11/09/2020

Written by Ryan Bergsma, Training Director at CSACloud is also becoming the back end for all forms of computing, including the ubiquitous Internet of Things and is the foundation for the information security industry. New ways of organizing compute, such as containerization and DevOps are insepar...

SaaS Security Series: Salesforce Guest User Log Analysis

Published: 11/05/2020

By Drew Gatchell, Senior Engineer at AppOmniIn early October, Security Researcher Aaron Costello published a blog detailing how to leverage Aura (aka Lightning) Controllers as an anonymous guest user to extract and manipulate data within a misconfigured Salesforce Community, Portal, or Site.This...

CCSK Success Stories: Cloud Security Education and the Digital Transformation

Published: 11/04/2020

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

The 10 Best Practices in Cloud Data Security

Published: 11/03/2020

By Branden Morrow from TokenExCloud Data Security Best Practices OverviewWhat exactly is cloud data security?Cloud security is the culmination of technologies and procedures that secure cloud computing environments against cybersecurity threats originating externally and internally. With cloud co...

Why lions shouldn’t invest in DeFi Smart Contracts

Published: 11/02/2020

By Kurt Seifried, Chief Blockchain Officer at Cloud Security AllianceThis article is not legal or investment advice, it covers some aspects of front running in DeFi, and potential security solutions. This article also assumes you have a relatively deep understanding of the following Blockchain/DL...

Five Actions to Mitigate the Financial Damage of Ransomware

Published: 10/30/2020

By Eran Farajun, Executive Vice President at Asigra, Inc.Ransomware attacks have become a regular occurrence for organizations today, with events that are increasingly targeted, sophisticated, and costly. According to recent reports by the Federal Bureau of Investigation[1], cybercriminals are ta...

Browse by Topic