Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
How Cloud Vendors Confront Cloud Migration Challenges
Published: 11/29/2021

This blog was originally published by Vulcan Cyber here. Written by Yaniv Bar-Dayan, Vulcan Cyber co-founder and CEO. The major cloud service providers (CSPs) and other tech giants are stepping up their security game – introducing native offerings to aid their customers in the face of cloud migra...

CISOs Need a Break. Your Security Tech Stack Should Provide It.
Published: 11/29/2021

By Fausto Lendeborg, Secberus. Chief information security officers of enterprise organizations face increasingly complex environments. Whether it’s: The constant presence of change, ITPro. says, “Security is one of the most complex parts of any organisation, and its parameters can chang...

What is Ransomware?
Published: 11/28/2021
Author: Dr. Jim Angle

.Contributions by: Michael Roza and Vince Campitelli Ransomware is a rapidly growing problem that has increased 715% year-over-year, according to the latest Threat Landscape Report 2020 by Bitdefender (Bitfinder, 2020). Ransomware is highly profitable, which has made it the fastest growing malwar...

Spies Hack Cloud Supply Chains Because That's Where the Data Is
Published: 11/26/2021

This blog was originally published by Authomize on October 28, 2021. Written by Gabriel Avner, Authomize. Microsoft announced this week that the Russian hacking crew APT 29 (aka Nobelium) was detected targeting cloud service providers in an attempt to reach those organizations’ customers as part...

Improving Customer Account Management with Security Transparency
Published: 11/26/2021

This blog was originally published by SafeBase here. Written by Kevin Qiu, SafeBase. According to the Identity Theft Research Center, data breaches increased year-over-year once again in 2021, with the number exceeding 2020's breaches by October. Supply chain security in particular is now top-of-...

Better Together: CMDB + CSPM = Cloud Native Cyber Asset Management
Published: 11/24/2021

This blog was originally published by JupiterOne here. Written by Tyler Shields, JupiterOne. There is a lot of confusion out there when it comes to cloud native IT and cloud security tools. Things have gotten rather complicated over the last few years as we migrate our security and technology sta...

The Fourth Dimension of Security Risk Management
Published: 11/24/2021

This blog was originally published by Orca Security here. Written by Andy Ellis, Advisory CISO for Orca Security. When security professionals talk about risk, especially with business executives, we often use metaphors rooted in the physical world. We might talk about coverage, and compare it to ...

Security Spotlight: Large Data Leaks, New COVID-19 Scams, and Fast Ransomware Attacks
Published: 11/23/2021

This blog was originally published on October 12, 2021 by Bitglass. Written by Jeff Birnbaum, Bitglass. Here are the top security stories from recent weeks: Twitch Leak Exposes Personal DataCox Media Group Confirms Ransomware AttackXgroup Attackers Offer to Hack EU Hospitals in COVID-19 Vaccine S...

Identity-First Security is the New Perimeter
Published: 11/23/2021

This blog was originally published by Authomize here. Written by Gabriel Avner, Authomize. In May, the Biden Administration issued a new Executive Order calling to modernize the nation’s defenses against the steady escalation of cyber attacks that have hit the United States over the past year. In...

Modernizing Security Operations with XDR
Published: 11/22/2021

This blog was originally published by Cisco here. Written by Aaron Sherrill, Senior Research Analyst at 451 Research. Set the Stage: A World Without XDRSecurity operations teams at most organizations are overwhelmed by the sheer number of security products they’re required to manage.Over the cour...

Defining an Effective Multi-Cloud Strategy: Identifying Vulnerabilities Before They Wreak Havoc
Published: 11/22/2021

This blog was originally published by Alert Logic here. It’s not news that organizations are facing a growing number and frequency of cyber threats, nor that new, sophisticated attacks are evading traditional security tools. But the growing threat that companies face is the complexity of the...

DevSecOps and Misconfigurations: Key Facts to Know
Published: 11/21/2021
Author: Hillary Baron

Secure DevOps, DevSecOps, and “shifting left” have become increasingly popular terms in cybersecurity. With the rapid increase both in volume and speed to delivery of applications, attacks on applications have also increased in both volume and complexity. Combine this with the shortage of cyberse...

STAR Testimonial: Implementation and Beyond
Published: 11/20/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores...

Building a Security Training Testbed for Azure
Published: 11/19/2021

This blog was originally published by Adobe here. Written by Akriti Srivastava, Security Analyst, Adobe OpSec Team. With any cloud platform, a lack of understanding of required security controls and unintentional misconfigurations can bring additional risk to the DevSecOps process. A test envi...

Achieving Zero Trust Remote Access with Privileged Access Management
Published: 11/19/2021

Written by Matt Miller, BeyondTrust. The radical shift to embrace largescale remote work—and even a work-from-anywhere mindset, the accelerated pace of digital transformation, the proliferation of ransomware, and massive breaches (i.e. SolarWinds Orion, Colonial Pipeline, etc.) together have kick...

A Practical Guide to the Different Compliance Kubernetes Security Frameworks and How They Fit Together
Published: 11/18/2021

This blog was originally published by ARMO here. Written by Jonathan Kaftzan, ARMO. TL;DR - Comparing popular Kubernetes security and compliance frameworks, how they differ, when to use, common goals, and suggested toolsThe challenge of administering security and maintaining compliance in a Kuber...

Why Cloud-Ready, Centralized AppSec Must Underpin State Government Cloud Adoption
Published: 11/17/2021

This blog was originally published by Checkmarx here. Written by Rebecca Spiegel, Checkmarx. State and local governments are accelerating their use of the cloud as they focus on delivering more digital services with fewer resources and continue responding to pandemic pressures. In a recent Fe...

Data Security and Privacy-related ISO/IEC Certifications
Published: 11/17/2021

Written by Ashwin Chaudhary, CEO of Accedere. In this blog, we will focus on Data Security and Privacy-related ISO/IEC Certifications. With the cybercrime market targeting 10.5 Trillion USD and increasing data security breaches, the need for third-party vendor certifications is also increasin...

Multi-Cloud Security: What You Need to Know
Published: 11/16/2021

This blog was originally published by Vulcan Cyber here.Written by Orani Amroussi, Vulcan Cyber.The multi-cloud approach is becoming increasingly popular among companies looking to take advantage of its agility, innovation, potential cost savings, and the flexibility to choose the best of what ea...

Two Truths and a Lie About Cloud Security
Published: 11/15/2021

This blog was originally published by JupiterOne here. Written by Ashleigh Lee, JupiterOne. Cloud technology saved many businesses from catastrophe during this past year, but it’s also introduced additional challenges to security, compliance, and governance practices. The pandemic, with the s...

Browse by Topic
Write for the CSA blog
Submit your blog proposal