Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Cloud Cybersecurity and the Modern Applications (part 3)

Published: 05/28/2020

By Francesco Cipollone, Director of Events - Cloud Security Alliance UK ChapterHybrid Patterns in AzureIn new cloud deployment, it is common to see organizations using a combination of multiple cloud environments or methodologies. Managing access control in a single appliance is already a struggl...

Cloud Cybersecurity and the Modern Applications (part 2)

Published: 05/27/2020

By Francesco Cipollone, Director of Events - Cloud Security Alliance UK Chapter Use cases and common pitfallsSecurity appliance vendors are still updating their appliances to include typical cloud architecture that integrates into the cloud provider fabric more efficiently. Some others are instea...

Pen Testing in the Age of Cloud

Published: 05/26/2020

By Josh Stella, CTO and co-founder of FugueLately, we at Fugue have been demonstrating live hacks against cloud infrastructure based on real events in the news. We often walk through a theft of data from Amazon S3 by exploiting little-known misconfigurations of Security Groups, EC2, IAM, and S3 i...

Cloud Cybersecurity and the Modern Applications (part 1)

Published: 05/26/2020

By Francesco Cipollone, Director of Events - Cloud Security Alliance UK Chapter Modern enterprises tend to utilize a mix or hybrid of cloud services like IaaS, PaaS and SaaS (Infrastructure/Platform/Software as a Service) to develop cloud applications. In a hybrid situation designing of the acce...

The road to the cloud- The story of public versus private

Published: 05/14/2020

By Dr. Wendy Ng - DevSecOps Security Advisor for ExperianWe are on the cusp of being a quarter of a way through the 21st century and you need to decide. Public or private cloud? But, what do these terms actually mean? Let me help walk you through and hopefully by the end of the article you will h...

Mobile-Connect Controls for Secure Remote Working

Published: 05/12/2020

By Neeraj Nayak, Sr. Product Marketing Manager, CipherCloudEndpoint security, today, has emerged as one of the biggest cybersecurity concerns in the industry. Due to the worldwide shift to remote workforce model, we are witnessing two major trends in the industry - (a) adoption of SaaS applicatio...

Why is Cloud DLP the most important technology for SaaS apps?

Published: 05/07/2020

By Neeraj Nayak, Sr. Manager, Product Marketing at CipherCloudData Loss Prevention (DLP) is not a new concept in the market. DLPs have been an integral part of data security software for over a decade. DLP is defined as a set of tools or technology that can detect and classify sensitive content w...

The State of Cloud Security 2020 Report: Understanding Misconfiguration Risk

Published: 05/05/2020

By Drew Wright, Fugue IncCloud misconfiguration remains the top cause of data breaches in the cloud, and the COVID-19 crisis is making the problem worse. These are among the findings of Fugue’s new State of Cloud Security 2020 survey. Nearly everyone is now working from home, and 84% are concerne...

What is a “Cloud Service Provider”

Published: 04/30/2020

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceDefining what is a Cloud Service Provider is not as easy as one might think, especially if you are an enterprise organization wondering if your vendors are servicing you from the cloud or not. A cloud service provider, or CSP...

Why Better Security is the First Step to Greater Trust

Published: 04/30/2020

By Tim Mullahy, Executive Vice President and Managing Director, Liberty One CenterWe are currently in the midst of a technological renaissance, and the world is going digital. On the one hand, that’s great. Innovations such as the Internet of Things (IoT) come hand-in-hand with incredible benefit...

Human and cyber-pandemic: the importance to get ready

Published: 04/28/2020

By Daniele Catteddu, Chief Technology Office, Cloud Security AllianceIronically, 2020 was supposed to be the year in which our luminous predictions of wealth and development would materialize. The advent of the Zeta-bytes word, trillions of smart devices in our all-encompassing smart environments...

Nine mandates to secure your remote workforce

Published: 04/22/2020

By Ishani Sircar, Manager, Product Marketing at CipherCloudAre We in a Cloud-First Environment?Let us look at a regular workday: A few updates on Slack, followed by emails on Microsoft Outlook, updating attendance on Workday, a few meetings with partners on Microsoft Teams, updating the status o...

Top 10 Audio/Video Conferencing Security Best Practices

Published: 04/22/2020

By Michael Born, Sr. Security Consultant at SecureSkyWith the recent shift of much of the global workforce to home office work environments, it’s a good time to revisit Audio/Video conferencing security best practices. In this blog we will highlight what we consider the Top 10 ways you can train ...

Cloud Incident Response: Guideline for the Dark Cloudy Days

Published: 04/22/2020

By Prof. Alex SIOW, Professor (Practice) in the School of Computing, NUS & LIM Soon Tein, Vice President, IT, ST Engineering ElectronicsGiven today’s evolving threat landscape, incident response (IR) strategy for safeguarding is no longer optional. In 2019 alone, the cloud realm saw countless...

Secure Historical Cloud Data with Cloud Data Discovery

Published: 04/14/2020

By the Cipher Cloud TeamIn today's era, a cloud-first strategy has become the new norm. Providing competitive advantage with improved business agility at lower infrastructure and deployment costs. Cloud services are gaining significant inroads in the industry, with enterprises deploying multiple ...

Coronavirus today and cybersecurity tomorrow

Published: 04/08/2020

By Jim Reavis, Co-Founder and CEO, CSAThe Black Swan event that is Coronavirus is a challenge for our times that we must win. Some may say that this pandemic should not be called a Black Swan event because we had the warning signs. However, the Internet is a great archive and you cannot find a ...

Network Security for the Cloud and Mobile Workforce

Published: 04/08/2020

By Etay Bogner, VP of Zero-Trust Products at ProofpointAn increasing number of enterprises today have made large-scale shifts to cloud-based IT resources by putting their applications in the cloud, subscribing to ready-to-use software-as-a-service (SaaS) applications, and supporting an expanding ...

CSA kicks off project to create a security framework for blockchain and cryptocurrencies.

Published: 04/06/2020

Like many new technologies, many industries are moving ahead with experimentation and deployments of DLT (Distributed Ledger Technology), especially in the finance sector. The benefits offered by DLTs such as tamper evident and tamper proof records, near instant settlement via smart contracts and...

Why use the CAIQ for vendor analysis vs. other questionnaires?

Published: 04/04/2020

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceSecurity assessments, security questionnaires, vendor assessments, RFPs are all unavoidable in today’s world of cloud computing and drain valuable resources and time when completing them. However, they’re a big part of closin...

Using Open Policy Agent (OPA) to Apply Policy-as-Code to Infrastructure-as-Code

Published: 04/02/2020

Originally published as: Pre-deployment Compliance Checks with Regula and Terraform By Becki Lee, Senior Technical Writer, Fugue, Inc. Infrastructure-as-code is a programmatic way of defining and provisioning cloud resources. By treating infrastructure configuration as code, you can apply progr...

Browse by Topic