Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
​Securing the multi-cloud environment through CSPM and SSPM

Published: 07/13/2020

By the CipherCloud TeamMisconfigurations are the biggest cause of data breaches in the cloud, exposing more than 33 billion records and costing companies close to $5 trillion in 2018 and 2019. - DivvyCloudIt took decades to convince IT leaders to move to the cloud. In the initial years, cloud ado...

Cryptocurrencies, Digital assets, Tokens and Blockchain maturity is coming soon

Published: 07/10/2020

By Kurt Seifried, Chief Blockchain Officer, CSTautology - a statement that is true by necessity or by virtue of its logical form.Blockchains are going to rapidly gain maturity because people are using blockchains, because they are rapidly gaining maturity. Essentially we’re at the inflection poin...

What Does Proactive Vendor Security Mean?

Published: 07/10/2020

By the Whistic TeamAs an InfoSec professional, you have probably heard the term “proactive vendor security” tossed around. But what exactly does proactive vendor security mean?Looking for a deeper meaningOn the surface, proactive is the opposite of reactive. Instead of waiting around for issues, ...

Night of the Living Cloud (aka CSA Federal Summit) Part 1 of 2

Published: 07/09/2020

By Jim Reavis, Co-founder and Chief Executive Officer, CSAIf you want to get a feel for what the zombie apocalypse might be like, I highly recommend taking a business trip right now. It provides a surreal experience without the hassle of someone trying to eat your brains. It was thus for me as I ...

New Paper Offers Practical Guidance on Automating Security in DevSecOps

Published: 07/07/2020

By Souheil Moghnie, NortonLifeLock Today, SAFECode is excited to join the Cloud Security Alliance in sharing a new report offering practical guidance on integrating security automation into the software development lifecycle. The paper, The Six Pillars of DevSecOps: Automation, was developed in c...

FTC Guidance - Six Steps Toward More Secure Cloud Computing

Published: 07/06/2020

By Francoise Gilbert – DataMinding, Inc.The June 15, 2020 FTC Blogpost, titled Six Steps Towards More Secure Cloud Computing provides a concise, valuable checklist for businesses that use or intend to use cloud services, so that they make their use of cloud services safer. The document is a remin...

Cloud Risk Management

Published: 07/02/2020

By Ashwin Chaudhary with AccedereCloud Risk Management is an important aspect in today’s world where majority of the organizations have adopted the cloud in some form or the other. Cloud risks continue to remain high for a CISO or a CIO and is gaining more importance in today’s world where more o...

Data Discovery to Rescue Historical Data from Compliance Violations

Published: 07/01/2020

By Ishani Sircar, Product Marketing Manager at CipherCloudAs technology evolved and the world migrated to the cloud, the amount of data in the cloud increased at a rapid pace and most organizations in trying to keep pace overlooked security best practices. Organizations are sitting on tons of hi...

United States–Mexico–Canada Agreement: Digital Trade Provisions: NAFTA 2.0 meets the Internet

Published: 06/30/2020

By Francoise Gilbert, DataMinding, Inc.The United States–Mexico–Canada Agreement (USMCA) enters into effect on July 1, 2020. Nicknamed “NAFTA 2.0” because it replaces the North America Free Trade Agreement (NAFTA), the USMCA addresses a number issues that had not been tackled by its predecessor, ...

How to secure cloud-based collaboration, emails, and messaging apps

Published: 06/23/2020

By Ishani Sircar, Product Marketing Manager at CipherCloudWe can secure information across multiple enterprise cloudsData leaks. Data breaches. Tighter security controls. Yet more breaches. A continuing cat-and-mouse-game. As both the way we do business in a distributed environment and apps matur...

3 Big Amazon S3 Vulnerabilities You May Be Missing

Published: 06/18/2020

By Drew Wright, Co-Founder Fugue, Inc. When there’s a data breach involving Amazon Web Services (AWS), more often than not it involves the Amazon S3 object storage service. The service is incredibly popular. Introduced way back in 2006 when few knew what the cloud was, S3 is highly scalable, reli...

Five Step UEBA to Detect and Stop Insider Attacks

Published: 06/16/2020

By Ishani Sircar, Manager, Product Marketing at CipherCloudEvery year, more than 34% of businesses worldwide are affected by insider threats. (Source: Sisa Infosec)Despite various investments in security, most organizations are still susceptible to data breaches due to bad actors. The losses fro...

The Octopus Scanner Malware: Attacking the open source supply chain

Published: 06/10/2020

By Alvaro Muñoz at GitHubSecuring the open source supply chain is an enormous task. It goes far beyond a security assessment or just patching for the latest CVEs. Supply chain security is about the integrity of the entire software development and delivery ecosystem. From the code commits themselv...

New Data Protection Law Enacted in Dubai Emirate

Published: 06/08/2020

By Francoise Gilbert, Cybersecurity and Privacy Expert, Cloud Security AllianceDubai has enacted a new data protection law that replaces the current privacy law, law N. 1 of 2007. The new 50-page law, which modernizes the current data protection law, will come into effect on July 1, 2020, at whic...

Detect and Track Threats Through UEBA and Incident Governance

Published: 06/02/2020

By Ishani Sircar, Product Marketing Manager at CipherCloudThe Rise of the Unmanaged DevicesMost organizations are predicting an increased remote workforce and adoption of SaaS apps in the coming years. Remote work environments have led to a rapid adoption of data sharing and collaboration apps, B...

Cloud Cybersecurity and the Modern Applications (part 3)

Published: 05/28/2020

By Francesco Cipollone, Chair at Cloud Security Alliance UK Chapter and Director at NSC42 Ltd.Hybrid Patterns in AzureIn new cloud deployment, it is common to see organizations using a combination of multiple cloud environments or methodologies. Managing access control in a single appliance is al...

Cloud Cybersecurity and the Modern Applications (part 2)

Published: 05/27/2020

By Francesco Cipollone, Chair at Cloud Security Alliance UK Chapter and Director at NSC42 Ltd. Use cases and common pitfallsSecurity appliance vendors are still updating their appliances to include typical cloud architecture that integrates into the cloud provider fabric more efficiently. Some ot...

Pen Testing in the Age of Cloud

Published: 05/26/2020

By Josh Stella, CTO and co-founder of FugueLately, we at Fugue have been demonstrating live hacks against cloud infrastructure based on real events in the news. We often walk through a theft of data from Amazon S3 by exploiting little-known misconfigurations of Security Groups, EC2, IAM, and S3 i...

Cloud Cybersecurity and the Modern Applications (part 1)

Published: 05/26/2020

By Francesco Cipollone, Chair at Cloud Security Alliance UK Chapter and Director at NSC42 Ltd.Modern enterprises tend to utilize a mix or hybrid of cloud services like IaaS, PaaS and SaaS (Infrastructure/Platform/Software as a Service) to develop cloud applications. In a hybrid situation designi...

The road to the cloud- The story of public versus private

Published: 05/14/2020

By Dr. Wendy Ng - DevSecOps Security Advisor for ExperianWe are on the cusp of being a quarter of a way through the 21st century and you need to decide. Public or private cloud? But, what do these terms actually mean? Let me help walk you through and hopefully by the end of the article you will h...

Browse by Topic