Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Agents are Not Enough: Why Cloud Security Needs Agentless Deep Scanning
Published: 10/20/2021

This blog was originally published by Wiz here.Written by Josh Dreyfuss, Wiz.Cloud environments are characterized by their dynamic nature. It’s easier than ever before to spin up new resources and add new technologies, which leads to an ever-increasing number of people and teams deploying in the ...

SaaS Insecurity: How to Regain Control
Published: 10/20/2021

By Andrew Sweet, AppOmni. Is your SaaS environment running? Then you better go catch it! Or, better yet, secure it. Jokes aside, it’s common knowledge these days that SaaS environments are popular for their agility and scalability, helping businesses streamline operations, improve customer...

Security as Code is the Future to Governing Risk
Published: 10/19/2021

This blog was originally published by Secberus here.Written by Fausto Lendeborg, Secberus. We read McKinsey’s Security as code: The best (and maybe only) path to securing cloud applications and systems in July and have not stopped discussing it. The big idea: “Managing security as code e...

CISO DDoS Handbook - The DDoS Threat to Digital Transformation
Published: 10/18/2021

This blog was originally published by MazeBolt here. Written by Yotam Alon, MazeBolt. As the global economy and its reliance on technology continue to evolve, so do cyberattackers’ strategies and techniques - working on launching debilitating DDoS attacks with the intent to cause downtime a...

Top Network Security Mistakes in AWS, and How to Fix Them
Published: 10/18/2021

This blog was originally published by Valtix here. Written by Jigar Shah, Valtix. A Two-part Blog Series and Cloud Security Alliance Webinar In talking with end-user organizations, we’ve seen and heard lots of misconceptions and mistakes over the years – and even espoused a few ourselves. As H...

CCSK Success Stories: From a Managed Service Engineer
Published: 10/15/2021

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

How to Protect Your Cloud Environment from Supply Chain Attacks
Published: 10/14/2021

This blog was originally published by Wiz here.Written by Josh Dreyfuss, Wiz.Recently, the Wiz research team hosted a webinar titled “How to Protect Your Cloud Environment from Supply Chain Attacks.” In this post, we’ll share a recap of what the team covered.To start with, just a quick look at su...

The 6 Phases of Data Security
Published: 10/14/2021

The primary goal of information security is to protect the fundamental data that powers our systems and applications. As companies transition to cloud computing, the traditional methods of securing data are challenged by cloud-based architectures. You don’t have to lift and shift existing problem...

Lessons from Our Journey to Obtain Our SOC 2 Report and ISO Certifications
Published: 10/13/2021

This blog was originally published by Grammarly here.Written by Andrew Derevyanko, Director of Engineering, GrammarlyIn June 2021, Grammarly achieved a new security and compliance milestone. We received our SOC 2 (Type 2) and SOC 3 reports as well as three certifications from the International Or...

The Benefits of the CFO Obtaining the CCAK
Published: 10/13/2021
Author: Jeffrey Westcott, CPA

What is the CCAK? The Cloud Security Alliance (CSA), in conjunction with ISACA, released the CCAK (Certificate of Cloud Auditing Knowledge) earlier this year. As the CFO of CSA, I previously obtained my CCSK (Certificate of Cloud Security Knowledge), the predecessor to the CCAK, as did the rest...

Why You Should Publish Your Security Posture Publicly
Published: 10/12/2021

Written by Whistic Over the past decade or so, the way InfoSec teams manage data security and privacy standards has changed dramatically. From managing on-premises hardware security access to the online-driven security efforts of a decade ago, things have become more and more flexible. Today, clo...

Why Phishing is a Bigger Threat than Ransomware
Published: 10/08/2021

This blog was originally published by Bitglass here.Written by Jonathan Andresen, Bitglass.While enterprise security teams have had their hands full battling an increasing number of more sophisticated ransomware attacks, phishing attacks are on the rise with the easing of pandemic-related restric...

Four Ways Automation Can Transform Your Third-Party Cyber Risk Management Strategy
Published: 10/07/2021

This blog was originally published by Black Kite here. Supply chains are growing at an annual rate of 11.2% and are forecasted to double in size by 2026. Growing supply chains inherently pose greater supply chain risk and require a scalable approach to vendor risk management. Cyber risk monitorin...

What if On-Prem Cloud Strategy Relied on Policy-as-Code Rather Than Taking Inventory?
Published: 10/06/2021

This blog was originally published by Secberus here.Let's focus on creating cloud security policies that govern hybrid environments.Fausto Lendeborg, CEO of Secberus, and Everett Young, COO, spend a lot of their time talking about the future of cloud governance. And the rest of their time nabling...

Top Vulnerability Assessment and Management Best Practices
Published: 10/05/2021

This blog was originally published by Sysdig here. Written by Víctor Jiménez Cerrada, Sysdig. Vulnerability assessment and vulnerability management practices are critical to minimizing the exposure and attack surface of your whole infrastructure. We’re human, and many things we build aren't pe...

How To Fix Vulnerabilities Regularly And Block DDoS Attacks
Published: 10/04/2021

This blog was originally published by MazeBolt here. In cybersecurity, a vulnerability is a weakness in a computer system or a network, making it susceptible to a cyberattack. Attackers exploit network vulnerabilities when they launch DDoS attacks that cause the target system or service to crash...

How Do You Secure Your Cloud Services?
Published: 10/01/2021

This blog was originally published by Alert Logic here. In a previous post – What are the Most Common Cloud Computing Service Delivery Models? – we broke down the benefits of each: Software as a Service (SaaS)Infrastructure as a Service (IaaS)Platform as a Service (PaaS) Considering...

What The Goonies Teaches Us About Vendor Security
Published: 09/30/2021

Written by Nick Sorensen, CEO of Whistic Why companies and their vendors should take a collaborative approach to cyber threats One of the biggest learnings I took from the recent SolarWinds and Microsoft Exchange hacks is breaches aren’t going away. They’re likely to get bigger as usage of appli...

7 Ways to Harden Your Environment Against Compromise
Published: 09/29/2021

This blog was originally published by Microsoft here. Written by Alan Johnstone, CRSP Senior Consultant and Patrick Strijkers, CRSP Cyber Security Architect, Microsoft. Here at the global Microsoft Compromise Recovery Security Practice (CRSP), we work with customers who have experienced disrupt...

Building A SaaS Security Program: A Quick Start Guide
Published: 09/28/2021

Written by Bryan Solari, AppOmni Every few years a new technology takes hold of businesses worldwide, expanding adoption at a speed that far outpaces our ability to secure it. Inevitably, the security shortfalls of this technology become known, and we build risk mitigation strategies that mel...

Browse by Topic
Write for the CSA blog
Submit your blog proposal