Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
The Anatomy of Wiper Malware, Part 3: Input/Output Controls
Published: 11/09/2022

Originally published by CrowdStrike. Written by Ioan Iacob and Iulian Madalin Ionita, CrowdStrike. In Part 1 of this four-part blog series examining wiper malware, an Endpoint Protection Content Research Team introduced the topic of wipers, reviewed their recent history and presented common adver...

Incident Detection and Response in the Cloud
Published: 11/08/2022

Written by Lior Zatlavi, Senior Cloud Security Architect, Ermetic. Cloud technology is not the future of business. Not anymore; now it’s the present. Businesses born today are often cloud-native, and older businesses are migrating their workloads to the cloud, looking for agility and efficien...

Cloud Data Security Means Shrinking the “Data Attack Surface”
Published: 11/08/2022

Originally published by Sentra. Traditionally, the attack surface was just the sum of the different attack vectors that your IT was exposed to. The idea being as you removed vectors through patching and internal audits. With the adoption of cloud technologies, the way we managed the attack surfac...

ISO 27018 vs. ISO 27701
Published: 11/08/2022

Originally published by Schellman. Written by Danny Manimbo, Schellman. Famed baseball player and possessor of a great name, Yogi Berra, once said, “When you come to a fork in the road, take it.” Granted, he was likely being funny, but he obviously never had to pay for an ISO certification. When ...

What is FedRAMP? Complete Guide to FedRAMP Authorization and Certification
Published: 11/07/2022

Originally published by A-LIGN. Written by Tony Bai, Federal Practice Lead, A-LIGN. With the rise in cybersecurity attacks comes wariness from customers — no one wants to work with an organization that has an increased risk of falling victim to an attack. And when it comes to the Federal governme...

How to Accelerate Government Transformation by Reducing Risk, Complexity, and Cost
Published: 11/07/2022

Originally published by Thales. Written by Marcelo Delima, Senior Manager, Global Solutions Marketing, Thales. The days of dreadful long lines at crowded and inefficient government agencies may be coming to an end. Digitalization of services and adoption of new platforms are reinventing governmen...

Don’t Leave it to Your Apps: Why Security Needs to be a Shared Responsibility
Published: 11/07/2022

Originally published by Lookout. Written by Hank Schless, Senior Manager, Security Solutions, Lookout. Here’s a scenario that was unlikely just two years ago: permanently telecommuting from Honolulu to your financial job on Wall Street. Fast forward to today, the world has accepted that productiv...

Top Threat #7 to Cloud Computing: System Vulnerabilities
Published: 11/06/2022

Written by the CSA Top Threats Working Group. The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of worklo...

IoT Security: Why We Need to Develop Secure IoT Devices
Published: 11/05/2022
Author: Megan Theimer

Internet of Things (IoT) devices represent a wide variety of non-traditional, internet connected devices such as medical devices, cars, drones, simple sensors, and more. These devices often pose a security challenge due to their limited size and the inability to secure them with traditional secur...

SecurityScorecard Partners with Cloud Security Alliance - Why Continuous Cyber Risk Monitoring Across Industries is Crucial
Published: 11/04/2022

Originally published by SecurityScorecard. Effectively evaluating risk goes a long way toward improving an organization’s cybersecurity posture. The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a sec...

2022 Threat Report: Cloud-Native Threats are Increasing and Maturing
Published: 11/04/2022

Originally published by Sysdig. Written by Michael Clark. Sysdig. The first annual cloud-native threat report from Sysdig explores some of the year’s most important security topics in the cloud. As the use of containers and cloud services keeps growing, threat actors are increasingly turning thei...

Definitive Guide to Hybrid Clouds, Chapter 1: Navigating the Hybrid Cloud Journey
Published: 11/04/2022

Originally published by Gigamon. Written by Stephen Goudreault, Gigamon. This post explores Chapter 1 of the Definitive Guide™ to Network Visibility and Analytics in the Hybrid Cloud. Many organizations are deploying assets to the cloud, which is often the start of their cloud migration journey. ...

A Practical Guide to Container Networking
Published: 11/03/2022

Originally published by Tigera. Written by Reza Ramezanpour, Tigera. An important part of any Kubernetes cluster is the underlying containers. Containers are the workloads that your business relies on, what your customers engage with, and what shapes your networking infrastructure. Long story...

SaaS Risk Report Reveals Exposed Cloud Data is a $28M Risk for Typical Company
Published: 11/03/2022

Originally published by Varonis. Written by Rachel Hunt, Varonis. Some people love taking risks — swimming with great white sharks, climbing El Capitan without a rope, camping in grizzly bear territory with an open jar of peanut butter, and scariest of all, assuming your SaaS data is secure a...

How to Combat Insider Threats to Critical Data
Published: 11/03/2022

Originally published by TrueFort. Written by Matt Hathaway, TrueFort. Malicious cyber attackers have had unprecedented success in the past few years, but their attacks often rely on tricking or exploiting people inside an organization. Employees, software developers, partners, and even executives...

OpenSSL Critical Vulnerability - What is Affected?
Published: 11/02/2022

Originally published by Dazz on October 31, 2022. Written by Alon Kollmann, Director of Product Strategy, Dazz. Everything we know about the vulnerability so far and some insights to help you prioritize your remediation efforts‍If you are reading these lines, you are probably already well aware o...

How to Contain Breaches in the Cloud
Published: 11/02/2022

Written by PJ Kirner, CTO and Co-Founder, Illumio. Hyperconnectivity, hybrid work and an increasingly distributed enterprise have all caused the modern attack surface to explode. In the past 2 years alone, 76 percent of organizations have been attacked by ransomware and 66 percent have experien...

What Lawyers Need to Do to Defend Their Clients and Themselves from Cyber Risk
Published: 11/02/2022

Originally published by Ericom. Written by Nick Kael, CTO, Ericom. Absolute trust is the essential basis of the relationship between law firms and their clients. Lawyers steer clients through complex and often sensitive personal and business situations, helping them navigate difficult issues to g...

Supply Chain Attack via a Trojanized Comm100 Chat Installer
Published: 11/02/2022

Originally published by CrowdStrike. Leveraging a combination of advanced machine learning and artificial intelligence, a new supply chain attack was identified during the installation of a chat-based customer engagement platform. The supply chain attack involved a trojanized installer for the Co...

IAM and Security Automation: How Companies Can Stay Safer in the Cloud
Published: 11/01/2022

Originally published by ShardSecure. Written by Anthony Whitehead, Lead Developer, ShardSecure. Automation of security measures is a long-running topic of discussion. But despite the many benefits, including increased productivity, effectiveness, efficiency, and accuracy, many organizations hav...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.