Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Planning for Attacks: How to Hunt for Threats in BigQuery
Published: 11/01/2022

Originally published by Mitiga. Written by Lionel Saposnik and Dan Abramov, Mitiga. BigQuery (also referred as BQ) is a managed service of Google Cloud Platform (GCP), which provides data warehouse capabilities, such as storing large amounts of logs, machine learning (ML), analytics, and other ty...

Information Security Management and the Connectivity Gap: Solving for the Missing Links in Enterprise Information Security
Published: 11/01/2022

Originally published by Tentacle. Written by Danielle Morgan, Tentacle. Let’s start with the basics: a foundational definition of Information Security management is the process of developing, maintaining, and continuously improving processes aligned with the main goal of ensuring sensitive data i...

How John Kindervag’s Zero-Trust Model Applies to Cloud Security
Published: 10/31/2022

Originally published by Britive.At its core, the Zero-Trust Model is wonderfully simple: when you remove trust, you reduce security risk. The concept was developed by John Kindervag, who now serves as a Senior Vice President for ON2IT Cybersecurity. Kindervag realized enterprises could gain bette...

Seamlessly Secure Your Cloud Workloads
Published: 10/31/2022

Originally published by The New Stack. Also published by Torq.You’ve secured your cloud identities. You’ve hardened your cloud security posture. You’ve configured strong cloud access controls. But there’s still one more thing you need in order to secure your cloud environment: a cloud workload pr...

Prioritizing and Handling Security Issues as Part of Your Continuous Management Plan
Published: 10/31/2022

Originally published by BARR Advisory.Prioritizing and handling security issues are part of a continuous management plan within your organization’s security program. Like a yearly doctor’s exam or routine oil change for your car, continuous management is preventive care for your information syste...

Top Threat #6 to Cloud Computing: Unsecure Third-Party Resources
Published: 10/30/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...

All Eyes on Cloud | Why the Cloud Surface Attracts Attacks
Published: 10/28/2022

Originally published by SentinelOne here. Cloud environments have seen a meteoric rise in the past decade. What began as means of data storage has now become a full-scale computing platform, enabling a global shift in how businesses share, store, optimize, and manage information. However, threat ...

FedRAMP vs. ISO 27001
Published: 10/28/2022

Originally published by Schellman here. Ever seen those jugglers that manage to balance multiple spinning plates at the same time? As impressive as it is, you figure you’d be happy to spin just the one plate successfully. For cloud service providers (CSPs), you have lots of different proverbial...

Cloud IAM Done Right: How LPA Helps Significantly Reduce Cloud Risk
Published: 10/28/2022

Originally published by Rapid7 here. Written by Sanjeev Williams, Senior Director, Cloud Security Products, Rapid7.Today almost all cloud users, roles, and identities are overly permissive. This leads to repeated headlines and forensic reports of attackers leveraging weak identity postures to gai...

What is SOC 2? Complete Guide to SOC 2 Reports and Compliance
Published: 10/27/2022

Originally published by A-LIGN here. Written by Stephanie Oyler, Vice President of Attestation Services, A-LIGN. In today’s security landscape, it’s crucial you assure your customer and partners that you are protecting their valuable data. SOC compliance is the most popular form of a cybersecurit...

The Need for SAP Security in the Utilities Sector
Published: 10/27/2022

Originally published by Onapsis here. It’s no secret cyberattacks have become more advanced over the last few years. Industries that are critical to everyday life have seen, firsthand, the debilitating impact cyberattacks can have. Critical infrastructure, such as the informational technology (IT...

3 Reasons to Add Cloud Data Security to 2023 Cybersecurity Budgets
Published: 10/27/2022

Originally published by Laminar here. Written by Andy Smith, Laminar. Why Cloud Data Is So ImportantCloud data is growing at an exponential rate, and attackers have taken notice. Data breaches in 2021 increased by 68% over the year prior. As cloud data continues to grow, so too will the risk of a...

A SECtember Refrain: CxOs Need Help Educating Their Boards
Published: 10/26/2022
Author: Illena Armstrong

The concerns and challenges discussed during this September’s SECtember Conference and adjoining CxO Trust Summit ran the gamut. However, one refrain focused on chief information security officers’ need for more help and guidance on messaging cybersecurity problems, required security controls, an...

SaaS Security Use Case Series: Device-to-SaaS User Risk
Published: 10/26/2022

Originally published by Adaptive Shield here. Written by Eliana Vuijsje, Marketing Director, Adaptive Shield. Typically, when threat actors look to infiltrate an organization’s SaaS apps, they look to SaaS app misconfigurations as a means for entry. However, employees now use their personal devic...

Data Security Posture Management vs Cloud Security Posture Management
Published: 10/26/2022

Originally published by Sentra here. It was only a few years ago that we thought ‘Cloud Security Posture Management’ was going to bring the ultimate level of security to the cloud. But we’re already discovering that while CSPM is doing a good job of finding infrastructure vulnerabilities, data ...

3 Frictionless Strategies to Boost Your GCP IAM
Published: 10/26/2022

Originally published by Britive here. Written by Sage Avarda, Britive. Building on Google Cloud Platform (GCP) allows DevOps teams to collaborate and create with little restriction, which results in quick turnaround time and an overall increase in market velocity. GCP provides a decent identity a...

How Cybersecurity Insurance Can Work To Help An Organization
Published: 10/25/2022

Originally published by Thales here. Written by Anthony Dagostino, CEO and Co-Founder, Converge. For many years, organizations had limited options for addressing data protection risks. A company could never eliminate risk, but they could try to reduce or mitigate it. In the last 20+ years, cybers...

What is a Cryptogram on a Credit Card?
Published: 10/25/2022

Originally published by TokenEx here. Written by Anni Burchfiel, TokenEx. Quick Hits: EMV chip cards use cryptograms to secure cardholder data every time a transaction is made.Cryptograms validate transactions by verifying the identity of both the card and the approval from the issuer.Cryptograms...

Cybersecurity Awareness Month Doesn’t Have to Be Scary
Published: 10/24/2022

Originally published by Blue Lava here. Written by Veronica Wolf, Director of Product & Content Marketing, Blue Lava. In the spirit of Cybersecurity Awareness Month, we thought we would de-mystify a few of the tall tales and horrors surrounding cybersecurity. We’ve also gathered up a few resource...

The Quiet Victories and False Promises of Machine Learning in Security
Published: 10/24/2022

Originally published by Dark Reading and Sysdig. Written by Anna Belak, Sysdig. Contrary to what you might have read on the Internet, machine learning (ML) is not magic pixie dust. It’s a broad collection of statistical techniques that allows us to train a computer to estimate an answer to a ques...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.