Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
The Four Pillars of CASB: Data Protection

Published: 09/16/2019

By Will Houcheime, Product Marketing Manager, BitglassIn this blog series, we discuss the key capabilities of cloud access security brokers (CASBs), and why organizations are turning to them as they migrate to the cloud. One of the four pillars of CASBs is data protection, which focuses on securi...

Egregious 11 Meta-Analysis Part 3: Weak Control Plane and DoS

Published: 09/12/2019

By Victor Chin, Research Analyst, CSAThis is the third blog post in the series where we analyze the security issues in the new iteration of the Top Threats to Cloud Computing report. Each blog post features a security issue that is being perceived as less relevant and one that is being perceived ...

Open API Survey Report

Published: 09/11/2019

By the Open API CSA Working GroupCloud Security Alliance completed its first-ever Open API Survey Report, in an effort to see exactly where the industry stood on the knowledge surrounding Open APIs as well as how business professionals and consumers were utilizing them day to day. The key traits ...

Cloud Security Roadmap for 2019 & Beyond

Published: 09/10/2019

By Amélie Darchicourt, Product Marketing Manager, ExtraHopHow to succeed under the shared responsibility modelCloud security is an evolving space where consumers and vendors must innovate quickly, not only to outpace attackers, but also to support rapid development while minimizing the risks pre...

What Executives Should Know About the Capital One Breach

Published: 09/09/2019

This article was originally published on Fugue's blog here. By Phillip Merrick, CEO of Fugue Most enterprises are already using public cloud computing services at scale or are planning to adopt the cloud soon. As an executive, chances are you’re paying attention to the Capital One data bre...

How to Share the Security Responsibility Between the CSP and Customer

Published: 09/05/2019

By Dr. Kai Chen, Chief Security Technology Officer, Consumer BG, Huawei Technologies Co. Ltd. The behemoths of cloud service providers (CSPs) have released shared security responsibility related papers and articles, explaining their roles and responsibilities in cloud provisioning. Althou...

Security Spotlight: iPhones Susceptible to a Hack via Text

Published: 09/04/2019

By Juan Lugo, Product Marketing Manager at Bitglass Here are the top stories of recent weeks:   iPhones Susceptible to a Hack via TextDemocratic Senate campaign group exposed emails of 6.2 million AmericansState Farm says Hackers Successfully Conducted a Credentials Stuffing Attack96 Mill...

Egregious 11 Meta-Analysis Part 2: Virtualizing Visibility

Published: 08/28/2019

By Victor Chin, Research Analyst, CSA This is the second blog post in the series where we analyze the security issues in the new iteration of the Top Threats to Cloud Computing report. Each blog post features a security issue that is being perceived as less relevant and one that is being ...

On-Chain vs Off-Chain governance. What are the rules to Calvinball?

Published: 08/26/2019

By Kurt Seifried, Chief Blockchain Officer, CSA If you don’t know what Calvin and Hobbes is you can skip the next bit, but it is amusing.  Calvinball is a game invented by Calvin and Hobbes. Calvinball has no rules; the players make up their own rules as they go along, making it so tha...

Egregious 11 Meta-Analysis Part 1: (In)sufficient Due Diligence and Cloud Security Architecture and Strategy

Published: 08/13/2019

By Victor Chin, Research Analyst, CSA On August 6th, 2019, the CSA Top Threats working group released the third iteration of the Top Threats to Cloud Computing report. This is the first blog post in the series where we analyze the security issues in the new iteration of the Top Threats to...

Cloud Security Alliance's D.C. Metro Area Chapter announces the event of the year: the Cybersecurity Cruise!

Published: 08/12/2019

By: Anil Karmel, President, CSA-DC Chapter & Co-Founder and CEO of C2 Labs, Inc. About a year ago, CSA recognized the need to establish a local chapter serving the unique needs of the Washington D.C. Metro Area. It's been my honor and privilege to serve as the President of this new ...

A Technical Analysis of the Capital One Cloud Misconfiguration Breach

Published: 08/09/2019

This article was originally published on Fugue's blog here. By Josh Stella, Co-founder & Chief Technology Officer, Fugue This is a technical exploration of how the Capital One breach might have occurred, based on the evidence we have from the criminal complaint. I want to start by say...

Uncovering the CSA Top Threats to Cloud Computing with Jim Reavis

Published: 08/08/2019

By Greg Jensen, Sr. Principal Director - Security Cloud Business Group, Oracle For the few that attend this year’s BlackHat conference kicking off this week in Las Vegas, many will walk away with an in depth understanding and knowledge on risk as well as actionable understandings on h...

Challenges & Best Practices in Securing Application Containers and Microservices

Published: 08/08/2019

By Anil Karmel, Co-Chair, CSA Application Containers and Microservices (ACM) Working Group Application Containers have a long and storied history, dating back to the early 1960s with virtualization on mainframes up to the 2000s with the release of Solaris and Linux Containers (LXC). The rise ...

The Cloud in the Fight Against Cyber-Bullying

Published: 08/07/2019

By the Cybersecurity International Institute (CSI) Learn about the upcoming innovative social project on Cyber-bullying using a cloud platform. The CSI Institute (Cybersecurity International Institute) is a non-governmental and not-for-profit organization. Our goal is to contribute to ...

Facebook Project Libra - the good, the bad, the ugly and why you should care

Published: 08/05/2019

By Kurt Seifried, Chief Blockchain Officer, CSA So you’ve probably heard by now that Facebook will be creating a crypto-currency called “Project Libra” and if you haven’t well, now you know. So first let’s cover what is good about this. Facebook has announced Project Libra as a Stablec...

CCM v3.0.1. Update for AICPA, NIST and FedRAMP Mappings

Published: 08/02/2019

Victor Chin and Lefteris Skoutaris, Research Analysts, CSA The CSA Cloud Controls Matrix (CCM) Working Group is glad to announce the new update to the CCM v3.0.1. This minor update will incorporate the following mappings: Association of International Certified Professional Accountants (AI...

Quantum Technology Captures Headlines in the Wall Street Journal

Published: 08/01/2019

By the Quantum-Safe Security Working Group Last month, we celebrated the 50th anniversary of the Apollo 11 moon landing. Apollo, which captured the imagination of the whole world, epitomizes the necessity for government involvement in long term, big science projects. What started as a fierce ...

Use Cases for Blockchain Beyond Cryptocurrency

Published: 07/31/2019

CSA’s newest white paper, Documentation of Relevant Distributed Ledger Technology and Blockchain Use Cases v2 is a continuation of the efforts made in v1. The purpose of this publication is to describe relevant use cases beyond cryptocurrency for the application of these technologies. In ...

Organizations Must Realign to Face New Cloud Realities

Published: 07/30/2019

Jim Reavis, Co-founder and Chief Executive Officer, CSA While cloud adoption is moving fast, many enterprises still underestimate the scale and complexity of cloud threats Technology advancements often present benefits to humanity while simultaneously opening up new fronts in the on-going ...

Browse by Topic