Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Better Together: CMDB + CSPM = Cloud Native Cyber Asset Management
Published: 11/24/2021

This blog was originally published by JupiterOne here. Written by Tyler Shields, JupiterOne. There is a lot of confusion out there when it comes to cloud native IT and cloud security tools. Things have gotten rather complicated over the last few years as we migrate our security and technology sta...

The Fourth Dimension of Security Risk Management
Published: 11/24/2021

This blog was originally published by Orca Security here. Written by Andy Ellis, Advisory CISO for Orca Security. When security professionals talk about risk, especially with business executives, we often use metaphors rooted in the physical world. We might talk about coverage, and compare it to ...

Security Spotlight: Large Data Leaks, New COVID-19 Scams, and Fast Ransomware Attacks
Published: 11/23/2021

This blog was originally published on October 12, 2021 by Bitglass. Written by Jeff Birnbaum, Bitglass. Here are the top security stories from recent weeks: Twitch Leak Exposes Personal DataCox Media Group Confirms Ransomware AttackXgroup Attackers Offer to Hack EU Hospitals in COVID-19 Vaccine S...

Identity-First Security is the New Perimeter
Published: 11/23/2021

This blog was originally published by Authomize here. Written by Gabriel Avner, Authomize. In May, the Biden Administration issued a new Executive Order calling to modernize the nation’s defenses against the steady escalation of cyber attacks that have hit the United States over the past year. In...

Modernizing Security Operations with XDR
Published: 11/22/2021

This blog was originally published by Cisco here. Written by Aaron Sherrill, Senior Research Analyst at 451 Research. Set the Stage: A World Without XDRSecurity operations teams at most organizations are overwhelmed by the sheer number of security products they’re required to manage.Over the cour...

Defining an Effective Multi-Cloud Strategy: Identifying Vulnerabilities Before They Wreak Havoc
Published: 11/22/2021

This blog was originally published by Alert Logic here. It’s not news that organizations are facing a growing number and frequency of cyber threats, nor that new, sophisticated attacks are evading traditional security tools. But the growing threat that companies face is the complexity of the...

DevSecOps and Misconfigurations: Key Facts to Know
Published: 11/21/2021
Author: Hillary Baron

Secure DevOps, DevSecOps, and “shifting left” have become increasingly popular terms in cybersecurity. With the rapid increase both in volume and speed to delivery of applications, attacks on applications have also increased in both volume and complexity. Combine this with the shortage of cyberse...

STAR Testimonial: Implementation and Beyond
Published: 11/20/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores...

Building a Security Training Testbed for Azure
Published: 11/19/2021

This blog was originally published by Adobe here. Written by Akriti Srivastava, Security Analyst, Adobe OpSec Team. With any cloud platform, a lack of understanding of required security controls and unintentional misconfigurations can bring additional risk to the DevSecOps process. A test envi...

Achieving Zero Trust Remote Access with Privileged Access Management
Published: 11/19/2021

Written by Matt Miller, BeyondTrust. The radical shift to embrace largescale remote work—and even a work-from-anywhere mindset, the accelerated pace of digital transformation, the proliferation of ransomware, and massive breaches (i.e. SolarWinds Orion, Colonial Pipeline, etc.) together have kick...

A Practical Guide to the Different Compliance Kubernetes Security Frameworks and How They Fit Together
Published: 11/18/2021

This blog was originally published by ARMO here. Written by Jonathan Kaftzan, ARMO. TL;DR - Comparing popular Kubernetes security and compliance frameworks, how they differ, when to use, common goals, and suggested toolsThe challenge of administering security and maintaining compliance in a Kuber...

Why Cloud-Ready, Centralized AppSec Must Underpin State Government Cloud Adoption
Published: 11/17/2021

This blog was originally published by Checkmarx here. Written by Rebecca Spiegel, Checkmarx. State and local governments are accelerating their use of the cloud as they focus on delivering more digital services with fewer resources and continue responding to pandemic pressures. In a recent Fe...

Data Security and Privacy-related ISO/IEC Certifications
Published: 11/17/2021

Written by Ashwin Chaudhary, CEO of Accedere. In this blog, we will focus on Data Security and Privacy-related ISO/IEC Certifications. With the cybercrime market targeting 10.5 Trillion USD and increasing data security breaches, the need for third-party vendor certifications is also increasin...

Multi-Cloud Security: What You Need to Know
Published: 11/16/2021

This blog was originally published by Vulcan Cyber here. Written by Orani Amroussi, Vulcan Cyber. The multi-cloud approach is becoming increasingly popular among companies looking to take advantage of its agility, innovation, potential cost savings, and the flexibility to choose the best of what ...

Two Truths and a Lie About Cloud Security
Published: 11/15/2021

This blog was originally published by JupiterOne here. Written by Ashleigh Lee, JupiterOne. Cloud technology saved many businesses from catastrophe during this past year, but it’s also introduced additional challenges to security, compliance, and governance practices. The pandemic, with the s...

3 Tenets For High-Performance Cloud Operations
Published: 11/15/2021

This blog was originally published by Booz Allen here. Written by Osama Malik, Booz Allen Hamilton. Unlock enterprise resilience, scale, and flexibilityThese days, with technology progressing at a rapid, continuous, unrelenting clip, cloud capabilities offer federal agencies a way to achieve and ...

CCSK Success Stories: From a Manager of Cloud Infrastructure
Published: 11/14/2021

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

What is the Difference Between Software Defined Perimeter and Zero Trust?
Published: 11/13/2021

Written by the CSA SDP and Zero Trust Working Group Summary: After reading this blog you’ll understand what Zero Trust is, the problems it helps solve, and the basics around what implementing Zero Trust looks like using SDP. What is Zero Trust? “Zero Trust” changes how network access works; as th...

How the Incident Response Lifecycle Changes for Cloud
Published: 11/13/2021

Incident Response (IR) is a critical facet of any information security system. Most organizations have some sort of IR plan to govern how they will investigate an attack, but as the cloud presents distinct differences in both access to forensic data and governance, organizations must consider how...

Einstein’s Wormhole: Capturing Outlook & Google Calendars via Salesforce Guest User Bug
Published: 11/12/2021

This blog was originally published by Varonis here. Written by Nitay Bachrach, Varonis. If your organization uses Salesforce Communities and Einstein Activity Capture, you might have unknowingly exposed your administrator’s Outlook or Google calendar events to the internet due to a bug called Ein...

Browse by Topic
Write for the CSA blog
Submit your blog proposal