Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
President Biden’s Cybersecurity Executive Order: What will it mean for you?
Published: 06/01/2021

This blog was originally published by OneTrust here.On May 12, US President Joe Biden issued an executive order on cybersecurity seeking to improve the state of national cybersecurity in the US and to increase protection of government networks following incidents involving SolarWinds and more rec...

CCAK Testimonials: From a Cybersecurity Principal
Published: 05/28/2021

The Certificate of Cloud Auditing Knowledge (CCAK) is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program fills the gap in the market for technical educat...

Introducing the COVID-19 Data Science Dashboard Case Study
Published: 05/27/2021

Written by Samir Souidi, Cloud Security Alliance - New Jersey ChapterSince the beginning of the COVID-19 outbreak, cloud-enabled and open-access health data resources have been created and provided by federal agencies and public and private entities. These initiatives have accelerated the adapta...

With Great Power Comes Great Responsibility: The Challenge of Managing Healthcare Data in the Cloud
Published: 05/26/2021

By Jon Moore, MS, JD, HCISSP, Chief Risk Officer and Head of Consulting Services, Clearwater Seeking flexibility, scalability, and cost savings, an increasing number of healthcare organizations are moving systems and data to the Cloud. This trend is accelerating, fueled by increased adoption of ...

Cloud lateral movement: Breaking in through a vulnerable container
Published: 05/25/2021

This blog was originally published by Sysdig hereWritten By Stefano Chierici, SysdigLateral movement is a growing concern with cloud security. That is, once a piece of your cloud infrastructure is compromised, how far can an attacker reach?What often happens in famous attacks to Cloud environment...

Five Approaches for Securing Identity in Cloud Infrastructure
Published: 05/20/2021

Written by Shai MoragAs clouds have drifted into the mainstream of business, it has become clear that they offer numerous advantages. They streamline processes, cut costs and create new ways to work. In some cases, the benefits are transformative. However, there’s a dark side to the public cloud,...

Application Security is Getting Worse, not Better
Published: 05/19/2021

This blog was originally published by CyberCrypt here.There’s an app for everything, and hackers and thieves are taking advantage. What are enterprises doing about it? Not enough.Web and mobile application use has exploded in recent years as businesses have digitized and moved more of their opera...

The Challenges Managing Multi-Cloud Environments
Published: 05/18/2021

This blog was originally published by OpsCompass hereWritten by John Grange, OpsCompassWith multi-cloud deployments becoming the norm, ensuring the security of workloads deployed across different cloud platforms is a major focus point for many organizations. Yet even though security controls migh...

Unified threat detection for AWS cloud and containers
Published: 05/17/2021

This blog was originally published by Sysdig here.Written by Vicente Herrera García, SysdigImplementing effective threat detection for AWS requires visibility into all of your cloud services and containers. An application is composed of a number of elements: hosts, virtual machines, containers, c...

The Shift to Eight-Digit BINs
Published: 05/14/2021

This blog was originally published by TokenEx hereWritten by Branden Morrow, TokenExThere is a lot of information going around about an eight-digit BIN mandate, and we wanted to give some clarity on what a BIN is, why it is important, how it relates to PCI DSS compliance, why a shift to an eight-...

CCAK Testimonials: From an Audit and Compliance Expert
Published: 05/13/2021
Author: Michael Roza

The Certificate of Cloud Auditing Knowledge (CCAK) is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program fills the gap in the market for technical educat...

How to Ensure Data Protection in Multi-Cloud
Published: 05/12/2021

This blog was originally published by CyberCrypt here.Multi-cloud setups pose a handful of challenges: data ownership, control and responsibility are shared among different CSPs and different regions, leaving open the door to misconfigurations and increasing the attack surface available to malici...

Understanding the OWASP API Security Top 10
Published: 05/11/2021

By Sekhar Chintaginjala (This blog originally appeared on CloudVector) As organizations embrace digital transformation initiatives, they are increasingly consuming and exposing APIs that increase their risk surface. The OWASP API Security Top 10 focuses on the strategies and solutions to un...

Security Spotlight: US Government Agencies Take Action Against Exchange Vulnerabilities and Social Media Giants Leak Data
Published: 05/10/2021

This article was originally published by Bitglass hereWritten by Jeff Birnbaum, BitglassHere are the top security stories from recent weeks. FBI Removes Web Shells from Compromised Exchange Servers Without Notifying OwnersCISA Requires Federal Agencies to Patch Exchange Servers for Vulnerabilitie...

CCAK Testimonials: From a Cloud Security Expert
Published: 05/06/2021
Author: Moshe Ferber

The Certificate of Cloud Auditing Knowledge (CCAK) is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program fills the gap in the market for technical educat...

Application Container Security: Risks and Countermeasures
Published: 05/05/2021

Written by Suria VenkataramanVirtualizations enable isolated, virtualized views of the operating systems (OS) to each application. Today’s OS virtualization technologies are primarily focused on providing a portable, reusable, and automatable way to package and run applications as containers-base...

And Again About 5G Network Security
Published: 05/04/2021

Written by David Balaban5G network capabilities go beyond the highest ever speed of mobile internet connection. The new mobile communication standard can become a universal infrastructure for interaction between people, smart devices, organizations, and even the economy's sectors.Such total conne...

Cloud Security for SaaS Startups Part 2: Application & Platform Security
Published: 05/03/2021

Based on the Cloud Security for Startups guidelines written by the CSA Israel ChapterAs a SaaS startup, how can your organization ensure you implement proper security for your applications and platforms? In this blog we provide a preview of the information and guidelines available in the Cloud Se...

A New Resource for API Security Best Practices
Published: 04/30/2021

The applicative infrastructure is becoming more and more complex due to different requirements, design patterns, and technologies. In many of these cases, one of those requirements is to connect other parties to systems, and in other cases, to connect systems to other parties. Nowadays, the most ...

Six Key Characteristics of a Modern Secure Web Gateway
Published: 04/29/2021

This blog was originally published by Bitglass here.As we head into the second quarter of 2021 and mark a full year of remote work for many organizations, it is clear that the COVID-19 pandemic has accelerated digital transformation globally and changed the future of work — likely permanently. A ...

Browse by Topic
Write for the CSA blog
Submit your blog proposal