Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Compliance is the Equal and Opposite Force to Digital Transformation…that’s where DevOps comes in

Published: 08/07/2020

By J. Travis Howerton, Co-Founder and CTO, C2 Labs.This blog is shortened version of the original blog published by C2. For the full length post go here. Digital transformation will reshape all businesses, large and small, over the next decade and beyond; driven by the convergence of major techno...

A Better Than Remote Chance – More People Work from Home in Post COVID World

Published: 08/05/2020

By Matt Hines, VP of Marketing at CipherCloud & Neeraj Nayak, Sr. Product Marketing Manager at CipherCloudSummary: New research underlines the fact that more people will likely prefer to work from home, even when the pandemic passes. Security models that better address cloud apps, mobility an...

Upending Old Assumptions in Security

Published: 08/03/2020

By Wendy Nather, Head of Advisory CISOs at DuoEvery time you think you’ve figured out this risk management thing, something else happens to torpedo your hidden assumptions. Remember when we assumed that an IP address was a pretty good indicator of someone’s physical location and origin, so a netw...

Strong MFA: The First Stop on the Path to Passwordless

Published: 07/31/2020

By Andrew Hickey, Director of Content at DuoStrong MFA: The First Stop on the Path to PasswordlessPasswords, the antiquated security mechanism in place since the 1960’s, have since their inception caused user and administrative frustration due to their complexity and frequent resets. As technolog...

Implementing a Vendor Assessment Platform? Tips for Long-Term Success

Published: 07/27/2020

By the Whistic TeamProactive vendor security is no longer just a buzzword tossed about in InfoSec conversations—it’s a must-have for cloud-based organizations to differentiate themselves from peers and vendors in a competitive landscape. As data security is working its way up the list of corporat...

​Schrems 2 – 12 FAQs Published by the EDPB but Little Practical Guidance

Published: 07/24/2020

By Francoise Gilbert, CEO, DataMinding, Inc.Since the publication of the European Court of Justice (EUCJ) decision in the Schrems 2 case, businesses located on both sides of the Atlantic, and around the world, have been attempting to determine how they should interpret and act upon the decision. ...

Healthcare Big Data in the Cloud Summary

Published: 07/23/2020

By Dr. Jim Angle, Trinity Health, and Alex Kaluza, Cloud Security AllianceIn the modern age of technology and all the ways that it impacts our lives, healthcare is no exception. The use of cloud computing, big data analytics, and the move to consumer-focused health care is changing the way health...

How Hackers Changed Strategy with Cloud

Published: 07/21/2020

By Drew Wright, Co-Founder of FugueOriginally published June 30, 2020 on https://www.fugue.co/blogIf you’re running a workload in the cloud, take a moment to look at the activity logs for your public-facing resources. There’s bad guys there, and they’re probing your cloud infrastructure looking f...

​The Mobile App Testing Landscape

Published: 07/20/2020

Written by: Henry Hu, Co-Chair, MAST Working Group & CTO, Auriga Security, Inc. and Michael Roza, Member, MAST Working GroupCloud computing accelerates the development and real-time use of applications, which drives personal productivity and business agility. However, with the proliferation o...

EU Court of Justice Decision - Privacy Shield Invalidated; Standard Clauses Challenged​​

Published: 07/16/2020

European Court of Justice Schrems 2 Decision Creates Havoc in Global Digital Exchanges: Significant Challenges to Privacy Shield and Standard Contractual Clauses UsersBy Francoise Gilbert, CEO, DataMinding, Inc.For months, the global digital trade community has been awaiting the decision of the E...

Abusing Privilege Escalation in Salesforce Using APEX

Published: 07/16/2020

By Nitay Bachrach, Senior Security Researcher, PolyrizeThis article describes in detail a Salesforce privilege escalation scenario whereby a malicious insider exploits Author Apex permission to take over an organization’s Salesforce account and all data within it. The user abuses the fact that so...

​Understanding Common Risks in Hybrid Clouds

Published: 07/14/2020

Written by:ZOU Feng, Co-Chair, Hybrid Cloud Security WG & Director of Cloud Security Planning and Compliance, HuaweiNarudom ROONGSIRIWONG, Co-Chair, Hybrid Cloud Security WG & SVP and Head of IT Security, Kiatnakin BankGENG Tao, Senior Engineer of Cloud Security Planning and Compliance, H...

Creating an Integrated Security System with the CSA STAR Program

Published: 07/13/2020

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceThe more complex systems become, the less secure they are, even though security technologies improve. There are many reasons for this, but it can all be traced back to the problem of complexity. Why? Because we give a lot of ...

​Securing the multi-cloud environment through CSPM and SSPM

Published: 07/13/2020

By the CipherCloud TeamMisconfigurations are the biggest cause of data breaches in the cloud, exposing more than 33 billion records and costing companies close to $5 trillion in 2018 and 2019. - DivvyCloudIt took decades to convince IT leaders to move to the cloud. In the initial years, cloud ado...

Cryptocurrencies, Digital assets, Tokens and Blockchain maturity is coming soon

Published: 07/10/2020

By Kurt Seifried, Chief Blockchain Officer, CSTautology - a statement that is true by necessity or by virtue of its logical form.Blockchains are going to rapidly gain maturity because people are using blockchains, because they are rapidly gaining maturity. Essentially we’re at the inflection poin...

What Does Proactive Vendor Security Mean?

Published: 07/10/2020

By the Whistic TeamAs an InfoSec professional, you have probably heard the term “proactive vendor security” tossed around. But what exactly does proactive vendor security mean?Looking for a deeper meaningOn the surface, proactive is the opposite of reactive. Instead of waiting around for issues, ...

Night of the Living Cloud (aka CSA Federal Summit) Part 1 of 2

Published: 07/09/2020

By Jim Reavis, Co-founder and Chief Executive Officer, CSAIf you want to get a feel for what the zombie apocalypse might be like, I highly recommend taking a business trip right now. It provides a surreal experience without the hassle of someone trying to eat your brains. It was thus for me as I ...

New Paper Offers Practical Guidance on Automating Security in DevSecOps

Published: 07/07/2020

By Souheil Moghnie, NortonLifeLock Today, SAFECode is excited to join the Cloud Security Alliance in sharing a new report offering practical guidance on integrating security automation into the software development lifecycle. The paper, The Six Pillars of DevSecOps: Automation, was developed in c...

FTC Guidance - Six Steps Toward More Secure Cloud Computing

Published: 07/06/2020

By Francoise Gilbert – DataMinding, Inc.The June 15, 2020 FTC Blogpost, titled Six Steps Towards More Secure Cloud Computing provides a concise, valuable checklist for businesses that use or intend to use cloud services, so that they make their use of cloud services safer. The document is a remin...

Cloud Risk Management

Published: 07/02/2020

By Ashwin Chaudhary with AccedereCloud Risk Management is an important aspect in today’s world where majority of the organizations have adopted the cloud in some form or the other. Cloud risks continue to remain high for a CISO or a CIO and is gaining more importance in today’s world where more o...

Browse by Topic