Circle
Events
Blog

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Defending Your Enterprise Against a Sea of Increasingly Stringent Data Privacy Laws
Published: 08/25/2022

Originally published by Thales here.Written by Krishna Ksheerabdhi, VP, Product Marketing, Thales.While international privacy regulations are front and center in much of the press I’d like to turn your attention to a developing patchwork of US Federal and State privacy regulations in this post.Th...

Defending Against Email Attacks Means Optimizing Your Team (Not Just Your Tech)
Published: 08/25/2022

Originally published by CXO REvolutionaries here. Written by Heng Mok, CISO APJ, Zscaler. Social Engineering is Still Very Much in Style Among Attackers Though cybersecurity is a swiftly evolving field, one principle remains constant: it’s often easier to fool people than to circumvent security t...

Trends in Cybersecurity Breaches
Published: 08/25/2022

The complete blog was originally posted by Alert Logic on July 7, 2022. Written by Antonio Sanchez. You may be used to hearing that cyberattacks are becoming more widespread and destructive every year. Recent world events are underscoring the point. COVID-19 left a lasting mark on our working l...

Rise of Cloud Computing Adoption and Cybercrimes
Published: 08/24/2022

Originally published by HCL Technologies here.Written by Sam Thommandru, VP, Global Alliances and Product Management, Cybersecurity & GRC Services, HCL Technologies. The COVID-19 pandemic has caused a major disruption in the business leaders’ perspectives of their company’s’ requirements. A surve...

Securing Australia's Critical Infrastructure
Published: 08/24/2022

Originally published by Onapsis here. For more than a decade, cyberattacks on critical infrastructure have been growing as core systems, like power generation and distribution, have become more complex and reliant on networks of connected devices. In fact, over the past 18 months, we’ve seen a ra...

Improve Visibility in Cyberattacks with Cybersecurity Asset Management
Published: 08/24/2022

Originally published by Axonius here. Written by Kathleen Ohlson, Axonius. Google issued three emergency security updates, in as many weeks, to all of its 3.2 billion users of its Chrome browser. One was for a high-severity zero-day vulnerability that attackers exploited. Okta’s platform experien...

Cloud Security is Broken but it Doesn’t Have to Be
Published: 08/23/2022

Originally published by Dazz here. Written by Tomer Schwartz, Co-founder & CTO, Dazz. Continuous Delivery is Here to StayDevelopment is in the cloud in a big way. Modern engineering teams have built continuous integration pipelines, pulling together code repositories, continuous integration platf...

Analyzing the Travis CI Attack and Exposure of Developer Secrets
Published: 08/23/2022

Originally published by Open Raven here. Written by Michael Ness, Security Researcher, Open Raven. IntroductionThe Continuous Integration (CI) platform Travis CI was recently victim of a research based attack, where researchers from Aqua security were able to obtain approximately 73,000 sensitive...

Comments on the Extensible Visibility Reference Framework (eVRF) Program Guidebook
Published: 08/23/2022

Originally published by Gigamon here. Written by Orlie Yaniv and Ian Farquhar, Gigamon. Editor’s note: Gigamon is very happy to see the CISA’s recent work on formalizing and structuring what visibility means and assessing its efficacy. As Zero Trust accelerates, visibility becomes a key focu...

Writing Good Legislation is Hard
Published: 08/22/2022
Author: Kurt Seifried

It’s hard to write good legislation. Recently H.R.7900 - National Defense Authorization Act for Fiscal Year 2023 came out. It includes the following text:At first glance, the intent seems reasonable. Vendors need to include an SBOM for their software and services, and any known vulnerabilities (a...

The State of Cloud Data Security
Published: 08/22/2022
Author: Megan Theimer

We know that the cloud is ever growing in popularity, with new organizations undergoing their digital transformations each day. However, when it comes to security, particularly the security of our most sensitive data, are organizations keeping up with the pace of cloud adoption?To answer this que...

Tales from the Dark Web: How Tracking eCrime’s Underground Economy Improves Defenses
Published: 08/22/2022

Originally published by CrowdStrike here. Written by Bart Lenaerts-Bergmans, CrowdStrike. Ransomware is not new; adversarial groups have relied on compromises for many years. However, over the past 2-3 years, their strategy has started to shift toward a more community based business model enabled...

Top Threat #3 to Cloud Computing: Misconfiguration and Inadequate Change Control
Published: 08/22/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...

Using AI/ML to Create Better Security Detections
Published: 08/19/2022

Originally published by LogicHub here. Written by Anthony Morris, Solution Architect, LogicHub. The blue-team challenge Ask any person who has interacted with a security operations center (SOC) and they will tell you that noisy detections (false positives) are one of the biggest challenges. There...

The CISOs Report: A Spotlight on Today’s Cybersecurity Challenges
Published: 08/19/2022

Originally published by CXO REvolutionaries here. Written by Sean Cordero, CISO - Americas, Zscaler. New attacks and attack classes demand new solutions and strategies The swift evolution of IT infrastructures has made cybersecurity more challenging than ever for CISOs. They face a broader range ...

Zero Trust for Cloud-Native Workloads: Mitigating Future Log4j Incidents
Published: 08/19/2022

Originally published by Tigera here. Written by Giri Radhakrishnan, Tigera. In my previous blog post, I introduced the brief history of zero trust, the core pillars of a zero-trust model, and how to build a zero-trust model for cloud-native workloads. In this blog post, you will learn how to miti...

An Introduction to CSA STAR and ISO 27001
Published: 08/18/2022

Originally published by Schellman here. Written by Ryan Mackie, Schellman. When making decisions about the kind of compliance your organization needs, the process can be akin to creating an ice cream sundae (albeit, less fun). No doubt your customers and prospects want to see comprehensive a...

Cyber Resilience – Lessons From Ukraine
Published: 08/18/2022

Originally published by KPMG here. Written by David Ferbrache, Leadership, Global Head of Cyber Futures, KPMG in the UK. Alongside the tragic war in Ukraine, cyber-attacks have played their part, too. This complex and increasingly uncertain situation in cyberspace is driving many countries and or...

What Is Attestation of Compliance (AoC) and Why Does It Matter?
Published: 08/18/2022

Originally published by TokenEx here. Written by Valerie Hare, Content Marketing Specialist, TokenEx.Did you know that a Verizon Payment Security Report found that only 27.9 percent of organizations achieved full compliance with PCI DSS during their validation process in 2019? The Payment Card In...

Cloud Key Management 101: Cryptographic Keys and Algorithms
Published: 08/17/2022
Author: Megan Theimer

.The top cloud security threat in 2022 is insufficient identity, credential, access, and key management. Key Management Systems (KMS), including hardware security modules and other cryptographic tools, are commonly used to address this threat. While different KMS offerings provide varying capabil...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.