Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Put Your Trust in the Stack
Published: 04/11/2022

This blog was originally published by Entrust here. Written by Wayne Lewandowski, Vice President of Sales, Entrust Data Protection Solutions. Breaches, infiltration, exfiltration, compromised privileges, and interrupted access to critical systems are all parts of a well-written espionage movie, o...

6 Questions to Ask Along Your Journey to the Cloud
Published: 04/11/2022

Written by Robert Clyde, ShardSecure A few years ago, a question many enterprises wrestled with was whether migrating to the cloud was a worthwhile endeavor. While there are still some server-huggers, enterprises have resoundingly answered ”yes” to that question and moved beyond that basic ques...

How to Prepare for the Changes to the ISO Standards
Published: 04/09/2022

The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores the STAR Program, CSA best practices, research, and associated technologies and tools. This blog is part of a series where we edit key CSA Security Update episodes into shorter Q&As. In tod...

What NIST SP 800-207 Means for SaaS Security
Published: 04/08/2022

This blog was originally published by DoControl here. Written by Corey O'Connor, DoControl. The National Institute of Standards and Technology (NIST) and Cybersecurity and Infrastructure Security Agency (CISA) in August 2020 published NIST Special Publication 800-207. This special publication fol...

CCSK Success Stories: From a Network and Security Technical Manager
Published: 04/08/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

Leverage Zero Trust to Defend Against Geopolitical Uncertainty
Published: 04/07/2022

This blog was originally published by CXO REvolutionaries on March 24, 2022. Written by Brad Moldenhauer, CISO, Zscaler. As a major shift in the global geopolitical balance, Russia’s invasion of Ukraine has many dimensions, including militaristic, political, legal, cultural, and economic. We sho...

What is a Security Token Offering (STO)?
Published: 04/07/2022

This blog was originally published by TokenEx here. Written by Anni Burchfiel, TokenEx. An STO, also known as a Security Token Offering, is a digital token supported by blockchain technology that represents a stake in an asset. STOs enable digital funding, while still complying with government re...

CVE-2022-23648 – Arbitrary Host File Access from Containers Launched by Containerd CRI and its Impact on Kubernetes
Published: 04/06/2022

This blog was originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO. Recently discovered vulnerability - CVE-2022-23648 - in containerd, a popular container runtime, allows especially containers to gain read-only access to files from the host machine. While general...

Drawing the RedLine - Insider Threats in Cybersecurity
Published: 04/06/2022

This blog was originally published by LogicHub here. Written by Tessa Mishoe, LogicHub. RedLine Password Theft MalwareThe RedLine password theft malware is a hot topic this month with Microsoft’s employee compromise. Though Microsoft didn’t offer many officially released details on what occurred,...

Covering Your Assets: 5 Most Common Questions About Cyber Asset Management
Published: 04/05/2022

This blog was originally published by JupiterOne here. Written by Jennie Duong, JupiterOne. The cybersecurity forecast for 2022: More of the same—only worse. Yes, the sophistication of cyberattacks is growing by the minute. Unfortunately, so are the rewards for ransomware and stolen data. But a n...

3 Ways To Secure SAP SuccessFactors And Stay Compliant
Published: 04/04/2022

This blog was originally published by Lookout here. Written by Steve Banda, Senior Manager, Security Solutions, Lookout. The work-from-anywhere economy has opened up the possibility for your human resources team to source the best talent from anywhere. To scale their operations, organizations are...

What is Quantum Computing? Why Should I Be Concerned?
Published: 04/02/2022

Written by the CSA Quantum-Safe Security Working Group What is quantum mechanics? Quantum mechanics/physics is a long-proven physical science that describes actions and properties of very small particles. Everything in the universe works and depends on quantum mechanics. It’s how the world works....

Zero Trust as a Framework for Fighting Back Against Cyberwarfare
Published: 04/01/2022

This blog was originally published by CXO REvolutionaries here. Written by Howard Sherrington, Director of Transformation Strategy, Zscaler. Russia's ongoing and unfortunate invasion of Ukraine has captured headlines for its cyber dimension as well as its physical one. The breadth of cyber operat...

Cloud Threats: What Business Executives Need to Know Right Now
Published: 03/31/2022

This blog was originally published on on February 4, 2022. Written by Josh Stella, Fugue. Read the first blog in this series here and the second blog here. The ancient Chinese general Sun Tzu famously wrote: “If you know the enemy and know yourself, you need not fear the result of a h...

The End of AWS Keys in Slack Channels
Published: 03/31/2022

This blog was originally published by DoControl here. Written by Adam Gavish, DoControl. It’s time for security teams to enforce stronger controls over the sharing of AWS keys in Slack.Slack (and Microsoft Teams) revolutionized the way organizations collaborate efficiently, especially in the work...

What Is Compliance as Code? Benefits, Use Cases and Tools
Published: 03/31/2022

This blog was originally published by Contino here. Written by Josh Armitage, Contino. Being compliant in today’s cloud-first world of rapid innovation is a ubiquitous challenge affecting startups and enterprises alike.Enforcing sets of controls, such as acceptable data storage locations and acce...

Handling the Challenge of Model Drift in Data Lakes
Published: 03/30/2022

Written by Dr. Nathan Green, Marymount University and Oliver Forbes, NTT DATA One of the most constant and evolving characteristics of the sharing of information, is data in its readable form and its various models of consumption. Machine learning is an impactful tool of analysis that plays a...

Log4j Vulnerability: Threat Intelligence and Mitigation Strategies to Protect Your SAP Applications
Published: 03/30/2022

This blog was originally published by Onapsis on February 9, 2022. Written by Onapsis Research Labs. On Thursday, December 9, a critical vulnerability (CVE-2021-44228) in Apache log4j, a widely used Java logging library, was made public. Some are calling it “the most serious vulnerability they ...

A Whole New World for PCI DSS
Published: 03/30/2022

This blog was originally published by PKWARE on November 23, 2021. As we know, the new Payment Card Industry Data Security Standard (PCI DSS) 4.0 guidelines are coming out in Q1 of next year, with some predicting a March timeframe for its release based on previous releases. The last time PCI came...

AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
Published: 03/29/2022

This blog was originally published by Orca Security here. Written by Yanir Tsarimi, Orca Security. AutoWarp is a critical vulnerability in the Azure Automation service that allowed unauthorized access to other Azure customer accounts using the service. This attack could mean full control over res...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.