Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
For the Sake of its Cybersecurity, Australia Must Come Together
Published: 12/20/2022

Originally published by CXO REvolutionaries. Written by Heng Mok, CISO APJ, Zscaler. The pandemic has exacerbated existing security problems As the cybersecurity threatscape continues to become more complex and challenging, the media have primarily focused on the struggles faced by businesses. Bu...

7 Significant Findings from the 2022 SaaS Security Survey Report
Published: 12/19/2022

Originally published by Adaptive Shield. Written by Eliana Vuijsje, Adaptive Shield. Last year, we spearhead our first annual SaaS Security Survey Report, where the findings illuminated the SSPM landscape and where the market was holding. In the 2022 SaaS Security Survey Report, in collaborat...

Make Cloud Defense a Team Sport by Turning DevOps into a Force Multiplier
Published: 12/19/2022

Originally published by CrowdStrike. Written by David Puzas, CrowdStrike. Enterprises are embracing cloud-native applications in the name of business agility. These applications enable developers to take advantage of the cloud’s scalability and flexibility, allow customers and developers to benef...

What is a CASB and How Does it Integrate with DLP?
Published: 12/19/2022

Originally published by DoControl. Written by Corey O'Connor, DoControl. Cloud Access Security Broker (CASB) solutions and Data Loss Prevention (DLP) are both aging technologies and markets, but conceptually are both very relevant for security and risk leaders. The need for controls to prevent th...

Top Threat #11 to Cloud Computing: Cloud Storage Data Exfiltration
Published: 12/18/2022

Written by the CSA Top Threats Working Group. The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of worklo...

The Top Cloud Computing Risk Treatment Options
Published: 12/17/2022
Author: Megan Theimer

Cloud threats pose great harm to organizations’ business objectives. Storage, compute, and even network services have been subjected to nefarious attacks. Since cloud compliance and security is a shared responsibility, every organization should collaborate with their cloud service providers to im...

Why Do I Need a Next-Gen Secure Web Gateway?
Published: 12/16/2022

Originally published by Lookout. Written by Stephen Banda, Senior Manager, Security Solutions, Lookout. The internet is now your default corporate network. This has some major perks — it means that your employees can access whatever they need from wherever they need it. But using the interne...

What It Means When We Say “It’s Encrypted”
Published: 12/16/2022

Originally published by ShardSecure. Written by Julian Weinberger, Sales Engineering & Partner Lead, ShardSecure. In the realm of digital security, the term “encryption” is thrown around all the time. But encryption is not always the actual technique being leveraged. Instead, encryption has...

How To Understand Impact Through Asset Management and Threat Intelligence, Part 2
Published: 12/16/2022

Originally published by Axonius. Written by Katie Teitler, Axonius. In the first part of this series, “How To Understand Impact Through Asset Management and Threat Intelligence," we discussed cyber asset intelligence and how it, combined with threat intelligence, serves to inform cyber asset mana...

Redshift Security: Attack Surface Explained
Published: 12/15/2022

Originally published by Dig Security. Written by Ofir Shaty and Ofir Balassiano, Dig Security. We have previously discussed (Access and Data Flows, Data Backups and Encryption) security best practices to implement least privileged access on Redshift and reduce the static risk associated with your...

Advanced BEC Scam Campaign Targeting Executives on O365
Published: 12/15/2022

Originally published by Mitiga on August 27, 2022. Mitiga spotted a sophisticated, advanced business email compromise (BEC) campaign, directly targeting relevant executives of organizations (mostly CEOs and CFOs) using Office 365. The attackers combine high-end spear-phishing with an adversary-in...

AWS Security Groups Guide
Published: 12/15/2022

Originally published by Sysdig. Written by Brett Wolmarans, Sysdig. AWS Security Groups (and Network ACLs and VPCs) are some of the fundamental building blocks of security in your cloud environment. They are similar to firewalls, but are ultimately different. You have to understand this topic ve...

Don’t Keep Us in the Dark: Addressing the Cloud Change Management Gap
Published: 12/14/2022

Sean Heide, Research Technical Director at CSA Jez Goldstone, Director of Security Architecture, Cloud & Innovation | CSO Cyber Security Assurance at Barclays Hillary Baron, Sr. Research Technical Director at CSA John Yeoh, Global VP of Research at CSA The innovation in cloud services and platfor...

How to Detect Cloud Storage Misconfigurations to Protect Valuable Data
Published: 12/14/2022

Originally published by CrowdStrike. Written by Ciaran O'Brien and Matt Johnston, CrowdStrike. Cloud storage misconfigurations continue to become more prevalent and problematic for organizations as they expand their cloud infrastructure, driving the importance of technologies such as cloud sec...

SANS 2022 Cloud Security Survey, Chapter 2: What Security and Compliance Worries Do IT Pros Have About the Cloud?
Published: 12/14/2022

Originally published by Gigamon. Written by Chris Borales, Gigamon. Editor’s note: This post explores Chapter 2 of the SANS 2022 Cloud Security Survey. Chapter 1 is available here. Check back for future posts covering Chapters 3 and 4.The cloud is sold more and more as the answer to what ails IT,...

CyberThreats Mushrooming Over Global Nuclear Facilities
Published: 12/14/2022

Originally published by Cyble. Cyble Research & Intelligence Labs (CRIL) has been observing and reporting about parallel cyber hostilities extending among various nations since the beginning of the Russia-Ukraine conflict in February 2022.Apparently, Threat Actors (TAs), Hacktivist Groups, and Ma...

SASE to SSE: Understanding the Shift
Published: 12/13/2022

Written by Prakhar Singh, Business Development Manager, Cybersecurity & GRC Services, HCLTech. IntroductionIn a previous blog post, I highlighted the importance of Zero Trust and Zero Trust Network Access and how organizations can cultivate the same within their ecosystems. While the term Zero Tr...

How State CIOs Can Elevate Priorities Above Personalities
Published: 12/13/2022

Originally published by CXO REvolutionaries. Written by David Cagigal, Former CIO of the State of Wisconsin. If we continue to develop technology without wisdom or prudence, our servant may prove to be our executioner." - General Omar N. Bradley Earlier this month, the National Association of Sta...

Altruism in Information Security, Part 3: Effort (and Sacrifice) in Execution
Published: 12/13/2022

Originally published by Tentacle. Written by Matt Combs, Tentacle. I could not wrap up this blog series without at least taking some time to acknowledge and speak to the amount of effort that is truly required to pull off a proper information security program. There are so many InfoSec profession...

Unpatched ERP Vulnerabilities Haunt Organizations
Published: 12/12/2022

Originally published by Onapsis. The challenge of how to identify vulnerabilities, prioritize patches, and prevent cyberattacks targeting business-critical Enterprise Resource Planning (ERP) data and systems is keeping cybersecurity professionals up at night. Don’t let unpatched ERP vulnerabili...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.