Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Continuous Auditing - STAR Continuous - Increasing Trust and Integrity

Published: 03/19/2019

By John DiMaria, Assurance Investigatory Fellow, Cloud Security Alliance As a SixSigma Black Belt I was brought up over the years with the philosophy of continual monitoring and improvement, moving from a reactive state to a preventive state. Actually, I wrote a white paper a couple of years ...

Are Cryptographic Keys Safe in the Cloud?

Published: 03/18/2019

By Istvan Lam, CEO, TresoritBy migrating data to the cloud, businesses can enjoy scalability, ease of use, enhanced collaboration and mobility, together with significant cost savings. The cloud can be especially appealing to subject-matter experts as they no longer have to invest in building and...

Webinar: The Ever Changing Paradigm of Trust in the Cloud

Published: 03/12/2019

By CSA Staff The CSA closed its 10th annual Summit at RSA on Monday, and the consensus was that the cloud has come to dominate the technology landscape and revolutionize the market, creating a tectonic shift in accepted practice. The advent of the cloud has been a huge advancement in ...

CSA Summit Recap Part 2: CSP & CISO Perspective

Published: 03/12/2019

By Elisa Morrison, Marketing Intern, Cloud Security AllianceWhen CSA was started in 2009, Uber was just a German word for 'Super' and all CSA stood for was Community Supported Agriculture. Now in 2019, spending on cloud infrastructure has finally exceeded on-premises, and CSA is celebrating its 1...

CSA Summit Recap Part 1: Enterprise Perspective

Published: 03/08/2019

By Elisa Morrison, Marketing Intern, Cloud Security AllianceCSA’s 10th anniversary, coupled with the bestowal of the Decade of Excellence Awards gave a sense of accomplishment to this Summit that bodes well yet also challenges the CSA community to continue its pursuit of excellence. The common th...

CCSK Success Stories: From an Information Systems Security Manager

Published: 03/07/2019

By the CSA Education TeamThis is the third part in a blog series on Cloud Security Training. Today, we will be interviewing Paul McAleer. Paul is a Marine Corps veteran and currently works as an Information Systems Security Manager (ISSM) at Novetta Solutions, an advanced data analytics company h...

A Decade of Vision

Published: 03/05/2019

By Jim Reavis, Co-founder and CEO, Cloud Security Alliance Developing a successful and sustainable organization is dependent upon a lot of factors: quality services, a market vision, focus, execution, timing and maybe a little luck. For Cloud Security Alliance, now celebrating our 10th an...

Education: A Cloud Security Investigation (CSI)

Published: 03/05/2019

By Will Houcheime, Product Marketing Manager, Bitglass Cloud computing is now widely used in higher education. It has become an indispensable tool for both the institutions themselves and their students. This is mainly because cloud applications, such as such as G Suite and Microsoft Offi...

Introducing CAIQ-Lite

Published: 03/01/2019

By Dave Christiansen, Marketing Director, Whistic The Cloud Security Alliance and Whistic are pleased to release CAIQ-Lite beta, a new framework for cloud vendor assessment. CSA and Whistic identified the need for a lighter-weight assessment questionnaire in order to accommodate the sh...

Five Years of the GitHub Bug Bounty Program

Published: 02/28/2019

By Philip Turnbull, Senior Application Security Engineer, GitHub Image credit: GitHub, This article was originally published by the GitHub team. GitHub launched our Security Bug Bounty program in 2014, allowing us to reward independent security researchers for their help in keeping GitHub ...

Bitglass Security Spotlight: DoD, Facebook & NASA

Published: 02/25/2019

By Will Houcheime, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks:  —Cybersecurity vulnerabilities found in US missile system—Facebook shares private user data with Amazon, Netflix, and Spotify—Personal information of NASA employees exposed—C...

Rocks, Pebbles, Shadow IT

Published: 02/19/2019

By Rich Campagna, Chief Marketing Officer, Bitglass Way back in 2013/14, Cloud Access Security Brokers (CASBs) were first deployed to identify Shadow IT, or unsanctioned cloud applications. At the time, the prevailing mindset amongst security professionals was that cloud was bad, and discove...

Rethinking Security for Public Cloud

Published: 02/13/2019

Symantec’s Raj Patel highlights how organizations should be retooling security postures to support a modern cloud environment By Beth Stackpole, Writer, Symantec Enterprises have come a long way with cyber security, embracing robust enterprise security platforms and elevating security ...

Bitglass Security Spotlight: Financial Services Facing Cyberattacks

Published: 02/12/2019

By Will Houcheime, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent months: —Customer information exposed in Bankers Life hack—American Express India leaves customers defenseless—Online HSBC accounts breached—Millions of dollars taken from major Paki...

The 12 Most Critical Risks for Serverless Applications

Published: 02/11/2019

By Sean Heide, CSA Research Analyst and Ory Segal, Israel Chapter Board MemberWhen building the idea and thought process around implementing a serverless structure for your company, there are a few key risks one must take into account to ensure the architecture is gathering proper controls when s...

Deciphering DevSecOps

Published: 02/07/2019

Security needs to be an integral part of the DevOps roadmap. Enterprise Strategy Group’s Doug Cahill shows the way By Beth Stackpole, Writer, Symantec Security has moved to the forefront of the IT agenda as organizations push forward with digital transformation initiatives. At the s...

Bitglass Security Spotlight: Breaches Expose Millions of Emails, Texts, and Call Logs

Published: 02/05/2019

By Will Houcheime, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks:  —773 million email accounts published on hacking forum— Unprotected FBI data and Social Security numbers found online — Millions of texts and call logs exposed on unlocked se...

Security Risks and Continuous Development Drive Push for DevSecOps

Published: 01/31/2019

How the need to speed application creation and subsequent iterations has catalyzed the adoption of the DevOps philosophy By Dwight B. Davis, Writer, Symantec The sharp rise in cyber security attacks and damaging breaches in recent years has driven a new mantra among both application de...

CCSK Success Stories: From the Financial Sector

Published: 01/24/2019

By the CSA Education TeamThis is the second part in a blog series on Cloud Security Training. Today we will be interviewing an infosecurity professional working in the financial sector. John C Checco is President Emeritus for the New York Metro InfraGard Members Alliance, as well as an Informatio...

CCM Addenda Updates for Two Additional Standards

Published: 01/21/2019

By the CSA CCM Working GroupWe're happy to announce the publication of the updated Cloud Controls Matrix (CCM) Addenda for the following standards: — German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5) — ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC ...

Browse by Topic