Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
CircleCI Cybersecurity Incident Hunting Guide
Published: 01/30/2023

Originally published by Mitiga. Written by Doron Karmi, Deror Czudnowski, Ariel Szarf, and Or Aspir, Mitiga. On January 4, CircleCI published a statement announcing the investigation of a security incident. In this technical blog, we will share how to hunt for malicious behavior that may be cause...

What is a Cloud Incident Response Plan?
Published: 01/28/2023

Written by the Cloud Incident Response Working Group. In today’s connected era, a comprehensive incident response strategy is an integral aspect of any organization aiming to manage and lower its risk profile. Many organizations and enterprises without a solid incident response plan have been rud...

Your Guide to IAM – and IAM Security in the Cloud
Published: 01/27/2023

Originally published by Ermetic. As user credentials become a coveted target for attackers, IAM (Identity Access Management) technologies are gaining popularity among enterprises. IAM tools are used in part to implement identity-based access security practices in the cloud. But is IAM security en...

Everything You Need to Know About ISO 27001 Certification
Published: 01/27/2023

Originally published by A-LIGN. With bad actors targeting sensitive data, many organizations are looking for new ways to monitor and improve their data security. Enter: ISO/IEC 27001:2013. A useful way to establish credibility with stakeholders, customers, and partners, ISO 27001 can help demon...

5 Timely SaaS Security Recommendations for 2023
Published: 01/27/2023

Written by Jesse Butts, Head of Content & Communications, AppOmni. While our colleagues were winding down for the holidays, cybersecurity professionals spent the tail-end of 2022, and first week of 2023, responding to major SaaS breaches. Late December ushered in disclosures of Okta, Last...

Herding Cats: How to Lead a Digital Transformation in a Federated Organization
Published: 01/26/2023

Originally published by CXO REvolutionaries. Written by Yves Le Gelard, Former Group CIO and Chief Digital Officer, ENGIE. A tale of two types of organization Organizations embarking on digital transformations typically fall somewhere on a spectrum between rigidly hierarchical – in which leaders’...

What Are the DoD Cloud Computing Security Assessment Requirements?
Published: 01/26/2023

Originally published by Schellman. Written by Jon Coffelt, Schellman. When you compare the two tallest mountains in the world—K2 and Everest—some of the facts might surprise you. For instance, did you know that K2’s climbing route is more technical than that of the tallest mountain in the world? ...

On the Criticality of SDLC Context for Vulnerability Remediation
Published: 01/25/2023

Originally published by Dazz. Written by Eyal Golombek, Director of Product Management, Dazz. Risk can go undetected when full context of the SDLC is missing Risk to cloud environments originates from multiple possible sources. Managing cloud risk requires a deep understanding of how that risk en...

If You Could Only Ask One Question About Your Data, It Should be This
Published: 01/25/2023

Originally published by Sentra. Written by Guy Spilberg, VP R&D, Sentra. When security and compliance teams talk about data classification, they speak in the language of regulations and standards. Personal Identifiable Information needs to be protected one way. Health data another way. Employee i...

Egress URL Filtering: The Most Important Cloud Security Control You’re Probably Missing
Published: 01/25/2023

Originally published by Valtix. Written by Vijay Chander, Valtix. As we work with enterprise cloud security architects daily, it’s abundantly clear that one of the top priorities in 2023 is how to standardize security policy enforcement through improved network architecture across project teams a...

Oops, I Leaked It Again — PII in Exposed Amazon RDS Snapshots
Published: 01/24/2023

Originally published by Mitiga on November 16, 2022. Written by Ariel Szarf, Doron Karmi, and Lionel Saposnik. TL; DR: The Mitiga Research Team recently discovered hundreds of databases being exposed monthly, with extensive Personally Identifiable Information (PII) leakage. Leaking PII in th...

Cloud Economics: A Federal Perspective
Published: 01/24/2023

Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. Migration to the cloud ecosystem has had a profound impact on all aspects of business, as the cloud provides many benefits and gives an enterprise a strategic advantage. The application of...

What is an Access Control Server in 3DS?
Published: 01/24/2023

Originally published by TokenEx. Written by Anni Burchfiel, TokenEx. Quick Hits 3DS is a form of multifactor authentication used to reduce card-not-present fraud by verifying cardholder identities. The 3DS Access Control Server is a tool used by issuing banks to confirm the identity of the cardh...

Designing for Recovery: Infrastructure in the Age of Ransomware
Published: 01/23/2023

Originally published by Nasuni. Written by Joel Reich, Nasuni. The menace of ransomware is driving increased security spending as organizations try to harden their systems against potential attacks, but ransomware is a new kind of threat. You can’t simply deploy tools to defend against the malwar...

Who Has Control: The SaaS App Admin Paradox
Published: 01/23/2023

Originally published by Adaptive Shield. Written by Eliana Vuijsje, Adaptive Shield. Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization's external admin attempts to disable MFA for themselves. They don't think to consult with the security team and d...

To Secure the Atomized Network, Don’t Bring a Knife to a Gunfight
Published: 01/23/2023

Originally published by Netography. Written by Martin Roesch, CEO, Netography. You don’t bring a knife to a gunfight. Yet, that’s exactly what we’re doing when we try to secure today’s atomized networks with piecemeal approaches and network security architectures designed decades ago. To fully ap...

5 Steps to Managing Third-Party Risk in the Healthcare Industry
Published: 01/21/2023

Written by the Health Information Management Working Group. Healthcare organizations are struggling to identify, protect, detect, respond, and recover from third-party or vendor-related data breaches, vulnerabilities, and threat events. The number of third-party vendors that handle sensitive data...

Why Your Cloud Services Need the CSA STAR Registry Listing
Published: 01/20/2023

Originally published by CAS Assurance. What is the CSA STAR Registry? The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry maintained by CSA and it documents the security, privacy and compliance postures of the cloud services off...

Double Trouble for Cyberinsurers
Published: 01/20/2023

Originally published by Ericom Software. Written by Stewart Edelman, Ericom Software. Read Part 1 of this blog, "How Well Will Cyberinsurance Protect You When You Really Need It?," here. Times are tough for insurers, who face two distinct types of cybersecurity challenges: profiting from the cy...

Enabling Secure Cloud Migration to Enterprise Cloud Environments
Published: 01/20/2023

Written by Andy Packham, Chief Architect and Senior Vice President, Microsoft Business Unit, and Syam Thommandru, Global Alliances and Product Management, Cybersecurity & GRC Services, HCLTech. Global enterprises are at an exciting new threshold of possibilities in the new normal. As remote work ...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.