Register for CSA’s SECtember conference and trainings today




Circle
Events
Blog

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Patching the Perpetual MD5 Vulnerability
Published: 10/18/2013

October 17, 2013By Gavin Hill, Director, Product Marketing & Threat Research Center at VenafiEarlier this month, Microsoft updated the security advisory that deprecates the use of MD5 hash algorithms for certificates issued by certification authorities (CA) in the Microsoft root certificate progr...

Safeguarding Cloud Computing One Step at a Time
Published: 10/17/2013

by Manoj Tripathi, PROSThere’ve been a lot of conversations around the concept of “the cloud.” Cloud storage and cloud computing continue to emerge as significant technology and business enablers for organizations. In many cases, cloud computing is a preferred option – it’s fast to set up and aff...

Gone in 60 Months or Less
Published: 10/10/2013

by Gavin Hill, Director, Product Marketing & Threat Research Center at VenafiFor years, cybercriminals have been taking advantage of the blind trust organizations and users place in cryptographic keys and digital certificates. Only now are vendors starting to respond to the use of keys and certif...

The Power of “Yes”
Published: 10/03/2013

by Sanjay Beri, CEO of NetskopeShadow IT is a big deal. The problem is clear: People want their apps so they can go fast. IT needs to attest that the company’s systems and data are secure and compliant.Everybody seems to have a Shadow IT solution these days. The problem is they’re all focused on ...

Watering Hole Attacks: Protecting Yourself from the Latest Craze in Cyber Attacks
Published: 09/23/2013

Author: Harold Byun, Skyhigh NetworksCyber criminals are clever and know how to evolve – you’ve got to give them that. They’ve proven this once again with their latest cyber attack strategy, the Watering Hole Attack, which leverages cloud services to help gain access to even the most secure and s...

The Consumerization of IT, BYOC, and the (New) Role of IT
Published: 09/11/2013

9 September 2013Author: Brandon CookIt has been a decade since Nicolas Carr published his controversial essay “IT Doesn’t Matter” in the Harvard Business Review. Back then, he claimed that companies weren’t really getting a competitive advantage from the technology advances – the bits and bytes –...

Beyond Encryption: The 5 Pillars of Cloud Data Security
Published: 09/03/2013

Author: Kamal Shah, Skyhigh NetworksGiven the recent influx of cyber-security attacks and the hubbub about the National Security Agency’s PRISM program, there is lot of talk about the importance of encryption to protect corporate data in the cloud. (PRISM is a clandestine data mining operation au...

Windows Azure Leads Way with SOC 2 + CSA CCM Attestation
Published: 08/22/2013

by John Howie, COO, Cloud Security AllianceThis week Microsoft announced that Windows Azure had completed an assessment against the Cloud Security Alliance Level 2 Cloud Control Matrix as part of its Service Organization Control (SOC) 2 Type II audit conducted by Deloitte. This combined approach ...

Just What the Doctor Ordered: A Prescription for Cloud Data Security for Healthcare Service Providers
Published: 08/14/2013

by Kamal Shah, VP, Products and Marketing at Skyhigh NetworksCloud services are here to stay, and practically everybody is embracing them. In fact, the cloud computing industry is growing at the torrid pace of nearly 30% per year right now, according to Pike Research.Certainly healthcare service ...

You can Benefit from the Cloud: Choose based on Class of Service
Published: 07/10/2013

In my last blog, I had promised a deeper dive into Choosing a Cloud provider based on Class of Service.It is a very timely topic. In one of very many recent articles on cloud security, Avoiding cloud security pitfalls Telstra enterprise and infrastructure services IT director Lalitha Biddulph adv...

IT Opportunities Surrounding Shadow IT
Published: 06/27/2013

By Kamal Shah Skyhigh Networks VP of Products and Marketing   The magnitude of Shadow IT is significant and growing.Gartner has predicted that a full 35 percent of IT spending will take place outside of IT by 2015 – just 18 months away. By the end of the decade, that figure will hit 90 percent...

Why the Cloud Cannot be treated as a One-size-fits-all when it comes to Security
Published: 06/24/2013

Despite the fact that cloud providers have long since differentiated themselves on very distinct offerings based on cloud platform type, I often see the cloud written about as though it is a single, uniformservice. And, the problem with that is while there are commonalities, it is downright misle...

Leveraging Intel from Hackers to Mitigate Risks
Published: 06/14/2013

Authored by Robert Hansen“Know your enemy and know yourself and you can fight a hundred battles without disaster.” – Sun TzuA few weeks ago, I interviewed “Adam” a self-described ‘blackhat’ hacker about why he started hacking, what motivates him and others in the underground community and why he ...

Cloud Trust Study: Security, Privacy and Reliability in the cloud get high marks with U.S. small to mid-sized businesses
Published: 06/11/2013

Comscore and Microsoft recently commissioned a study to get a pulse on what small to mid-sized businesses (SMB) think about the cloud in terms of security, privacy and reliability.The results tell us that there’s a gap between the perceptions of those not using the cloud, with the real experience...

A Hybrid Approach for Migrating IAM to the Cloud
Published: 06/10/2013

Merritt MaximDirector-Product MarketingCA TechnologiesWe continue to hear about how cloud, mobility and the consumerization of IT has the potential to transform business. However, the ongoing hype around these trends may lead some to believe that these trends require an “all or none” approach. ...

Don’t let a disaster leave your data out in the cold
Published: 06/10/2013

By Andrew Wild, CSO at QualysWhen we see images from natural disasters like Hurricane Sandy of flooded neighborhoods, downed power lines and destroyed homes the first concern, of course, is for the safety of the people. But as a chief security officer I also think about how disasters affect compa...

New York State launches investigation of top insurance companies’ cybersecurity practices. Who’s next?
Published: 06/05/2013

The following blog excerpt on “New York State launches investigation of top insurance companies’ cybersecurity practices. Who’s next?” was written by the external legal counsel of the CSA, Ms. Francoise Gilbert of the IT Law Group. We repost it here with her permission. It can be viewed in its or...

How the “Internet of Things” Will Feed Cloud Computing’s Next Evolution
Published: 06/05/2013

David Canellos, PerspecSys president and CEOWhile the Internet of things is not a new concept (Kevin Ashton first coined the term in 1999 to describe how the Internet is connected to the physical world), it is just now becoming a reality due to some major shifts in technology.According to ABI Res...

Rethink cloud security to get ahead of the risk curve
Published: 06/05/2013

By Kurt Johnson, Courion CorporationEver since the cloud sprung up to the top of every IT discussion, the issue of cloud security was right alongside it. Let’s face it, enterprise security has never been easy, and the rapidly expanding use of software in the cloud has added layers of complexity –...

Cloud Computing Trends: Assessing IT Maturity and Adoption Practices
Published: 05/23/2013

By John Howie, COO, Cloud Security AllianceIn keeping with our CSA mission to promote best practices for providing security assurance, I have a few resources to share that can help organizations understand cloud computing trends and assess their own current IT environment with regard to security,...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.