Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Hunting Shadow Data: A Guide for Security and Compliance Teams
Published: 01/10/2023

Originally written by Sentra. What is Shadow Data?Shadow data is any organizational data that has been copied, backed up or is otherwise stored such that it is not subject to your organization’s centralized (and secured) data management framework. For example, shadow data may not be housed accord...

Cloud Security and Compliance Best Practices: Highlights from the CSA Cloud Controls Matrix
Published: 01/09/2023

Written by James Alaniz, Rapid7. Depending on what report you read, the percentage of organizations that have adopted multiple cloud platforms has soared and continues to rise exponentially. According to Gartner, by 2026 more than 90% of enterprises will extend their capabilities to multi-cloud e...

Managing Cloud Security in a Multicloud Environment (Part 2)
Published: 01/09/2023

Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. As discussed in my last article, to date, most known security incidents in the cloud have been the fault of the customer rather than that of the cloud security provider (CSP). And yet, CSP...

How Well Will Cyberinsurance Protect You When You Really Need It?
Published: 01/09/2023

Originally published by Ericom Software. Written by Stewart Edelman, Chief Financial Officer, Ericom Software. According to a report from Hiscox, a UK-based insurer with over 3,000 employees across 14 countries, 20% of the more than 5,000 businesses surveyed responded that a cyberattack had nearl...

CCSK Success Story: From a Cybersecurity and Privacy Officer
Published: 01/06/2023

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

Threat Detection for Your Multi-Cloud Environment
Published: 01/06/2023

Originally published by Netography. Written by Dan Ramaswami, VP Field Engineering, Netography. We’re at a tipping point with respect to how we think about the cloud and security. Now, 89% of organizations report having a multi-cloud strategy, and 80% are using both public and private clouds. Wha...

Fake MSI Afterburner Sites Delivering Coin-Miner
Published: 01/06/2023

Originally published by Cyble on November 23, 2022. Stealthy Miner Bypasses Detection Using Shellcode And Process Injection Gamers and other high-performance computing users use various utility software tools such as MSI Afterburner, which monitors system performance and allows users to modify th...

Could Double Extortion Prompt a Public Health Crisis?
Published: 01/05/2023

Originally published by CXO REvolutionaries on November 15, 2022. Written by Kyle Fiehler, Senior Transformation Analyst, Zscaler. Ransomware actors targeting Australia’s most prominent healthcare insurer have taken the gloves off. After Medibank refused to pay a ransom for the return of data bel...

Definitive Guide to Hybrid Clouds, Chapter 3: Understanding Network Visibility in the Hybrid Cloud
Published: 01/05/2023

Originally published by Gigamon. Written by Stephen Goudreault, Gigamon. Editor’s note: This post explores Chapter 3 of the “Definitive Guide™ to Network Visibility and Analytics in the Hybrid Cloud.” Read Chapter 1 and Chapter 2, and check back for future posts covering Chapters 4–7.Migrating to...

From Access-Centric Security to Data-Centric Security
Published: 01/05/2023

Originally published by Lookout. Written by Maria Teigeiro, Lookout. In the early days of internet security, an access-centric security model made sense. Access lists on routers were complemented by firewalls and, later, intrusion detection systems. Given the processing capacity available at ...

CSA STAR Certification – Supporting Cloud Trust
Published: 01/04/2023

Originally published by MSECB. Written by Mark Lundin, MSECB. Value of CSA STAR Certification for CSPs Cloud Security Alliance (CSA) STAR Certification is a strong tool to help cloud service providers evaluate and improve their cybersecurity controls while certifying against a well-respecte...

Combat Attacks Where They Most Often Start: Applications
Published: 01/04/2023

Originally published by TrueFort. Written by Mike Powers, TrueFort. The application environment is one of the most targeted among cyber criminals and has reached a point where organizations can no longer pose the question of “if” there will be an attack on, but “when” there is an attack. The atta...

How to Control (Maneuver) the Post-IdP Wasteland
Published: 01/04/2023

Originally published by DoControl. Written by Tony Klor, DoControl. In a world where digital transformation is the new normal and employees are more mobile than ever, organizations are inundated with managing often highly sensitive Software as a Service (SaaS) application data. To meet these dema...

How To Understand Impact Through Asset Management and Threat Intelligence, Part 3
Published: 01/03/2023

Originally published by Axonius. Written by Katie Teitler, Axonius. In part one and part two of this series, we defined what cyber asset intelligence is, how — combined with threat intelligence — it informs cyber asset management as a way to decrease risk, and how organizations can start to build...

How to Improve Your Kubernetes Security Posture
Published: 01/03/2023

Originally published by Sysdig. Written by Alba Ferri, Sysdig. KSPM or Kubernetes Security Posture Management refers to the security state and capabilities in place to manage the defense of the Kubernetes clusters and the workloads running on top of it. It also includes how well it can predict, p...

5 Tips for Successfully Navigating C-Suite and Board Communication as a CISO
Published: 12/29/2022

Originally published by Blue Lava. Written by the Beacon Digital Team. Even the most experienced CISOs can struggle to communicate effectively with their Board of Directors and Executive team. This is not a surprise given the challenges CISOs are commonly up against, which include:Having very lim...

How to Prevent Account Takeover Fraud
Published: 12/29/2022

Originally published by TokenEx. Written by Anni Burchfiel, TokenEx. Quick Hits:Account takeover fraud is the most popular kind of cyberattack for hackers looking to make a large sum of money quickly.Businesses affected by account takeover attacks (ATOs) often lose large numbers of customers due ...

5 Key Takeaways from the 2022 Compliance Benchmark Report
Published: 12/28/2022

Originally published by A-LIGN. Written by Patrick Sullivan, A-LIGN. Our 2022 Compliance Benchmark Report detailed how organizations are navigating the current compliance landscape, as well as how they are preparing for the future. By surveying more than 200 cybersecurity, IT, quality assurance, ...

Sealing Off Your Cloud’s Blast Radius
Published: 12/28/2022

Originally published by Ermetic. Migrating to the cloud? Cloud security requires a shift in mindset from traditional on-premises security. Implementing relevant principles and practices, like for permissions management, can mitigate vulnerabilities and significantly reduce the blast radius of an ...

Minimizing your Data Attack Surface in the Cloud
Published: 12/27/2022

Originally published by Sentra. Written by Ron Reiter, CTO, Sentra. The cloud is one of the most important developments in the history of information technology. It drives innovation and speed for companies, giving engineers instant access to virtually any type of workload with unlimited scal...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.