Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
EU Court of Justice Decision - Privacy Shield Invalidated; Standard Clauses Challenged​​
Published: 07/16/2020

European Court of Justice Schrems 2 Decision Creates Havoc in Global Digital Exchanges: Significant Challenges to Privacy Shield and Standard Contractual Clauses UsersBy Francoise Gilbert, CEO, DataMinding, Inc.For months, the global digital trade community has been awaiting the decision of the E...

Abusing Privilege Escalation in Salesforce Using APEX
Published: 07/16/2020

By Nitay Bachrach, Senior Security Researcher, PolyrizeThis article describes in detail a Salesforce privilege escalation scenario whereby a malicious insider exploits Author Apex permission to take over an organization’s Salesforce account and all data within it. The user abuses the fact that so...

​Understanding Common Risks in Hybrid Clouds
Published: 07/14/2020

Written by:ZOU Feng, Co-Chair, Hybrid Cloud Security WG & Director of Cloud Security Planning and Compliance, HuaweiNarudom ROONGSIRIWONG, Co-Chair, Hybrid Cloud Security WG & SVP and Head of IT Security, Kiatnakin BankGENG Tao, Senior Engineer of Cloud Security Planning and Compliance, H...

​Securing the multi-cloud environment through CSPM and SSPM
Published: 07/13/2020

By the CipherCloud TeamMisconfigurations are the biggest cause of data breaches in the cloud, exposing more than 33 billion records and costing companies close to $5 trillion in 2018 and 2019. - DivvyCloudIt took decades to convince IT leaders to move to the cloud. In the initial years, cloud ado...

Cryptocurrencies, Digital assets, Tokens and Blockchain maturity is coming soon
Published: 07/10/2020

By Kurt Seifried, Chief Blockchain Officer, CSTautology - a statement that is true by necessity or by virtue of its logical form.Blockchains are going to rapidly gain maturity because people are using blockchains, because they are rapidly gaining maturity. Essentially we’re at the inflection poin...

What Does Proactive Vendor Security Mean?
Published: 07/10/2020

By the Whistic TeamAs an InfoSec professional, you have probably heard the term “proactive vendor security” tossed around. But what exactly does proactive vendor security mean?Looking for a deeper meaningOn the surface, proactive is the opposite of reactive. Instead of waiting around for issues, ...

Night of the Living Cloud (aka CSA Federal Summit) Part 1 of 2
Published: 07/09/2020

By Jim Reavis, Co-founder and Chief Executive Officer, CSAIf you want to get a feel for what the zombie apocalypse might be like, I highly recommend taking a business trip right now. It provides a surreal experience without the hassle of someone trying to eat your brains. It was thus for me as I ...

New Paper Offers Practical Guidance on Automating Security in DevSecOps
Published: 07/07/2020

By Souheil Moghnie, NortonLifeLock Today, SAFECode is excited to join the Cloud Security Alliance in sharing a new report offering practical guidance on integrating security automation into the software development lifecycle. The paper, The Six Pillars of DevSecOps: Automation, was developed in c...

FTC Guidance - Six Steps Toward More Secure Cloud Computing
Published: 07/06/2020

By Francoise Gilbert – DataMinding, Inc.The June 15, 2020 FTC Blogpost, titled Six Steps Towards More Secure Cloud Computing provides a concise, valuable checklist for businesses that use or intend to use cloud services, so that they make their use of cloud services safer. The document is a remin...

Cloud Risk Management
Published: 07/02/2020

By Ashwin Chaudhary with AccedereCloud Risk Management is an important aspect in today’s world where majority of the organizations have adopted the cloud in some form or the other. Cloud risks continue to remain high for a CISO or a CIO and is gaining more importance in today’s world where more o...

Data Discovery to Rescue Historical Data from Compliance Violations
Published: 07/01/2020

By Ishani Sircar, Product Marketing Manager at CipherCloudAs technology evolved and the world migrated to the cloud, the amount of data in the cloud increased at a rapid pace and most organizations in trying to keep pace overlooked security best practices. Organizations are sitting on tons of hi...

United States–Mexico–Canada Agreement: Digital Trade Provisions: NAFTA 2.0 meets the Internet
Published: 06/30/2020

By Francoise Gilbert, DataMinding, Inc.The United States–Mexico–Canada Agreement (USMCA) enters into effect on July 1, 2020. Nicknamed “NAFTA 2.0” because it replaces the North America Free Trade Agreement (NAFTA), the USMCA addresses a number issues that had not been tackled by its predecessor, ...

How to secure cloud-based collaboration, emails, and messaging apps
Published: 06/23/2020

By Ishani Sircar, Product Marketing Manager at CipherCloudWe can secure information across multiple enterprise cloudsData leaks. Data breaches. Tighter security controls. Yet more breaches. A continuing cat-and-mouse-game. As both the way we do business in a distributed environment and apps matur...

3 Big Amazon S3 Vulnerabilities You May Be Missing
Published: 06/18/2020

By Drew Wright, Co-Founder Fugue, Inc. When there’s a data breach involving Amazon Web Services (AWS), more often than not it involves the Amazon S3 object storage service. The service is incredibly popular. Introduced way back in 2006 when few knew what the cloud was, S3 is highly scalable, reli...

Five Step UEBA to Detect and Stop Insider Attacks
Published: 06/16/2020

By Ishani Sircar, Manager, Product Marketing at CipherCloudEvery year, more than 34% of businesses worldwide are affected by insider threats. (Source: Sisa Infosec)Despite various investments in security, most organizations are still susceptible to data breaches due to bad actors. The losses fro...

The Octopus Scanner Malware: Attacking the open source supply chain
Published: 06/10/2020

By Alvaro Muñoz at GitHubSecuring the open source supply chain is an enormous task. It goes far beyond a security assessment or just patching for the latest CVEs. Supply chain security is about the integrity of the entire software development and delivery ecosystem. From the code commits themselv...

New Data Protection Law Enacted in Dubai Emirate
Published: 06/08/2020

By Francoise Gilbert, Cybersecurity and Privacy Expert, Cloud Security AllianceDubai has enacted a new data protection law that replaces the current privacy law, law N. 1 of 2007. The new 50-page law, which modernizes the current data protection law, will come into effect on July 1, 2020, at whic...

Detect and Track Threats Through UEBA and Incident Governance
Published: 06/02/2020

By Ishani Sircar, Product Marketing Manager at CipherCloudThe Rise of the Unmanaged DevicesMost organizations are predicting an increased remote workforce and adoption of SaaS apps in the coming years. Remote work environments have led to a rapid adoption of data sharing and collaboration apps, B...

Cloud Cybersecurity and the Modern Applications (part 3)
Published: 05/28/2020

By Francesco Cipollone, Chair at Cloud Security Alliance UK Chapter and Director at NSC42 Ltd.Hybrid Patterns in AzureIn new cloud deployment, it is common to see organizations using a combination of multiple cloud environments or methodologies. Managing access control in a single appliance is al...

Cloud Cybersecurity and the Modern Applications (part 2)
Published: 05/27/2020

By Francesco Cipollone, Chair at Cloud Security Alliance UK Chapter and Director at NSC42 Ltd. Use cases and common pitfallsSecurity appliance vendors are still updating their appliances to include typical cloud architecture that integrates into the cloud provider fabric more efficiently. Some ot...

Browse by Topic