Industry Insights
Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Why Should You Update Your Trusted CAs and Enforce Certificate Whitelists?
By Patriz Regalado, Product Marketing Manager, Venafi Your organization’s policies—or lack of policies—regarding trusted root CA certificates are exposing you to unnecessary risk. Because certificates serve as credentials for so many mission-critical transactions, attackers are constantly trying...
Windigo: Another Multi-Year APT Targets SSH Credentials
By Gavin Hill, Director, Product Marketing and Threat Intelligence, Venafi Last month, ESET, a leading IT security company, published a detailed analysis of operation Windigo. This operation, active since 2011, has compromised over 25,000 Linux and Unix webservers. Cyber-criminals use these serv...
On behalf of the CDPC Leadership Team: Open Review Period - Cloud Data Protection Cert Candidate Project
We would like to invite Cloud Security Alliance (CSA) members as well as the cloud and security community to participate in the open review period for a new candidate project that we are proposing for contribution to the CSA Research Portfolio. In addition, we are considering contributing this I...
I Hunt Sys Admins’ SSH
KEVIN BOCEK, VP, SECURITY STRATEGY & THREAT INTELLIGENCE, VENAFI SSH keys again confirmed as a favorite target for advanced attackers - how will IT security fight back?Newly leaked NSA documents from Edward Snowden, entitled “I Hunt Sys Admins” show that sophisticated attackers are aiming to bre...
Do you know what’s happening in the cloud at your organization?
By Sanjay Beri, Founder and CEO, NetskopeFor as long as “Shadow IT” has existed, technology vendors have encouraged IT professionals to uncover unsanctioned apps in their organizations so they can block them. But people rely on apps like Box, Dropbox, Evernote, Jira, and Workday for business crit...
RSA Conference 2014: Recap and Attendee Vulnerability Survey
BY: GAVIN HILL, DIRECTOR, PRODUCT MARKETING AND THREAT INTELLIGENCE, VENAFI I’ve been attending RSA for many years now, each year it seems to get bigger and better. This year a record breaking 28,500 attendees were in San Francisco to learn how to stop cyber-criminals in their ever increasing ma...
The Evolution of Mobile Malware: Digitally Signed Malware Creates an Illusion of Trust
By Patriz Regalado, Product Marketing Manager, Venafi Because cyber-criminals always seem to find new ways to circumvent traditional security measures, the threat landscape is constantly changing. A McAfee Labs Threat Report in Q3 2013 revealed an alarming trend: the type of malware proliferatin...
The Mask, Attacks on Trust, and Game Over
BY KEVIN BOCEK, VP, SECURITY STRATEGY & THREAT INTELLIGENCE, VENAFI Breached Enterprises Will Be Owned by The Mask operation for Years to ComeFor over a year, Venafi has been charting the course of attacks on the trust established by keys and certificates. The dramatic rise in attacks has led Mi...
You’re Already Compromised: Exposing SSH as an Attack Vector
By Gavin Hill, Director of Product Marketing and Threat Research, Venafi Before the Snowden breach, the average person rarely thought about encryption. Last year, however, encryption was at the forefront of everyone’s mind. People wanted to know what Edward Snowden disclosed about the National S...
Infographic: New Ponemon SSH Security Vulnerability Report
By Gavin Hill Global organizations are under attack, and the attackers are more dangerous and persistent than ever. While the motivations vary, the goal of today’s cybercriminal is to become and remain trusted on targeted networks in order to gain full access to sensitive, regulated and valuable...
CSA Appoints Leaders to the International Standardization Council
Andreas Fuchsberger Eric Hibbard The CSA announced today the re-appointment of Andreas Fuchsberger and Eric Hibbard as the Co-Chairs of the CSA’s International Standardization Council. As Co-Chairs, Fuchsberger and Hibba...
Survey Shows: SAAS Vendors Ditch User Names And Passwords, Adopt SAML In Droves
by Thomas Pedersen, co-founder and CEO of OneLoginLooks like we were on to something when we open sourced OneLogin’s first SAML Toolkit three years ago — theOneLogin 2014 State of SaaS Identity Management survey that we just completed with CSA shows that SaaS vendors are adopting SAML in droves. ...
CSA Invites Hackers to Participate in an Insider Attack of a Software Defined Perimeter (SDP)
Bob Flores, Former CTO of the CIA and President & CEO at Applicology Incorporated to Serve as Judge The Cloud Security Alliance (CSA) today announced additional details on its upcoming virtual hackathon, open to anyone globally, being held in conjunction with the RSA Conference, kicking off Monda...
Fake SSL Certificates Uncovered: The Tip of the Iceberg and Weaponized Trust
KEVIN BOCEK, VP, SECURITY STRATEGY & THREAT INTELLIGENCE, VENAFI Cybercriminals are moving faster than we think to weaponize the core element of trust on the Internet: digital certificates. The many fake certificates identified by Netcraft are just the tip of the iceberg. Cybercriminals are ampi...
Hack the SDP - win a trip to DEF CON!
Following the CSA Summit at RSA on Monday Feb 24th, the CSA will be hosting a Software Defined Perimeter workshop and a 'virtual hackathon', open to anyone.The workshop will provide a detailed demo and explanation of SDP, and will kick off the ‘virtual hackathon’ contest, which will last until 3p...
The Launch of the NIST Cybersecurity Framework
by John DiMaria, BSII was one of those invited to attended NIST Cybersecurity Framework launch yesterday at the White House. It was a very nice well organized and positive event.“The Framework is a key deliverable from the Executive Order on “Improving Critical Infrastructure Cybersecurity” that ...
SecureCloud Update: Neelie Kroes, VP of the European Commission to Give Opening Keynote Address
SecureCloud 2014 is now just under two months away and we are excited to announce that Neelie Kroes, Vice President of the European Commission, will be giving the opening keynote address on April 1st.[caption id="attachment_1197" align="alignright" width="307"] Neelie Kroes, VP of the European Co...
Cybersecurity absent during the State of the Union Address
by John DiMaria, BSII was disappointed that there was only a passing mention to cybersecurity at the recent State of the Union Address. As a matter of fact if you took a bite of your popcorn at the wrong time you missed it.I realize the president's address was focused mainly on the economy, but t...
Top Security Questions to Ask Your Cloud Provider
When considering a move to the cloud, there are a number of security questions that should be considered as you select a potential cloud provider. Almost all analyst and industry surveys list privacy and data security as top concern for CIOs and CISOs. Through our years of moving SMBs and large e...
What is the Cloud?
The cloud, aka cloud computing, has many different colloquial definitions, all of which seem to be somewhat different depending on who you are talking to. A few of the different terms you may hear are Software as a Service (SaaS), virtual enterprise, carrier (or service provider) cloud, and I am ...
Browse by Topic
Write for the CSA blog
Submit your blog proposalSign up to receive CSA's latest blogs
This list receives 1-2 emails a month.