Circle
Events
Blog

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
The End of AWS Keys in Slack Channels
Published: 03/31/2022

This blog was originally published by DoControl here. Written by Adam Gavish, DoControl. It’s time for security teams to enforce stronger controls over the sharing of AWS keys in Slack.Slack (and Microsoft Teams) revolutionized the way organizations collaborate efficiently, especially in the work...

Too Much of a Good Thing — Too Much Flexibility in Permission Management is Putting IAM Security at Risk
Published: 01/06/2022

This blog was originally published by Authomize here. Written by Gabriel Avner, Authomize. As cloud services like Salesforce, AWS, and others have grown more robust over time, they have added more options for how IAM security teams can manage their organizations’ access policies.This increased fl...

Capital One Breach: Is Your AWS Environment Just as Susceptible?
Published: 12/20/2021
Author: Erkang Zheng

This blog was originally published on August 9, 2019 by JupiterOne. The Opportunity for Security Teams It’s been a little over a week since the coverage of the Capital One data breach. The impact of 100 million plus records that were compromised breathed gasoline onto the fiery debate as to w...

How to Adhere to the AWS Well Architected Framework
Published: 12/10/2021

Originally Published on Fugue’s Website on November 24, 2021 By Becki Lee, Senior Technical Writer The Amazon Web Services Well-Architected Framework is a set of recommendations AWS provides for designing infrastructure for cloud applications and workloads. By following the guidance in the ...

5 Best Practices to Reduce the Attack Surface in the Cloud
Published: 11/10/2021

This blog was originally published by Virsec here. Written by Matt Ambroziak, Virsec. Over the last 18 months the cloud has gone mainstream. In case you need proof, Gartner forecasts end-user spending on public cloud services to grow 23.1% in 2021 to total $332.3 billion, up from $270 billion...

Top Network Security Mistakes in AWS, and How to Fix Them
Published: 10/18/2021

This blog was originally published by Valtix here. Written by Jigar Shah, Valtix. A Two-part Blog Series and Cloud Security Alliance Webinar In talking with end-user organizations, we’ve seen and heard lots of misconceptions and mistakes over the years – and even espoused a few ourselves. As H...

Unified threat detection for AWS cloud and containers
Published: 05/17/2021

This blog was originally published by Sysdig here.Written by Vicente Herrera García, SysdigImplementing effective threat detection for AWS requires visibility into all of your cloud services and containers. An application is composed of a number of elements: hosts, virtual machines, containers, c...

Locking Down the Security of AWS IAM
Published: 03/18/2021

This blog was originally published by Fugue, Inc. By Becki Lee, Head Technical Writer, Fugue, Inc. This blog post helps cloud engineers think more critically about cloud misconfiguration — why it occurs, how malicious actors exploit it, and ways to prevent it. Why AWS IAM? Cloud misconfig...

Cloud Workload Security: Part 2 - Security Features of AWS
Published: 12/28/2020

Written by IntezerThis article is the second post in our five-part series on security in the cloud today. In Part 1, we discussed what you need to focus on when developing your cloud security strategy, along with some controls you should consider and the best approach for implementing them. The r...

Cloud Workload Security: What You Need to Know - Part 1
Published: 12/21/2020

Written by IntezerCloud proliferation is on the rise, and more than ever before, security teams are on the lookout for solutions that align with evolving cloud security paradigms. Given the evolving threat landscapes and more sophisticated cyber attacks being reported daily, it’s clear that your ...

Cloud Network Security 101 Part 3: Azure Service Endpoints vs. Private Endpoints
Published: 12/01/2020

By Becki Lee, Fugue, Inc.Originally published on Fugue’s Website on October 8, 2020Level: AdvancedReading Time: 4 minutesAzure offers two similar but distinct services to allow virtual network (VNet) resources to privately connect to other Azure services. Azure VNet Service Endpoints and Azure P...

Cloud Network Security 101: Azure Private Link & Private Endpoints
Published: 11/24/2020

By Becki Lee, Fugue, Inc. | Originally published on Fugue’s Website on September 25th, 2020.Azure offers two similar but distinct services to allow virtual network (VNet) resources to privately connect to other Azure services. Azure VNet Service Endpoints and Azure Private Endpoints (powered by ...

AWS Cloud Security Report 2020 for Management: Managing the Rapid Shift to Cloud
Published: 10/14/2020

By CloudPassageNew cloud technologies, including infrastructure as code, containers, and machine learning help organizations increase efficiency and scalability, but also introduce the potential for new security vulnerabilities. As more companies rapidly migrate toward flexible cloud solutions th...

AWS Security Best Practices: Cloud Security Report 2020 for InfoSec
Published: 10/05/2020

By CloudPassageThis year, many companies have made a rapid shift to the cloud in response to the enduring COVID-19 pandemic. By adopting new IaaS and PaaS solutions or expanding their existing footprints in the cloud, companies are able to support a growing work-from-anywhere workforce. However, ...

​Building a Secure Amazon S3 Bucket
Published: 09/23/2020

By Josh Stella, Co-Founder and CTO, FugueOriginally Published at fugue.co/blog on Sept 8, 2020Much has been said about Amazon S3 security on Amazon Web Services (AWS) in the press and technical publications, and much of it is oversimplified and of limited practical use. Amazon S3 is an incredibly...

3 Big Amazon S3 Vulnerabilities You May Be Missing
Published: 06/18/2020

By Drew Wright, Co-Founder Fugue, Inc. When there’s a data breach involving Amazon Web Services (AWS), more often than not it involves the Amazon S3 object storage service. The service is incredibly popular. Introduced way back in 2006 when few knew what the cloud was, S3 is highly scalable, reli...

Cloud Cybersecurity and the Modern Applications (part 2)
Published: 05/27/2020

By Francesco Cipollone, Chair at Cloud Security Alliance UK Chapter and Director at NSC42 Ltd. Use cases and common pitfallsSecurity appliance vendors are still updating their appliances to include typical cloud architecture that integrates into the cloud provider fabric more efficiently. Some ot...

How Traffic Mirroring in the Cloud Works
Published: 07/08/2019

By Tyson Supasatit, Sr. Product Marketing Manage, ExtraHop Learn how Amazon traffic mirroring and the Azure vTAP fulfill the SOC visibility triadAfter years of traffic mirroring not being available in the cloud, between Amazon VPC traffic mirroring and the Azure vTAP, it's finally here! In this l...

AWS Cloud: Proactive Security and Forensic Readiness – Part 5
Published: 05/02/2019

By Neha Thethi, Information Security Analyst, BH Consulting Part 5: Incident Response in AWS In the event your organization suffers a data breach or a security incident, it’s crucial to be prepared and conduct timely investigations. Preparation involves having a plan or playbook at hand, along ...

Rethinking Security for Public Cloud
Published: 02/13/2019

Symantec’s Raj Patel highlights how organizations should be retooling security postures to support a modern cloud environmentBy Beth Stackpole, Writer, SymantecEnterprises have come a long way with cyber security, embracing robust enterprise security platforms and elevating security roles and bes...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.