Industry Insights
Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Capital One Breach: Is Your AWS Environment Just as Susceptible?
This blog was originally published on August 9, 2019 by JupiterOne. The Opportunity for Security Teams It’s been a little over a week since the coverage of the Capital One data breach. The impact of 100 million plus records that were compromised breathed gasoline onto the fiery debate as to w...
How to Adhere to the AWS Well Architected Framework
Originally Published on Fugue’s Website on November 24, 2021 By Becki Lee, Senior Technical Writer The Amazon Web Services Well-Architected Framework is a set of recommendations AWS provides for designing infrastructure for cloud applications and workloads. By following the guidance in the ...
5 Best Practices to Reduce the Attack Surface in the Cloud
This blog was originally published by Virsec here. Written by Matt Ambroziak, Virsec. Over the last 18 months the cloud has gone mainstream. In case you need proof, Gartner forecasts end-user spending on public cloud services to grow 23.1% in 2021 to total $332.3 billion, up from $270 billion...
Top Network Security Mistakes in AWS, and How to Fix Them
This blog was originally published by Valtix here. Written by Jigar Shah, Valtix. A Two-part Blog Series and Cloud Security Alliance Webinar In talking with end-user organizations, we’ve seen and heard lots of misconceptions and mistakes over the years – and even espoused a few ourselves. As H...
Unified threat detection for AWS cloud and containers
This blog was originally published by Sysdig here.Written by Vicente Herrera García, SysdigImplementing effective threat detection for AWS requires visibility into all of your cloud services and containers. An application is composed of a number of elements: hosts, virtual machines, containers, c...
Locking Down the Security of AWS IAM
This blog was originally published by Fugue, Inc. By Becki Lee, Head Technical Writer, Fugue, Inc. This blog post helps cloud engineers think more critically about cloud misconfiguration — why it occurs, how malicious actors exploit it, and ways to prevent it. Why AWS IAM? Cloud misconfig...
Cloud Workload Security: Part 2 - Security Features of AWS
Written by IntezerThis article is the second post in our five-part series on security in the cloud today. In Part 1, we discussed what you need to focus on when developing your cloud security strategy, along with some controls you should consider and the best approach for implementing them. The r...
Cloud Workload Security: What You Need to Know - Part 1
Written by IntezerCloud proliferation is on the rise, and more than ever before, security teams are on the lookout for solutions that align with evolving cloud security paradigms. Given the evolving threat landscapes and more sophisticated cyber attacks being reported daily, it’s clear that your ...
Cloud Network Security 101 Part 3: Azure Service Endpoints vs. Private Endpoints
By Becki Lee, Fugue, Inc.Originally published on Fugue’s Website on October 8, 2020Level: AdvancedReading Time: 4 minutesAzure offers two similar but distinct services to allow virtual network (VNet) resources to privately connect to other Azure services. Azure VNet Service Endpoints and Azure P...
Cloud Network Security 101: Azure Private Link & Private Endpoints
By Becki Lee, Fugue, Inc. | Originally published on Fugue’s Website on September 25th, 2020.Azure offers two similar but distinct services to allow virtual network (VNet) resources to privately connect to other Azure services. Azure VNet Service Endpoints and Azure Private Endpoints (powered by ...
AWS Cloud Security Report 2020 for Management: Managing the Rapid Shift to Cloud
By CloudPassageNew cloud technologies, including infrastructure as code, containers, and machine learning help organizations increase efficiency and scalability, but also introduce the potential for new security vulnerabilities. As more companies rapidly migrate toward flexible cloud solutions th...
AWS Security Best Practices: Cloud Security Report 2020 for InfoSec
By CloudPassageThis year, many companies have made a rapid shift to the cloud in response to the enduring COVID-19 pandemic. By adopting new IaaS and PaaS solutions or expanding their existing footprints in the cloud, companies are able to support a growing work-from-anywhere workforce. However, ...
Building a Secure Amazon S3 Bucket
By Josh Stella, Co-Founder and CTO, FugueOriginally Published at fugue.co/blog on Sept 8, 2020Much has been said about Amazon S3 security on Amazon Web Services (AWS) in the press and technical publications, and much of it is oversimplified and of limited practical use. Amazon S3 is an incredibly...
3 Big Amazon S3 Vulnerabilities You May Be Missing
By Drew Wright, Co-Founder Fugue, Inc. When there’s a data breach involving Amazon Web Services (AWS), more often than not it involves the Amazon S3 object storage service. The service is incredibly popular. Introduced way back in 2006 when few knew what the cloud was, S3 is highly scalable, reli...
Cloud Cybersecurity and the Modern Applications (part 2)
By Francesco Cipollone, Chair at Cloud Security Alliance UK Chapter and Director at NSC42 Ltd. Use cases and common pitfallsSecurity appliance vendors are still updating their appliances to include typical cloud architecture that integrates into the cloud provider fabric more efficiently. Some ot...
How Traffic Mirroring in the Cloud Works
By Tyson Supasatit, Sr. Product Marketing Manage, ExtraHop Learn how Amazon traffic mirroring and the Azure vTAP fulfill the SOC visibility triadAfter years of traffic mirroring not being available in the cloud, between Amazon VPC traffic mirroring and the Azure vTAP, it's finally here! In this l...
AWS Cloud: Proactive Security and Forensic Readiness – Part 5
By Neha Thethi, Information Security Analyst, BH Consulting Part 5: Incident Response in AWS In the event your organization suffers a data breach or a security incident, it’s crucial to be prepared and conduct timely investigations. Preparation involves having a plan or playbook at hand, along ...
Rethinking Security for Public Cloud
Symantec’s Raj Patel highlights how organizations should be retooling security postures to support a modern cloud environmentBy Beth Stackpole, Writer, SymantecEnterprises have come a long way with cyber security, embracing robust enterprise security platforms and elevating security roles and bes...
AWS Cloud: Proactive Security and Forensic Readiness – Part 4
Part 4: Detective Controls in AWSBy Neha Thethi, Information Security Analyst, BH Consulting Security controls can be either technical or administrative. A layered security approach to protecting an organization’s information assets and infrastructure should include preventative controls, detect...
Avoiding Holes in Your AWS Buckets
By Sanjay Kalra, CPO & Co-Founder, Lacework Enterprises are moving to the cloud at a breathtaking pace, and they’re taking valuable data with them. Hackers are right behind them, hot on the trail of as much data as they can steal. The cloud upends traditional notions of networks and hosts,...
Browse by Topic
Write for the CSA blog
Submit your blog proposalSign up to receive CSA's latest blogs
This list receives 1-2 emails a month.