Register for CSA’s SECtember conference and trainings today


Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
SynLapse – Technical Details for Critical Azure Synapse Vulnerability
Published: 06/28/2022

This blog was originally published by Orca Security on June 14, 2022. Written by Tzah Pahima, Orca Security. One attack vector closed, additional hardening is recommended This blog describes the technical details of SynLapse, in continuation to our previous blog. We waited to publish until now in...

Security Advisory: Insufficient Tenant Separation in Azure Synapse Service
Published: 05/12/2022

This blog was originally published by Orca Security on May 9, 2022. Written by Avi Shua, Orca Security. TL;DROrca Security is issuing this security advisory for CVE-2022-29972 to address hazards in the use of the Microsoft Azure Synapse service. We believe the tenant separation in this service is...

What is a BLOB (Binary Large Object)? Can it be Tokenized?
Published: 05/04/2022

This blog was originally published by TokenEx here. Written by Anni Burchfiel, TokenEx. BLOB Definition BLOB stands for a “Binary Large Object,” a data type that stores binary data. Binary Large Objects (BLOBs) can be complex files like images or videos, unlike other data strings that only store...

AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
Published: 03/29/2022

This blog was originally published by Orca Security here. Written by Yanir Tsarimi, Orca Security. AutoWarp is a critical vulnerability in the Azure Automation service that allowed unauthorized access to other Azure customer accounts using the service. This attack could mean full control over res...

Building a Security Training Testbed for Azure
Published: 11/19/2021

This blog was originally published by Adobe here. Written by Akriti Srivastava, Security Analyst, Adobe OpSec Team. With any cloud platform, a lack of understanding of required security controls and unintentional misconfigurations can bring additional risk to the DevSecOps process. A test envi...

How Can You Protect Yourself from Data Leaks?
Published: 11/03/2021

Written by Romain Coussement, Cloud security expert at Fortica Leaks of sensitive data were prominent in the news in the summer of 2019 and the months that followed. One after the other, large companies saw their customers’ sensitive data exposed on the Internet. How can you mitigate the threat...

5 Common Security Mistakes When Moving to Azure
Published: 10/28/2021

This blog was originally published by Cloudtango here. Written by Jordi Vilanova, Cloudtango. Microsoft Azure is a powerful and wide ecosystem; covering all security aspects of a cloud environment is a complex undertaking. Although Azure is comprehensively secured by Microsoft, it does work based...

5 Best Practices for Securing Microsoft Azure
Published: 03/25/2021

This blog was originally published by OpsCompass.By John Grange from OpsCompass.Cloud adoption has led to a major shift in application security management. Unlike on-premises where the focus is more on perimeter security, cloud deployments demand a more holistic and integrated approach. Ensuring ...

Threat Hunting and Incident Response in Azure Environments
Published: 03/15/2021

This blog was originally published on Garland Technology's website.Contributed by Vijit Nair from Corelight. When cyber-attacks cross the network, grabbing quality and relevant data from network traffic is essential for security operations. This is especially pertinent in cloud environments w...

Cloud Workload Security: Part 3 - Explaining Azure’s Security Features
Published: 01/07/2021

Written by IntezerCloud security management will always remain an ongoing journey, as threats keep evolving and organizations need to keep updating their cloud security strategy. A well-defined set of security controls and categories helps you set a strong baseline in this journey, irrespective o...

Cloud Workload Security: What You Need to Know - Part 1
Published: 12/21/2020

Written by IntezerCloud proliferation is on the rise, and more than ever before, security teams are on the lookout for solutions that align with evolving cloud security paradigms. Given the evolving threat landscapes and more sophisticated cyber attacks being reported daily, it’s clear that your ...

Cloud Network Security 101: Azure Virtual Network Service Endpoints
Published: 11/12/2020

By Becki Lee, Fugue, Inc.Originally published on Fugue’s Website on October 8, 2020Level: AdvancedReading Time: 4 minutesMicrosoft Azure offers two similar but distinct services to allow virtual network (VNet) resources to privately connect to other Azure services. Azure VNet Service Endpoints an...

Cloud Cybersecurity and the Modern Applications (part 2)
Published: 05/27/2020

By Francesco Cipollone, Chair at Cloud Security Alliance UK Chapter and Director at NSC42 Ltd. Use cases and common pitfallsSecurity appliance vendors are still updating their appliances to include typical cloud architecture that integrates into the cloud provider fabric more efficiently. Some ot...

Top 10 Audio/Video Conferencing Security Best Practices
Published: 04/22/2020

By Michael Born, Sr. Security Consultant at SecureSkyWith the recent shift of much of the global workforce to home office work environments, it’s a good time to revisit Audio/Video conferencing security best practices. In this blog we will highlight what we consider the Top 10 ways you can train ...

How Traffic Mirroring in the Cloud Works
Published: 07/08/2019

By Tyson Supasatit, Sr. Product Marketing Manage, ExtraHop Learn how Amazon traffic mirroring and the Azure vTAP fulfill the SOC visibility triadAfter years of traffic mirroring not being available in the cloud, between Amazon VPC traffic mirroring and the Azure vTAP, it's finally here! In this l...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.