Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Cloud 101
Circle
Events
Blog
Sign In

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Home
Industry Insights
The Challenges of Cloud Detection and Response
Published: 03/13/2023

Originally published by TrueFort. Written by Nik Hewitt. Detecting unexpected behavior in a cloud environment is often challenging due to the lack of instrumentation and the continual churn of devices and applications. Being able to separate legitimate attacks from everyday ‘noise’ is a critical ...

Ransomware Recovery: RTO and Optimizing the Recovery Process
Published: 03/13/2023

Originally published by Rubrik. Written by James Knott and Steve Stone. Recovery Time Objectives (RTOs) are on everyone’s mind. It bears repeating, one of the most fundamental ways to reduce recovery time from a ransomware or cybersecurity attack is being well prepared and ready to take actions q...

Definitive Guide to Hybrid Clouds, Chapter 5: Threat Detection and Response in the Hybrid Cloud
Published: 03/02/2023

Originally published by Gigamon. Written by Stephen Goudreault, Gigamon.Editor’s note: This post explores Chapter 3 of the “Definitive Guide™ to Network Visibility and Analytics in the Hybrid Cloud.” Read Chapter 1, Chapter 2, Chapter 3, and check back for future posts covering Chapters 6 and 7.F...

10 SaaS Governance Best Practices to Protect Your Data
Published: 02/17/2023

Written by the SaaS Governance Working Group. In the context of cloud security, the focus is almost always on securing Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) environments. This is despite the reality that while organizations tend to consume 2-3 IaaS providers, they ar...

CircleCI Cybersecurity Incident Hunting Guide
Published: 01/30/2023

Originally published by Mitiga. Written by Doron Karmi, Deror Czudnowski, Ariel Szarf, and Or Aspir, Mitiga. On January 4, CircleCI published a statement announcing the investigation of a security incident. In this technical blog, we will share how to hunt for malicious behavior that may be cause...

What is a Cloud Incident Response Plan?
Published: 01/28/2023

Written by the Cloud Incident Response Working Group. In today’s connected era, a comprehensive incident response strategy is an integral aspect of any organization aiming to manage and lower its risk profile. Many organizations and enterprises without a solid incident response plan have been rud...

Designing for Recovery: Infrastructure in the Age of Ransomware
Published: 01/23/2023

Originally published by Nasuni. Written by Joel Reich, Nasuni. The menace of ransomware is driving increased security spending as organizations try to harden their systems against potential attacks, but ransomware is a new kind of threat. You can’t simply deploy tools to defend against the malwar...

SANS 2022 Cloud Security Survey, Chapter 3: How Do Enterprises Keep Their Cloud Infrastructure Secure?
Published: 01/18/2023

Originally published by Gigamon.Editor’s note: This post explores Chapter 3 of the SANS 2022 Cloud Security Survey. Read Chapter 1 and Chapter 2. And check back or future posts covering Chapter 4.There’s been a cloud land rush over the past few years as more and more organizations move compute an...

Be Prepared to Neutralize Cyberattacks When – Not If – They Happen
Published: 12/22/2022

Originally published by Titaniam. Businesses today are under the constant threat of cyberattacks from ransomware and extortion. 68% of business leaders feel their risk of a cyberattack is increasing, according to Accenture.For years, enterprise-level organizations have relied on data protection p...

Data Center Resilience and Risk Assessment
Published: 11/15/2022

Originally published by ShardSecure. Written by Marc Blackmer, VP of Marketing, ShardSecure. What is data resilience? A multifaceted endeavor, data resilience can include data integrity and availability, cluster storage, regular testing, disaster recovery, redundancy, backups, and more. As TA...

Uber Cybersecurity Incident: Which Logs Do IR Teams Need to Focus On?
Published: 11/15/2022

Originally published by Mitiga. Written by Or Aspir, Mitiga. On September the 16th, Uber announced they experienced a major breach in their organization in which malicious actor was able to log in and take over multiple services and internal tools used at Uber.In this incident, the attacker annou...

Incident Detection and Response in the Cloud
Published: 11/08/2022

Written by Lior Zatlavi, Senior Cloud Security Architect, Ermetic. Cloud technology is not the future of business. Not anymore; now it’s the present. Businesses born today are often cloud-native, and older businesses are migrating their workloads to the cloud, looking for agility and efficien...

Responding to and Recovering from a Ransomware Attack
Published: 10/22/2022
Author: Megan Theimer

Thanks to Dr. Jim Angle, Michael Roza, and Vince Campitelli After learning what ransomware is, how to protect your organization against it, and how to detect it, it’s time to learn how to respond and recover if a ransomware attack occurs. In this blog, we’ll explain how to mitigate and contain a ...

7 Best Practices for Cloud Incident Response
Published: 10/18/2022

Originally published by Mitiga here. Written by Matthew Stephen, Mitiga. You may have heard the saying that it is not a matter of “if” but “when” you will experience a breach. An attack could be targeted or opportunistic, performed by a nation-state or a less sophisticated threat actor, focused o...

Why is Data Resilience Important?
Published: 10/18/2022

Originally published by ShardSecure here. Written by Marc Blackmer, VP of Marketing, ShardSecure. What is data resilience? Data resilience can mean different things to different organizations. As a Carnegie Mellon University literature review notes, the concept of resilience is often used inf...

The Ripple Effect of a Data Breach
Published: 09/27/2022

Originally published by PKWARE here. The after effects of a data breach can reach far and wide. Lesser seen impact can include the cost of remediation, revenue loss, reputational harm, national security, even human life. The ripple effect of indirect costs—monetary and otherwise—can end up impact...

How Can Transit Gateway VPC Flow Logs Help My Incident & Response Readiness?
Published: 08/26/2022

Originally published by Mitiga here. Written by Or Aspir, Mitiga. On July 14th 2022, AWS announced a new capability: flow logs for Transit Gateway. Transit Gateway VPC flow logs allows users to gain more visibility and insights into network traffic on the Transit Gateway.AWS highlights these ...

Rise of Cloud Computing Adoption and Cybercrimes
Published: 08/24/2022

Originally published by HCL Technologies here.Written by Sam Thommandru, VP, Global Alliances and Product Management, Cybersecurity & GRC Services, HCL Technologies. The COVID-19 pandemic has caused a major disruption in the business leaders’ perspectives of their company’s’ requirements. A surve...

An Overview on the Modern, Cloud-Native SOC Platform
Published: 08/15/2022

Originally published by Panther here. Written by Mark Stone, Panther. For the modern security team, the concepts of Security Operations Center (SOC) and Security Information and Event Management (SIEM) are well known and have become increasingly crucial. To defend against the wide range of cyber ...

An Overview of TDIR: Threat Detection and Incident Response
Published: 08/04/2022

Originally published by Panther here. Today, countless solutions support threat detection. This is great news, but the market is saturated with different solutions and many different acronyms. One of the more recent acronyms to gain traction is threat detection and incident response (TDIR). This ...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.

1
Last »