Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Train my entire team
Get Involved
Become an Instructor
Become a Training Partner
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Train my entire team
Get Involved
Become an Instructor
Become a Training Partner
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Cloud 101
Circle
Events
Blog
Sign In

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Home
Industry Insights
Threats of Russia Cyber Attacks Following Invasion of Ukraine
Published: 05/19/2022

This blog was originally published by BlueVoyant here.In the wake of Russia’s invasion of Ukraine, cyber experts predicted a surge in cyber activity. While BlueVoyant has observed an increase in reported adversarial activity associated with Russia-based threat actors, cyber attacks to date are mo...

PCI DSS Version 4.0: Responding to Sensitive Data Discovery Incidents
Published: 05/12/2022

This blog was originally published by PKWARE here. Written by Marc Punzirudu, Field CTO, PKWARE. At the end of March, the PCI Standards Security Council (PCI SSC) publicly released the most recent update to the PCI Data Security Standards (DSS), version 4.0. While much speculation has occurred ...

The North Star Your Cloud Strategy Needs
Published: 02/25/2022

This blog was originally published by Booz Allen here. Written by Delie Minaie, Booz Allen. Orient cloud success around mission assuranceAs IT leaders throughout the federal government look to guide their agencies toward enterprise-wide cloud maturity, they are met with endless choices regarding ...

From the Trenches: Common-Sense Measures to Prevent Cloud Incidents - Part 2
Published: 02/16/2022

Written by Omri Segev Moyal & Brenton Morris, Profero - Rapid IRIntroduction In part one of this series, we discussed some specific incidents that we at Profero have dealt with in the past and some ways in which attackers can take advantage of cloud environments during an incident. In part two w...

From the Trenches: Common-Sense Measures to Prevent Cloud Incidents - Part 1
Published: 02/10/2022

Written by Omri Segev Moyal & Brenton Morris, Profero - Rapid IR Introduction As an incident response team, we see a lot of cloud breaches that could have been prevented. Adequate protection requires in-depth knowledge of the cloud provider and its APIs and ample preparation. In cases when a co...

How the Incident Response Lifecycle Changes for Cloud
Published: 11/13/2021
Author: Nicole Krenz

Incident Response (IR) is a critical facet of any information security system. Most organizations have some sort of IR plan to govern how they will investigate an attack, but as the cloud presents distinct differences in both access to forensic data and governance, organizations must consider how...

President Biden’s Cybersecurity Executive Order: What will it mean for you?
Published: 06/01/2021

This blog was originally published by OneTrust here.On May 12, US President Joe Biden issued an executive order on cybersecurity seeking to improve the state of national cybersecurity in the US and to increase protection of government networks following incidents involving SolarWinds and more rec...

Incident Response and Knowing When to Automate
Published: 03/24/2021

This blog was originally published on Vectra.ai Measuring and improving total time of response is easier said than done. The reality is many organizations do not know their existing state of readiness to be able to respond to a cybersecurity incident in a fast, effective manner. And most don’t...

Planning Through Recovery: Five Things to Keep in Mind
Published: 03/23/2021

By Bryan Sartin, Senior Vice President, Chief Services Officer, eSentirePlanning is everything. Just ask the Boy Scouts. While being caught in a downpour without an umbrella is certainly inconvenient, maybe even unpleasant, it pales in comparison to your organization experiencing a significant da...

Incident Response and the Need for Speed
Published: 03/16/2021

This blog was originally published on Vectra.ai When a cyberattack occurs, most aspects of the threat are not under the control of a targeted organization. These range from who is targeting them, what is the motivation, where and when the attack occurs, how well-equipped and skilled that attac...

Threat Hunting and Incident Response in Azure Environments
Published: 03/15/2021

This blog was originally published on Garland Technology's website.Contributed by Vijit Nair from Corelight. When cyber-attacks cross the network, grabbing quality and relevant data from network traffic is essential for security operations. This is especially pertinent in cloud environments w...

SolarWinds, GitHub Leaks and Securing the Software Supply Chain
Published: 01/11/2021

Written by BluBracketThe massive cybersecurity breach from SolarWinds by now has reached everyone in our industry’s attention. It’s a truly wide-spread and dangerous breach that, at least from what we know now, is an example of two trends in cybersecurity that frankly need more attention by any c...

Lessons Learned from GoDaddy’s Email Phishing Simulation Debacle
Published: 01/08/2021

Written By: Omer Taran, Co-founder & CTO, CybeReadyCISOs and security teams know that running phishing simulations is a tricky business. As security professionals who deal with employee training, one thing we can do to avoid taking the wrong turn is learn from each other’s mistakes. Above anythin...

SolarWinds - How Cybersecurity Teams Should Respond
Published: 12/16/2020

By Paul Kurtz Co-founder and Executive Chairman, TruSTAR Technology SolarWinds perhaps represents the most severe hack of the digital age. The playbook of our adversaries continues to evolve, but defenders are losing, and the gap is widening. Discussion of imposing consequences on adversaries see...

Cloud Incident Response: Guideline for the Dark Cloudy Days
Published: 04/22/2020

By Prof. Alex SIOW, Professor (Practice) in the School of Computing, NUS & LIM Soon Tein, Vice President, IT, ST Engineering ElectronicsGiven today’s evolving threat landscape, incident response (IR) strategy for safeguarding is no longer optional. In 2019 alone, the cloud realm saw countless not...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.

« First
2