Circle
Events
Blog

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
CCSK Success Stories: From a CISO and Chief Privacy Officer
Published: 07/01/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

What is the CSA Cloud Controls Matrix and Why Should Everyone on the Cloud Care?
Published: 07/01/2022

This blog was originally published by Pivot Point Security here. If you’re not on the cloud you must be very afraid of heights. With nearly 100% of businesses now using cloud services, how are cloud service providers (CSPs) proving to customers and other stakeholders that they are secure?To talk ...

Definitive Guide to Kubernetes Admission Controller
Published: 06/30/2022

This blog was originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO.What is Kubernetes Admission Controller?Kubernetes Admission Controller is an advanced plugin for gating and governing the configuration changes and workload deployment in a cluster. Admission Contr...

Understanding Compliance Platform Capabilities: Black Box Automation Has its Limitations
Published: 06/29/2022

This blog was originally published by Coalfire here.Written by Dixon Wright, VP of Product Management, Coalfire.Compliance is hard. It is not a “black box” of opaque inputs and outputs, where systems and data are hidden and where users are oblivious to their inner workings. There has yet to be a ...

What to Look for in a CNAPP Solution
Published: 06/24/2022

Written by Aqua Security. As large-scale cloud native deployments become more prevalent, enterprises are trying to bring greater efficiency and speed to cloud native security. To do this, they’re moving to shift security left, implementing intelligent automation, cloud security posture management...

Security as a Differentiator: How to Market the Secure Customer Experience
Published: 06/23/2022

This blog was originally published by Coalfire here.Written by Nathan DeMuth, Vice President, Cloud Services, Coalfire.Leveraging software development lifecycle security as a go-to-market differentiator is imperative in setting companies apart from competitors. As Coalfire’s Cloud Advisory Board ...

Answers to Common Questions About the Applicability of the PCI DSS to Service Providers
Published: 06/22/2022

This blog was originally published by Weaver here. Written by Kyle Morris, Senior Manager, Weaver. How does the Payment Card Industry (PCI) Data Security Standard (DSS) apply to service providers? Service providers are entities that are directly involved in the storing, processing, or transmittin...

How to Prepare for a Salesforce Permissions Audit
Published: 06/22/2022

This blog was originally published by Varonis here. Written by Mike Mason, Varonis. Salesforce holds a wealth of customer data — and Salesforce audits are becoming a priority for organizations that want to ensure that information is kept secure and within the guardrails of privacy law.Audits are ...

Pros and Cons of a C5 Examination
Published: 06/16/2022

This blog was originally published by Schellman here. Written by Kristen Wilbur, Schellman. When Daenerys Targaryen made the decision to march north with Jon Snow in HBO’s Game of Thrones, she weighed the pros and the cons. The pros? Possibly saving the world. The cons? Dying in a mass ice zombie...

Runtime Protection: The Secret Weapon for Stopping Breaches in the Cloud
Published: 06/14/2022

This blog was originally published by CrowdStrike here. Written by David Puzas, CrowdStrike. Mistakes are easy to make, but in the world of cloud computing, they aren’t always easy to find and remediate without help. Cloud misconfigurations are frequently cited as the most common causes of breach...

What is the Principle of Least Privilege And Why Do You Need it?
Published: 06/08/2022

Written by Authomize. The Principle of Least Privilege is just as it sounds. It is the principle of having users across an organization being given the lowest level of access that they need in order to perform their required tasks across a cloud environment.Least Privilege: Why It’s Important Imp...

How to Perform a Risk Assessment Ahead of a SOC 2: 5 Steps
Published: 06/03/2022

This blog was originally published by Schellman here. Written by Drew Graham, Senior Associate, Schellman. When Alex Honnold scaled El Capitan in Yosemite without any kind of rope, his assessment of the risk was pretty simple.Sure, he saw falling off the face of a mountain as a “high consequence”...

Essential Cloud Security & Compliance Tips from CSA
Published: 06/02/2022

This blog was originally published by Pivot Point Security here.Even before the pandemic, the majority of businesses were already moving to the cloud. Now, it seems you can’t do business without it. This means cloud security and compliance are more important than ever.That’s why I’m speaking to o...

PCI DSS Version 4.0: Managing Your Scope for “Significant Change”
Published: 05/24/2022

This blog was originally published by PKWARE here. Written by Marc Punzirudu, Field CTO, PKWARE. After a few delays, PCI DSS version 4.0 was finally announced publicly on March 31, 2022. While entities may still use PCI DSS v3.2.1 until its retirement date on March 31, 2024, there are some not...

What Is Payment Orchestration?
Published: 05/24/2022

This blog was originally published by TokenEx here.Written by Valerie Hare, Content Marketing Specialist at TokenEx.The Payment Orchestration for Global Commerce indicates that the global market for payment orchestration platforms (POPs) is expected to grow by 20 percent each year from 2021 to 20...

Understanding the Updates to Risk Management in PCI DSS v4.0
Published: 05/23/2022

This blog was originally published by Schellman here. Written by David Moody, Schellman. Formula One legend Ayrton Senna once said this about racing: “I don't know driving in another way which isn't risky. Each driver has its limit. My limit is a little bit further than others.” It’s safe to...

CISO to CISO: 3 Practical Tips to Protect Your Data in the Cloud
Published: 05/20/2022

Written by Marc Blackmer, ShardSecure. The explosion of remote work over the last two years has driven the rapid adoption of cloud services and, with that, a rise in threats and risk to enterprise data. Now that we know a hybrid work model is here to stay, organizations need to better understand ...

PCI DSS Version 4.0: Responding to Sensitive Data Discovery Incidents
Published: 05/12/2022

This blog was originally published by PKWARE here. Written by Marc Punzirudu, Field CTO, PKWARE. At the end of March, the PCI Standards Security Council (PCI SSC) publicly released the most recent update to the PCI Data Security Standards (DSS), version 4.0. While much speculation has occurred ...

Accelerating Transaction Success by Applying Zero Trust Principles to Mergers, Acquisitions, and Divestitures
Published: 05/03/2022

This blog was originally published by CXO REvolutionaries here. Written by Stephen Singh, Global Vice President, M&A/Divestiture and ITO Strategy, Planning, and Implementation, Zscaler. Mergers, acquisitions, and divestitures create value by seizing chances to drive growth, enhance margins, build...

Who Owns Third-Party Risks: Breaking Down Management and Compliance Silos
Published: 05/03/2022

This blog was originally published by OneTrust here. Third-party risk management (TPRM) can have a different meaning for different business units, but one thing is for certain: visibility and proper oversight is an absolute must. There are a variety of stakeholders in the business who require...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.