Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Cloud Security for Newly Distributed Engineering Teams

Published: 03/23/2020

By the Fugue Team in collaboration with Dave Williams, cloud architect at New Light Technologies.Employers across the U.S. and around the world are rapidly shifting to a mandatory work-from-home (WFH) arrangement to help slow the spread of the coronavirus (COVID-19). Even for organizations alread...

Continuous Auditing and Continuous Certification

Published: 03/20/2020

By Alain Pannetrat, Senior Researcher at Cloud Security Alliance and Founder of Omzlo.comFor some cloud customers in sensitive or highly-regulated industries, such as banking or healthcare, “traditional” annual or bi-annual audits do not provide enough assurance to move to the cloud. To address t...

Using Open Policy Agent (OPA) to Develop Policy as Code for Cloud Infrastructure

Published: 02/21/2020

By Becki Lee, Senior Technical writer at Fugue, Inc Originally published as: Interactively Debugging the Rego Policy Language with Frego Policy as code is an effective way to uniformly define, maintain, and enforce security and compliance standards in the cloud. Treating policy like code means ...

Using SOC Reports for Cloud Security and Privacy

Published: 02/10/2020

By Ashwin Chaudhary, Chief Executive Officer, Accedere Inc Data security and privacy are increasingly challenging in today’s cloud-based environments. Many organizations are storing a significant amount of data in distributed and hybrid cloud and even unmanaged environments, increasing challenge...

​Keeping Up With Changing Technology by Reducing Complexity

Published: 11/15/2019

By John DiMaria; CSSBB, HISP, MHISP, AMBCI, CERP, CSA Research Fellow, Assurance Investigatory Fellow, Cloud Security Alliance Fox News reported that in answer to the previous Boeing 737 accidents, the Federal safety officials say, “Boeing should consider how cockpit confusion can slow the res...

CMMC – the New Protocol Droid for DoD Compliance

Published: 11/06/2019

By Doug Barbin - Cybersecurity Practice Leader at Schellman & Company, LLCA long time ago in a galaxy exactly ours…There was 800-171. For some time, the US Department of Defense has been working to revise its funding procurement procedures referred to as the Defense Acquisition Regulation...

4 Reasons Why IT Supervision is a Must in Content Collaboration

Published: 07/23/2019

By István Molnár, Compliance Specialist, TresoritFor many organizations, workflow supervision is one of the biggest challenges to solve. Ideally users should be properly managed and monitored but sadly, countless organizations suffer from a lack of IT supervision. As a result, there is no telling...

Happy Birthday GDPR! – Defending Against Illegitimate Complaints

Published: 05/22/2019

By John DiMaria; CSSBB, HISP, MHISP, AMBCI, CERP, Assurance Investigatory Fellow – Cloud Security Alliance On May 25th we will celebrate the first birthday of GDPR. Yes, one year ago GDPR was sort of a four-letter word (or acronym if you will). People were in a panic of how they were going t...

12 Ways Cloud Upended IT Security (And What You Can Do About It)

Published: 03/25/2019

This article was originally published on Fugue's blog here.By Andrew Wright, Co-founder & Vice President of Communications, FugueThe cloud represents the most disruptive trend in enterprise IT over the past decade, and security teams have not escaped turmoil during the transition. It’s unders...

Continuous Auditing - STAR Continuous - Increasing Trust and Integrity

Published: 03/19/2019

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceAs a SixSigma Black Belt I was brought up over the years with the philosophy of continual monitoring and improvement, moving from a reactive state to a preventive state. Actually, I wrote a white paper a couple of years ag...

OneTrust and Cloud Security Alliance Partner to Launch Free Vendor Risk Tool for CSA Members

Published: 12/04/2018

By Gabrielle Ferree, Public Relations and Marketing Manager, OneTrust OneTrust is excited to announce that we have partnered with Cloud Security Alliance to launch a free Vendor Risk Management (VRM) tool. The tool, available to CSA members today, automates the vendor risk lifecycle for compli...

PCI Compliance for Cloud Environments: Tackle FIM and Other Requirements with a Host-Based Approach

Published: 09/19/2018

By Patrick Flanders, Director of Marketing, Lacework Compliance frameworks and security standards are necessary, but they can be a burden on IT and security teams. They provide structure, process, and management guidelines that enable businesses to serve customers and interoperate with other org...

Firmware Integrity in the Cloud Data Center

Published: 06/12/2018

By John Yeoh, Research Director/Americas, Cloud Security AllianceAs valued members, we wanted you to be among the first to hear about the newest report out from CSA—Firmware Integrity in the Cloud Data Center, in which key cloud providers and datacenter development stakeholders share their though...

Towards a “Permanent Certified Cloud”: Monitoring Compliance in the Cloud with CTP 3.0

Published: 01/29/2013

Cloud services can be monitored for system performance but can they also be monitored for compliance? That’s one of the main questions that the Cloud Trust Protocol aims to address in 2013. Compliance and transparency go hand in hand. The Cloud Trust Protocol (CTP) is designed to allow cloud cu...

Browse by Topic