Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
​Vendor Management Software Evaluation: How to Get Executive Buy-In

Published: 10/23/2020

For most InfoSec teams, the benefits of a vendor risk management platform are well defined. From making it easier to mitigate third-party risk to ensuring your internal team and external vendors are on the same page, vendor management software is a must-have in today’s open-source, cloud-based en...

What is the Cloud Controls Matrix (CCM)?

Published: 10/16/2020

By Eleftherios Skoutaris, Program Manager for CCM Working Group at Cloud Security AllianceWhat is the Cloud Controls Matrix?The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing. It is a spreadsheet that lists 16 domains covering all key aspects of cloud tec...

Is your vendor platform future proof?

Published: 09/21/2020

By WhisticIn the last few years, the InfoSec and data privacy sectors have grown exponentially. From on-premise hardware and servers to fully adopting cloud-based, SaaS-focused security workflows, the InfoSec world of 2020 looks much different from ten years ago. If you’re like most InfoSec leade...

What is Third Party Risk and Why Does It Matter?

Published: 09/14/2020

By the Whistic TeamIn the world of information security, third party risk is a topic that comes up often. As more and more organizations turn to SaaS-based vendors and move their operations to a cloud-driven environment, third party risk has become one of the most critical topics for an organizat...

Enabling Data Protection and Compliance in the G Suite Environment

Published: 08/21/2020

By Matt Hines, VP of Marketing at CipherCloud & Ishani Sircar, Product Marketing Manager at CipherCloudThe Rise of G Suite and Related Data Security ChallengesWith over 2 billion active users and a market share of 56.97 percent, G Suite is here to stay nd help enable today’s businesses to tac...

What Schrems 2 Means for your Privacy Shield Program

Published: 08/10/2020

By Francoise Gilbert, CEO, DataMinding, Inc.The publication of the EU Court of Justice decision in the Schrems 2 case has left many organizations, worldwide, facing a difficult dilemma. What to do next to ensure the continuity of personal data flows from the European Union or European Economic Ar...

You’ve passed your SOX audit, but is your cloud environment really secure?

Published: 08/10/2020

By Petrina Youhan, Director of Channel Partnerships and Services at HyperproofMany organizations believe their cloud environment is secure because they passed their Sarbanes-Oxley (SOX) audit, but passing an audit doesn’t necessarily mean that your cloud environment is secure. Cloud environments ...

Compliance is the Equal and Opposite Force to Digital Transformation…that’s where DevOps comes in

Published: 08/07/2020

By J. Travis Howerton, Co-Founder and CTO, C2 Labs.This blog is shortened version of the original blog published by C2. For the full length post go here. Digital transformation will reshape all businesses, large and small, over the next decade and beyond; driven by the convergence of major techno...

Upending Old Assumptions in Security

Published: 08/03/2020

By Wendy Nather, Head of Advisory CISOs at DuoEvery time you think you’ve figured out this risk management thing, something else happens to torpedo your hidden assumptions. Remember when we assumed that an IP address was a pretty good indicator of someone’s physical location and origin, so a netw...

​Schrems 2 – 12 FAQs Published by the EDPB but Little Practical Guidance

Published: 07/24/2020

By Francoise Gilbert, CEO, DataMinding, Inc.Since the publication of the European Court of Justice (EUCJ) decision in the Schrems 2 case, businesses located on both sides of the Atlantic, and around the world, have been attempting to determine how they should interpret and act upon the decision. ...

Creating an Integrated Security System with the CSA STAR Program

Published: 07/13/2020

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceThe more complex systems become, the less secure they are, even though security technologies improve. There are many reasons for this, but it can all be traced back to the problem of complexity. Why? Because we give a lot of ...

Data Discovery to Rescue Historical Data from Compliance Violations

Published: 07/01/2020

By Ishani Sircar, Product Marketing Manager at CipherCloudAs technology evolved and the world migrated to the cloud, the amount of data in the cloud increased at a rapid pace and most organizations in trying to keep pace overlooked security best practices. Organizations are sitting on tons of hi...

Why use the CAIQ for vendor analysis vs. other questionnaires?

Published: 04/04/2020

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceSecurity assessments, security questionnaires, vendor assessments, RFPs are all unavoidable in today’s world of cloud computing and drain valuable resources and time when completing them. However, they’re a big part of closin...

Using Open Policy Agent (OPA) to Apply Policy-as-Code to Infrastructure-as-Code

Published: 04/02/2020

Originally published as: Pre-deployment Compliance Checks with Regula and Terraform By Becki Lee, Senior Technical Writer, Fugue, Inc. Infrastructure-as-code is a programmatic way of defining and provisioning cloud resources. By treating infrastructure configuration as code, you can apply progr...

Cloud Security for Newly Distributed Engineering Teams

Published: 03/23/2020

By the Fugue Team in collaboration with Dave Williams, cloud architect at New Light Technologies.Employers across the U.S. and around the world are rapidly shifting to a mandatory work-from-home (WFH) arrangement to help slow the spread of the coronavirus (COVID-19). Even for organizations alread...

Continuous Auditing and Continuous Certification

Published: 03/20/2020

By Alain Pannetrat, Senior Researcher at Cloud Security Alliance and Founder of Omzlo.comFor some cloud customers in sensitive or highly-regulated industries, such as banking or healthcare, “traditional” annual or bi-annual audits do not provide enough assurance to move to the cloud. To address t...

Using Open Policy Agent (OPA) to Develop Policy as Code for Cloud Infrastructure

Published: 02/21/2020

By Becki Lee, Senior Technical writer at Fugue, Inc Originally published as: Interactively Debugging the Rego Policy Language with Frego Policy as code is an effective way to uniformly define, maintain, and enforce security and compliance standards in the cloud. Treating policy like code means ...

Using SOC Reports for Cloud Security and Privacy

Published: 02/10/2020

By Ashwin Chaudhary, Chief Executive Officer, Accedere Inc Data security and privacy are increasingly challenging in today’s cloud-based environments. Many organizations are storing a significant amount of data in distributed and hybrid cloud and even unmanaged environments, increasing challenge...

Joint Controllership: A Collection of Recent Guidance

Published: 01/03/2020

This blog was originally published www.paolobalboni.eu. By Paolo Balboni, Top-tier ICT, privacy & data protection lawyer and Founding Partner of ICT Legal Consulting.Article 26 GDPR on Joint controllers determines that, “Where two or more controllers jointly determine the purposes and means o...

​Keeping Up With Changing Technology by Reducing Complexity

Published: 11/15/2019

By John DiMaria; CSSBB, HISP, MHISP, AMBCI, CERP, CSA Research Fellow, Assurance Investigatory Fellow, Cloud Security Alliance Fox News reported that in answer to the previous Boeing 737 accidents, the Federal safety officials say, “Boeing should consider how cockpit confusion can slow the res...

Browse by Topic