Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
What Schrems 2 Means for your Privacy Shield Program

Published: 08/10/2020

By Francoise Gilbert, CEO, DataMinding, Inc.The publication of the EU Court of Justice decision in the Schrems 2 case has left many organizations, worldwide, facing a difficult dilemma. What to do next to ensure the continuity of personal data flows from the European Union or European Economic Ar...

You’ve passed your SOX audit, but is your cloud environment really secure?

Published: 08/10/2020

By Petrina Youhan, Director of Channel Partnerships and Services at HyperproofMany organizations believe their cloud environment is secure because they passed their Sarbanes-Oxley (SOX) audit, but passing an audit doesn’t necessarily mean that your cloud environment is secure. Cloud environments ...

Compliance is the Equal and Opposite Force to Digital Transformation…that’s where DevOps comes in

Published: 08/07/2020

By J. Travis Howerton, Co-Founder and CTO, C2 LabsDigital transformation will reshape all businesses, large and small, over the next decade and beyond; driven by the convergence of major technology shifts in cloud, mobile, social, Artificial Intelligence (AI), Machine Learning (ML), DevOps, Robot...

Upending Old Assumptions in Security

Published: 08/03/2020

By Wendy Nather, Head of Advisory CISOs at DuoEvery time you think you’ve figured out this risk management thing, something else happens to torpedo your hidden assumptions. Remember when we assumed that an IP address was a pretty good indicator of someone’s physical location and origin, so a netw...

​Schrems 2 – 12 FAQs Published by the EDPB but Little Practical Guidance

Published: 07/24/2020

By Francoise Gilbert, CEO, DataMinding, Inc.Since the publication of the European Court of Justice (EUCJ) decision in the Schrems 2 case, businesses located on both sides of the Atlantic, and around the world, have been attempting to determine how they should interpret and act upon the decision. ...

Creating an Integrated Security System with the CSA STAR Program

Published: 07/13/2020

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceThe more complex systems become, the less secure they are, even though security technologies improve. There are many reasons for this, but it can all be traced back to the problem of complexity. Why? Because we give a lot of ...

Data Discovery to Rescue Historical Data from Compliance Violations

Published: 07/01/2020

By Ishani Sircar, Product Marketing Manager at CipherCloudAs technology evolved and the world migrated to the cloud, the amount of data in the cloud increased at a rapid pace and most organizations in trying to keep pace overlooked security best practices. Organizations are sitting on tons of hi...

Why use the CAIQ for vendor analysis vs. other questionnaires?

Published: 04/04/2020

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceSecurity assessments, security questionnaires, vendor assessments, RFPs are all unavoidable in today’s world of cloud computing and drain valuable resources and time when completing them. However, they’re a big part of closin...

Using Open Policy Agent (OPA) to Apply Policy-as-Code to Infrastructure-as-Code

Published: 04/02/2020

Originally published as: Pre-deployment Compliance Checks with Regula and Terraform By Becki Lee, Senior Technical Writer, Fugue, Inc. Infrastructure-as-code is a programmatic way of defining and provisioning cloud resources. By treating infrastructure configuration as code, you can apply progr...

Cloud Security for Newly Distributed Engineering Teams

Published: 03/23/2020

By the Fugue Team in collaboration with Dave Williams, cloud architect at New Light Technologies.Employers across the U.S. and around the world are rapidly shifting to a mandatory work-from-home (WFH) arrangement to help slow the spread of the coronavirus (COVID-19). Even for organizations alread...

Continuous Auditing and Continuous Certification

Published: 03/20/2020

By Alain Pannetrat, Senior Researcher at Cloud Security Alliance and Founder of Omzlo.comFor some cloud customers in sensitive or highly-regulated industries, such as banking or healthcare, “traditional” annual or bi-annual audits do not provide enough assurance to move to the cloud. To address t...

Using Open Policy Agent (OPA) to Develop Policy as Code for Cloud Infrastructure

Published: 02/21/2020

By Becki Lee, Senior Technical writer at Fugue, Inc Originally published as: Interactively Debugging the Rego Policy Language with Frego Policy as code is an effective way to uniformly define, maintain, and enforce security and compliance standards in the cloud. Treating policy like code means ...

Using SOC Reports for Cloud Security and Privacy

Published: 02/10/2020

By Ashwin Chaudhary, Chief Executive Officer, Accedere Inc Data security and privacy are increasingly challenging in today’s cloud-based environments. Many organizations are storing a significant amount of data in distributed and hybrid cloud and even unmanaged environments, increasing challenge...

Joint Controllership: A Collection of Recent Guidance

Published: 01/03/2020

This blog was originally published www.paolobalboni.eu. By Paolo Balboni, Top-tier ICT, privacy & data protection lawyer and Founding Partner of ICT Legal Consulting.Article 26 GDPR on Joint controllers determines that, “Where two or more controllers jointly determine the purposes and means o...

​Keeping Up With Changing Technology by Reducing Complexity

Published: 11/15/2019

By John DiMaria; CSSBB, HISP, MHISP, AMBCI, CERP, CSA Research Fellow, Assurance Investigatory Fellow, Cloud Security Alliance Fox News reported that in answer to the previous Boeing 737 accidents, the Federal safety officials say, “Boeing should consider how cockpit confusion can slow the res...

CMMC – the New Protocol Droid for DoD Compliance

Published: 11/06/2019

By Doug Barbin - Cybersecurity Practice Leader at Schellman & Company, LLCA long time ago in a galaxy exactly ours…There was 800-171. For some time, the US Department of Defense has been working to revise its funding procurement procedures referred to as the Defense Acquisition Regulation...

4 Reasons Why IT Supervision is a Must in Content Collaboration

Published: 07/23/2019

By István Molnár, Compliance Specialist, TresoritFor many organizations, workflow supervision is one of the biggest challenges to solve. Ideally users should be properly managed and monitored but sadly, countless organizations suffer from a lack of IT supervision. As a result, there is no telling...

Happy Birthday GDPR! – Defending Against Illegitimate Complaints

Published: 05/22/2019

By John DiMaria; CSSBB, HISP, MHISP, AMBCI, CERP, Assurance Investigatory Fellow – Cloud Security Alliance On May 25th we will celebrate the first birthday of GDPR. Yes, one year ago GDPR was sort of a four-letter word (or acronym if you will). People were in a panic of how they were going t...

12 Ways Cloud Upended IT Security (And What You Can Do About It)

Published: 03/25/2019

This article was originally published on Fugue's blog here.By Andrew Wright, Co-founder & Vice President of Communications, FugueThe cloud represents the most disruptive trend in enterprise IT over the past decade, and security teams have not escaped turmoil during the transition. It’s unders...

Continuous Auditing - STAR Continuous - Increasing Trust and Integrity

Published: 03/19/2019

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceAs a SixSigma Black Belt I was brought up over the years with the philosophy of continual monitoring and improvement, moving from a reactive state to a preventive state. Actually, I wrote a white paper a couple of years ag...

Browse by Topic