Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Got Vulnerability? Cloud Security Alliance Wants to Identify It
Published: 07/15/2021
Author: Jim Reavis

I wanted to take some time to tell you about a new CSA working group in formation that I am taking a personal interest in. I am sure you have all heard the expression, “when you have a hammer, all problems look like nails.” This is very relatable to our industry as we have to be careful that we d...

Cloud Network Virtualization: Benefits of SDN over VLAN
Published: 06/25/2021

Written by the members of the Security Guidance Working GroupAll clouds utilize some form of virtual networking to abstract the physical network and create a network resource pool. Typically the cloud user provisions desired networking resources from this pool, which can then be configured within...

Critical Controls for Oracle E-Business Suite
Published: 06/11/2021

Written by Mike Miller, OnapsisOver the past months, cyber threat activity has increased to unprecedented levels, with threat actors expanding their capabilities to target critical infrastructure and mission-critical applications. From hacktivists to cyber-criminals and state-sponsored, these act...

Seven Steps to defining the art of the possible in DevOps
Published: 11/14/2020

By Craig Thomas from the CSA Washington DC Chapter and VP of Engineering at C2 LabsWe all love buzzwords, and one over the last couple/few years has been DevOps. What in the world does it mean? I have talked to people that think it means Agile/SCRUM methodology, while others think it is just Dock...

How to Address the Security Risks of Cloud OS
Published: 10/15/2020

Written by: Xiaoyu Ge, co-chair of the Cloud Component Specifications Working GroupFrom a user perspective, the cloud is a service. However, for cloud service providers, integrators, and channel partners who construct or build the cloud, it is a system that may comprise many separate components. ...

​Thinking Like a Cloud Hacker: Part 1
Published: 10/13/2020

Originally Published September 30, 2020 on Fugue’s websiteBy Josh Stella Co-Founder and CTO, FugueIn writing this, my objective is to examine some real world, published cloud exploits and examine both the motivations and techniques of the hackers responsible for them so that you can understand wh...

DevOps Security Automation: AWS Cloud Security Report 2020 for DevSecOps
Published: 09/25/2020

By CloudPassageIn a DevOps environment, software and feature delivery happen in real time. Security, while critical to your company, cannot become a bottleneck. InfoSec and DevOps leadership are searching for the best ways to bridge the gap between their two organizations in order to better secur...

How to secure DevOps
Published: 08/12/2020

By Andrey Pozhogin, Senior Product Marketing Manager, Hybrid Cloud Security at KaperskySupply-chain attacks through public repositories have become more frequent of late. Here’s how to deal with them.Last month, IT news websites reported that RubyGems, the official channel for distributing librar...

Compliance is the Equal and Opposite Force to Digital Transformation…that’s where DevOps comes in
Published: 08/07/2020

By J. Travis Howerton, Co-Founder and CTO, C2 Labs.This blog is shortened version of the original blog published by C2. For the full length post go here. Digital transformation will reshape all businesses, large and small, over the next decade and beyond; driven by the convergence of major techno...

New Paper Offers Practical Guidance on Automating Security in DevSecOps
Published: 07/07/2020

By Souheil Moghnie, NortonLifeLock Today, SAFECode is excited to join the Cloud Security Alliance in sharing a new report offering practical guidance on integrating security automation into the software development lifecycle. The paper, The Six Pillars of DevSecOps: Automation, was developed in c...

Using Open Policy Agent (OPA) to Apply Policy-as-Code to Infrastructure-as-Code
Published: 04/02/2020

Originally published as: Pre-deployment Compliance Checks with Regula and Terraform By Becki Lee, Senior Technical Writer, Fugue, Inc. Infrastructure-as-code is a programmatic way of defining and provisioning cloud resources. By treating infrastructure configuration as code, you can apply progr...

The Risk of Unsecured Dev Accounts
Published: 11/13/2019

This article was originally published on Fugue's blog here. By Drew Wright, Co-Founder Fugue Most organizations now recognize the importance of cloud security, likely due in large part to the sharp uptick in cloud-based data breaches resulting from cloud misconfiguration. Achieving and main...

Introducing Reflexive Security for integrating security, development and operations
Published: 10/14/2019

By the CSA DevSecOps Working Group Organizations today are confronted with spiraling compliance governance costs, a shortage of information security professionals, and a disconnect between strategic security and operational security. Due to these challenges, more and more companies value agilit...

“Shift Left” to Harden Your Cloud Security Posture
Published: 07/18/2019

This article was originally published on Fugue's blog here. By Josh Stella, Co-founder & Chief Technology Officer, FugueAfter a decade-long uneasy courtship with cloud computing, enterprises are migrating their IT systems to platforms like AWS and Azure as fast as they can. This means the k...

CSA Summit Recap Part 2: CSP & CISO Perspective
Published: 03/12/2019

By Elisa Morrison, Marketing Intern, Cloud Security AllianceWhen CSA was started in 2009, Uber was just a German word for 'Super' and all CSA stood for was Community Supported Agriculture. Now in 2019, spending on cloud infrastructure has finally exceeded on-premises, and CSA is celebrating its 1...

Deciphering DevSecOps
Published: 02/07/2019

Security needs to be an integral part of the DevOps roadmap. Enterprise Strategy Group’s Doug Cahill shows the way By Beth Stackpole, Writer, SymantecSecurity has moved to the forefront of the IT agenda as organizations push forward with digital transformation initiatives. At the same time, Dev...

Security Risks and Continuous Development Drive Push for DevSecOps
Published: 01/31/2019

How the need to speed application creation and subsequent iterations has catalyzed the adoption of the DevOps philosophyBy Dwight B. Davis, Writer, SymantecThe sharp rise in cyber security attacks and damaging breaches in recent years has driven a new mantra among both application developers and ...

Browse by Topic
Write for the CSA blog
Submit your blog proposal