Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
How to Address the Security Risks of Cloud OS

Published: 10/15/2020

Written by: Xiaoyu Ge, co-chair of the Cloud Component Specifications Working GroupFrom a user perspective, the cloud is a service. However, for cloud service providers, integrators, and channel partners who construct or build the cloud, it is a system that may comprise many separate components. ...

​Thinking Like a Cloud Hacker: Part 1

Published: 10/13/2020

Originally Published September 30, 2020 on Fugue’s websiteBy Josh Stella Co-Founder and CTO, FugueIn writing this, my objective is to examine some real world, published cloud exploits and examine both the motivations and techniques of the hackers responsible for them so that you can understand wh...

DevOps Security Automation: AWS Cloud Security Report 2020 for DevSecOps

Published: 09/25/2020

By CloudPassageIn a DevOps environment, software and feature delivery happen in real time. Security, while critical to your company, cannot become a bottleneck. InfoSec and DevOps leadership are searching for the best ways to bridge the gap between their two organizations in order to better secur...

How to secure DevOps

Published: 08/12/2020

By Andrey Pozhogin, Senior Product Marketing Manager, Hybrid Cloud Security at KaperskySupply-chain attacks through public repositories have become more frequent of late. Here’s how to deal with them.Last month, IT news websites reported that RubyGems, the official channel for distributing librar...

Compliance is the Equal and Opposite Force to Digital Transformation…that’s where DevOps comes in

Published: 08/07/2020

By J. Travis Howerton, Co-Founder and CTO, C2 Labs.This blog is shortened version of the original blog published by C2. For the full length post go here. Digital transformation will reshape all businesses, large and small, over the next decade and beyond; driven by the convergence of major techno...

New Paper Offers Practical Guidance on Automating Security in DevSecOps

Published: 07/07/2020

By Souheil Moghnie, NortonLifeLock Today, SAFECode is excited to join the Cloud Security Alliance in sharing a new report offering practical guidance on integrating security automation into the software development lifecycle. The paper, The Six Pillars of DevSecOps: Automation, was developed in c...

Using Open Policy Agent (OPA) to Apply Policy-as-Code to Infrastructure-as-Code

Published: 04/02/2020

Originally published as: Pre-deployment Compliance Checks with Regula and Terraform By Becki Lee, Senior Technical Writer, Fugue, Inc. Infrastructure-as-code is a programmatic way of defining and provisioning cloud resources. By treating infrastructure configuration as code, you can apply progr...

The Risk of Unsecured Dev Accounts

Published: 11/13/2019

This article was originally published on Fugue's blog here. By Drew Wright, Co-Founder Fugue Most organizations now recognize the importance of cloud security, likely due in large part to the sharp uptick in cloud-based data breaches resulting from cloud misconfiguration. Achieving an...

“Shift Left” to Harden Your Cloud Security Posture

Published: 07/18/2019

This article was originally published on Fugue's blog here. By Josh Stella, Co-founder & Chief Technology Officer, FugueAfter a decade-long uneasy courtship with cloud computing, enterprises are migrating their IT systems to platforms like AWS and Azure as fast as they can. This means the k...

CSA Summit Recap Part 2: CSP & CISO Perspective

Published: 03/12/2019

By Elisa Morrison, Marketing Intern, Cloud Security AllianceWhen CSA was started in 2009, Uber was just a German word for 'Super' and all CSA stood for was Community Supported Agriculture. Now in 2019, spending on cloud infrastructure has finally exceeded on-premises, and CSA is celebrating its 1...

Deciphering DevSecOps

Published: 02/07/2019

Security needs to be an integral part of the DevOps roadmap. Enterprise Strategy Group’s Doug Cahill shows the way By Beth Stackpole, Writer, Symantec Security has moved to the forefront of the IT agenda as organizations push forward with digital transformation initiatives. At the s...

Security Risks and Continuous Development Drive Push for DevSecOps

Published: 01/31/2019

How the need to speed application creation and subsequent iterations has catalyzed the adoption of the DevOps philosophy By Dwight B. Davis, Writer, Symantec The sharp rise in cyber security attacks and damaging breaches in recent years has driven a new mantra among both application de...

Browse by Topic