Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
DevSecOps and Misconfigurations: Key Facts to Know
Published: 11/21/2021
Author: Hillary Baron

Secure DevOps, DevSecOps, and “shifting left” have become increasingly popular terms in cybersecurity. With the rapid increase both in volume and speed to delivery of applications, attacks on applications have also increased in both volume and complexity. Combine this with the shortage of cyberse...

Why Cloud-Ready, Centralized AppSec Must Underpin State Government Cloud Adoption
Published: 11/17/2021

This blog was originally published by Checkmarx here. Written by Rebecca Spiegel, Checkmarx. State and local governments are accelerating their use of the cloud as they focus on delivering more digital services with fewer resources and continue responding to pandemic pressures. In a recent Fe...

Making the Security Conversation More “Feature-Driven”
Published: 11/10/2021

This blog was originally published by Adobe here. Written by Sandhya Narayan, Principal Program Manager, Adobe. A constantly changing security landscape driven by increasingly persistent threats, growing attack sophistication, and tighter compliance requirements keeps both security and product...

How to Establish a Culture of Secure DevOps
Published: 09/20/2021

This blog was originally published by Sysdig here.Written by Chris Kranz, Sysdig.We’re constantly told to “Shift Left” and that Secure DevOps is the only way to have confidence in your cloud native applications. But speaking to end-users and industry colleagues, it’s clear that there are some maj...

Six Pillars of DevSecOps Series
Published: 09/09/2021

Last updated: February 16, 2022While DevOps practices can help improve the management and operations of information security processes in an organization, the execution of these practices has to be secured. Security vulnerabilities can be inadvertently created due to lack of consideration of all ...

Secure Containers and Microservices Series
Published: 08/18/2021
Author: Megan Theimer

Last updated: September 1, 2021CSA Application Containers and Microservices Working Group’s Secure Containers and Microservices SeriesApplication containers and a microservices architecture, as defined in NIST SP 800-180, are being used to design, develop and deploy applications leveraging agile ...

Security Agents Don’t Belong In Your Cloud!
Published: 08/18/2021

This blog was originally published by Blue Hexagon here. Written by Saumitra Das, Blue Hexagon. COVID-19 has significantly accelerated migration to the cloud as organizations enable an increasingly remote workforce and adopt cloud-native services to serve increasingly online customers. Unfortunat...

The Importance of Properly Scoping Cloud Environments
Published: 08/05/2021

PCI Security Standards Council (PCI SSC) and the Cloud Security Alliance (CSA) recently released a joint industry threat bulletin highlighting the importance of properly scoping cloud environments. In this blog, the PCI SSC and CSA share guidance and best practices for properly scoping cloud envi...

Bad guys are watching for new openings in your cloud, are you?
Published: 07/30/2021

This blog was originally published by Sysdig here.Written by Janet Matsuda, Sysdig CMO.You see the headlines, and perhaps, ‘thank goodness it wasn’t us’ flickers through your mind. An overly permissive web server exposes 100 million+ consumer credit applications, or an S3 bucket leaves hundreds o...

3 Key DevSecOps Trends for 2021
Published: 07/29/2021

This blog was originally published by Blue Hexagon here.Written by Saumitra Das, Blue Hexagon.DevSecOps is a term that means different things to different people. I see it as primarily as an umbrella term for “continuous security” or security that is built into the process of building, shipping, ...

Seven Steps to defining the art of the possible in DevOps
Published: 11/14/2020

By Craig Thomas from the CSA Washington DC Chapter and VP of Engineering at C2 LabsWe all love buzzwords, and one over the last couple/few years has been DevOps. What in the world does it mean? I have talked to people that think it means Agile/SCRUM methodology, while others think it is just Dock...

How to Address the Security Risks of Cloud OS
Published: 10/15/2020

Written by: Xiaoyu Ge, co-chair of the Cloud Component Specifications Working GroupFrom a user perspective, the cloud is a service. However, for cloud service providers, integrators, and channel partners who construct or build the cloud, it is a system that may comprise many separate components. ...

​Thinking Like a Cloud Hacker: Part 1
Published: 10/13/2020

Originally Published September 30, 2020 on Fugue’s websiteBy Josh Stella Co-Founder and CTO, FugueIn writing this, my objective is to examine some real world, published cloud exploits and examine both the motivations and techniques of the hackers responsible for them so that you can understand wh...

DevOps Security Automation: AWS Cloud Security Report 2020 for DevSecOps
Published: 09/25/2020

By CloudPassageIn a DevOps environment, software and feature delivery happen in real time. Security, while critical to your company, cannot become a bottleneck. InfoSec and DevOps leadership are searching for the best ways to bridge the gap between their two organizations in order to better secur...

How to secure DevOps
Published: 08/12/2020

By Andrey Pozhogin, Senior Product Marketing Manager, Hybrid Cloud Security at KaperskySupply-chain attacks through public repositories have become more frequent of late. Here’s how to deal with them.Last month, IT news websites reported that RubyGems, the official channel for distributing librar...

Compliance is the Equal and Opposite Force to Digital Transformation…that’s where DevOps comes in
Published: 08/07/2020

By J. Travis Howerton, Co-Founder and CTO, C2 Labs.This blog is shortened version of the original blog published by C2. For the full length post go here. Digital transformation will reshape all businesses, large and small, over the next decade and beyond; driven by the convergence of major techno...

New Paper Offers Practical Guidance on Automating Security in DevSecOps
Published: 07/07/2020

By Souheil Moghnie, NortonLifeLock Today, SAFECode is excited to join the Cloud Security Alliance in sharing a new report offering practical guidance on integrating security automation into the software development lifecycle. The paper, The Six Pillars of DevSecOps: Automation, was developed in c...

Using Open Policy Agent (OPA) to Apply Policy-as-Code to Infrastructure-as-Code
Published: 04/02/2020

Originally published as: Pre-deployment Compliance Checks with Regula and Terraform By Becki Lee, Senior Technical Writer, Fugue, Inc. Infrastructure-as-code is a programmatic way of defining and provisioning cloud resources. By treating infrastructure configuration as code, you can apply progr...

The Risk of Unsecured Dev Accounts
Published: 11/13/2019

This article was originally published on Fugue's blog here. By Drew Wright, Co-Founder Fugue Most organizations now recognize the importance of cloud security, likely due in large part to the sharp uptick in cloud-based data breaches resulting from cloud misconfiguration. Achieving and main...

Introducing Reflexive Security for integrating security, development and operations
Published: 10/14/2019

By the CSA DevSecOps Working Group Organizations today are confronted with spiraling compliance governance costs, a shortage of information security professionals, and a disconnect between strategic security and operational security. Due to these challenges, more and more companies value agilit...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.