Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Zero Trust Adoption Report: How Does Your Organization Compare?
Published: 09/23/2021

This blog was originally published by Microsoft here.Written by Vasu Jakkal; Corporate Vice President, Security, Compliance and Identity; Microsoft.From the wide adoption of cloud-based services to the proliferation of mobile devices. From the emergence of advanced new cyberthreats to the recent ...

Why the World Needs Proactive Cybersecurity
Published: 09/21/2021

This blog was originally published by Bitglass here.Written by Ben Rice, Bitglass.Computing is now in a ubiquitous state with users able to connect to a dizzying number of services and applications. Companies have networked together everything to reduce costs, increase automation, and achieve dig...

How to Establish a Culture of Secure DevOps
Published: 09/20/2021

This blog was originally published by Sysdig here.Written by Chris Kranz, Sysdig.We’re constantly told to “Shift Left” and that Secure DevOps is the only way to have confidence in your cloud native applications. But speaking to end-users and industry colleagues, it’s clear that there are some maj...

Are You On a Security Service Edge (SSE) Journey?
Published: 09/10/2021

This blog was originally published by Bitglass here.Written by Mike Schuricht, Bitglass.Last month, in the latest Gartner “Hype Cycle for Network Security, 2021” by Shilpi Handa and Pete Shoard, Security Service Edge (SSE) was introduced. This segment was not only “High” on the Benefit scale and ...

Kubernetes 1.22 – What’s new?
Published: 09/06/2021

This blog was originally published by Sysdig here. Written by Víctor Jiménez Cerrada, Sysdig. Kubernetes 1.22 was released in early August, and it comes packed with novelties! Where do we begin? This release brings 56 enhancements, an increase from 50 in Kubernetes 1.21 and 43 in Kubernet...

MPA Best Practice Guidelines Name RBI as Implementation Guidance Infrastructure for Web Filtering and Usage Control
Published: 08/27/2021

This blog was originally published by Ericom Software here.Written by Peter Fell, Group CTO, EME, Ericom Software. What Every TPN Vendor Should Know About Remote Browser Isolation In a recent important addition to the Motion Picture Association (MPA) Content Security Program, MPA Best Practic...

What is the MITRE ATT&CK Framework for Cloud? | 10 TTPs You Should Know Of
Published: 08/26/2021

This blog was originally published by Sysdig here.Written by Stefano Chierici, Sysdig.MITRE ATT&CK framework for cloud will help you identify the possible threats related to a cloud environment and begin securing your cloud infrastructure.MITRE ATT&CK is a well-known comprehensive knowled...

STAR Testimonial: CSA STAR + SOC2 - From Readiness to Attestation
Published: 08/20/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. This is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC2 engageme...

Security Agents Don’t Belong In Your Cloud!
Published: 08/18/2021

This blog was originally published by Blue Hexagon here. Written by Saumitra Das, Blue Hexagon. COVID-19 has significantly accelerated migration to the cloud as organizations enable an increasingly remote workforce and adopt cloud-native services to serve increasingly online customers. Unfortunat...

Top 20 Dockerfile Best Practices
Published: 08/10/2021

This blog was originally published by Sysdig here.Written by Álvaro Iradier, Sysdig.Learn how to prevent security issues and optimize containerized applications by applying a quick set of Dockerfile best practices in your image builds.If you are familiar with containerized applications and micros...

You Can’t Detect What You Can’t See – In Real-Time. The Modern Cloud Security Edition
Published: 08/06/2021

This blog was originally published by Blue Hexagon here.Written by Arun Raman, Blue Hexagon.There is an old maxim in cybersecurity: “You cannot detect what you cannot see.” While we hold the need for security visibility as a self-evident truth, there are implications for a cloud security architec...

Blue Team Diaries: Becoming ‘data-smart’
Published: 08/05/2021

Written by Derek Wood, Open Raven“I can’t afford to not be data-smart.” - Doug Clendening, Principal Services Consultant at Open Raven (Previously Principal Cyber Incident Commander at Splunk) Blue teams aren’t quite the cape-wearing heroes featured in comics, but they aren't far off when it come...

Bad guys are watching for new openings in your cloud, are you?
Published: 07/30/2021

This blog was originally published by Sysdig here.Written by Janet Matsuda, Sysdig CMO.You see the headlines, and perhaps, ‘thank goodness it wasn’t us’ flickers through your mind. An overly permissive web server exposes 100 million+ consumer credit applications, or an S3 bucket leaves hundreds o...

Deep Dive into the NSA Funded MITRE D3FEND Framework
Published: 07/26/2021

This blog was originally published by Blue Hexagon here.Written by Saumitra Das, Blue Hexagon.MITRE released the D3FEND framework on 6/22/21, an effort funded by the National Security Agency to effectively create a knowledge graph of cybersecurity countermeasure techniques. The goal of this proje...

The Right Time to Hire a Product Security Analyst
Published: 06/30/2021

This blog was originally published by CyberCrypt here.A doll that understands what children say and responds to them seemed, in 2015, like a great idea — unless you were a security analyst.Unfortunately for Mattel, security analysts seem to have been left out of the conversation until the toymake...

Top 10 Linux Server Hardening and Security Best Practices
Published: 06/28/2021

This blog was originally published by Intezer here.If you have servers connected to the internet, you likely have valuable data stored on them that needs to be protected from bad actors.Linux server hardening is a set of measures used to reduce the attack surface and improve the security of your ...

Split Knowledge: Literally the Key to Secure Encryption
Published: 06/25/2021

This blog was originally published by CyberCrypt here.When you store your valuable items in a safe deposit box, do you leave your key to that box with the bank? Of course not. Although you might trust your banker, you keep control of that key. Otherwise, if it fell into the wrong hands, you might...

​Continuous Security Control Enforcement & Governance in the Cloud Ecosystem
Published: 06/23/2021

Written by Raghvendra Singh, Head, Cloud Security CoE, Cyber Security Unit, TCS Digital transformation across industries has witnessed unprecedented acceleration in recent times. Cloud, with its greater flexibility, agility, resilience, and scalability, is invariably the cornerstone technology...

Real-Time Security Metrics: Insights Every Risk Management Team Should Monitor
Published: 06/08/2021

This blog was originally published by OneTrust GRC here. There is one thing that businesses of all sizes, industries, and sectors have in common – they face a wide range of risk management threats. Specifically, retail, finance, hospitality, government, manufacturing, and healthcare industries...

President Biden’s Cybersecurity Executive Order: What will it mean for you?
Published: 06/01/2021

This blog was originally published by OneTrust here.On May 12, US President Joe Biden issued an executive order on cybersecurity seeking to improve the state of national cybersecurity in the US and to increase protection of government networks following incidents involving SolarWinds and more rec...

Browse by Topic
Write for the CSA blog
Submit your blog proposal