Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Why the World Needs Proactive Cybersecurity
Published: 09/21/2021

This blog was originally published by Bitglass here.Written by Ben Rice, Bitglass.Computing is now in a ubiquitous state with users able to connect to a dizzying number of services and applications. Companies have networked together everything to reduce costs, increase automation, and achieve dig...

Cybersecurity’s Next Fight: How to Protect Employees From Online Harassment
Published: 09/15/2021

This blog was originally published by Microsoft here.The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In this blog post, Microsoft Product Marketing Manager Natalia Godyla talks with Leigh Honeywell, CEO and...

From CapEx to OpEx, and Greater Security
Published: 09/13/2021

This blog was originally published by CyberCrypt here.In the cloud, cloud service providers (CSPs) manage the infrastructure they control—where organizational data and applications are stored—and perform the patching and updates so that the applications they use remain current.These advantages ar...

Detecting When Ransomware Moves Into Your Cloud
Published: 09/09/2021

This blog was originally published on Vectra.ai With around 65,000 ransomware attacks expected this year in the US alone according to Yahoo! Finance, let’s just go out on limb here and say that folks are having a rough go at stopping these menacing occurrences. It doesn’t seem to matter which ...

Here are Five Key Takeaways to Build a Best-in-Breed Security Architecture for Your Enterprise
Published: 09/03/2021

Written by Fausto Lendeborg, CEO, Secberus.Secberus was invited to participate in Plug and Play’s (PnP) Partnerships Transforming Healthcare: Healthcare and the Cloud event. Our CEO, Fausto Lendeborg was accompanied by Edmond Mack, VP Security Architecture at GSK as well as Jennifer Thomas, Manag...

How Can 3DS Authentication Enhance My Payments Flow?
Published: 08/11/2021

This blog was originally published by TokenEx here. Written by Jessica Titsworth, TokenEx. As the rapid growth of ecommerce platforms and digital payments continue, the amount of card-not-present (CNP) transactions has increased. While this can provide extra convenience for the cardholder, mercha...

The Visionary CCM/CAIQ v4 Early Adopters
Published: 08/06/2021
Author: John DiMaria

This blog was updated on 8/16/21 with the news that organizations can now submit CAIQ v4 to the STAR Registry.The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to CSA best practices and is considered the de-facto standard for cloud security and priva...

Blue Team Diaries: Becoming ‘data-smart’
Published: 08/05/2021

Written by Derek Wood, Open Raven“I can’t afford to not be data-smart.” - Doug Clendening, Principal Services Consultant at Open Raven (Previously Principal Cyber Incident Commander at Splunk) Blue teams aren’t quite the cape-wearing heroes featured in comics, but they aren't far off when it come...

The Importance of Properly Scoping Cloud Environments
Published: 08/05/2021

PCI Security Standards Council (PCI SSC) and the Cloud Security Alliance (CSA) recently released a joint industry threat bulletin highlighting the importance of properly scoping cloud environments. In this blog, the PCI SSC and CSA share guidance and best practices for properly scoping cloud envi...

SECtember 2021: Why I’ll Be There
Published: 08/03/2021

Written by Larry Hughes, Principal Compliance Consultant, LJH Compliance ConsultingI first got involved in the Seattle information security scene in 1996. I was busy building a security consulting practice for a startup. It wasn’t long before I met this affable fellow named Jim Reavis, who had al...

Can Web Browsers be “Secure” as Required by Federal Cybersecurity Guidelines?
Published: 07/28/2021

This blog was originally published by Ericom Software here.Written by Gerry Grealish, Ericom Software Chief Marketing Officer.The National Institute of Standards and Technology (NIST) issued its “Definition of Critical Software Under Executive Order,” one of the first items to be delivered in res...

Deep Dive into the NSA Funded MITRE D3FEND Framework
Published: 07/26/2021

This blog was originally published by Blue Hexagon here.Written by Saumitra Das, Blue Hexagon.MITRE released the D3FEND framework on 6/22/21, an effort funded by the National Security Agency to effectively create a knowledge graph of cybersecurity countermeasure techniques. The goal of this proje...

Certificate of Cloud Security Knowledge (CCSK) Modules for Non-Tech Staff
Published: 07/21/2021

The Certificate of Cloud Security Knowledge (CCSK) is a standard of expertise for cloud security. While this is a certificate that technical professionals typically strive to earn, the study materials can also offer valuable lessons to non-technical staff interested in gaining a general understan...

Building the Next Generation of Cybersecurity and Privacy Professionals
Published: 07/20/2021
Author: Daniele Catteddu

ContextIn the past two decades we have witnessed a dramatic evolution in the cyber domain; new technologies have revolutionized the world we live in, our habits, our behaviors and our way of thinking. Cloud Computing, Edge Computing, Internet of Things/Everything, Smart Environments, Artificial I...

2021 State of Cloud Security Posture Management Report
Published: 07/16/2021

This blog was originally published by OpsCompass here.We recently announced the results of a report we conducted on cloud security and management challenges. The “2021 State of Cloud Security Posture Management Report” is based on survey responses from 253 full-time, US-based, IT professionals wh...

Why Is Cybersecurity Critical in Protecting Infrastructure?
Published: 06/09/2021

Written by Angela Stone, Content Creator, Eleven Fifty AcademyCybersystems, assets, and physical infrastructure are vital to the economy of a country. Destroying or incapacitating infrastructure and cyber systems can have a devastating impact on the economy. Industries such as the oil and gas ind...

The Shift to Eight-Digit BINs
Published: 05/14/2021

This blog was originally published by TokenEx hereWritten by Branden Morrow, TokenExThere is a lot of information going around about an eight-digit BIN mandate, and we wanted to give some clarity on what a BIN is, why it is important, how it relates to PCI DSS compliance, why a shift to an eight-...

PCI Compliance Checklist: Ensure Compliance
Published: 03/08/2021

Originally published on TokenEx's blog. You’ve heard about all of the breaches. You know no defense is impenetrable. And you’re likely aware of the risk that comes with storing payment card information.Still, you need to process cardholder data to run your business—that much is unavoidable. So, h...

How to Secure Your CDE and Achieve PCI DSS Compliance
Published: 02/18/2021

Written by TokenExSuccessfully securing cardholder data should be top of mind as businesses try to keep up with the rise of data regulations and the resulting increased focus on consumer privacy. The process of securing a cardholder data environment (CDE) and ensuring it is compliant with the Pay...

What is 3-D Secure Authentication, and Why Do I Need It?
Published: 02/11/2021

Written by Dillon Phillips at TokenExThanks to the increasing popularity of ecommerce platforms, many card transactions that previously would have occurred in person can now be made online. The resulting rise in card-not-present (CNP) payments offers greater convenience for those initiating the t...

Browse by Topic
Write for the CSA blog
Submit your blog proposal