Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Reframing Password Management: What We Learned from the LastPass Breach
Published: 02/02/2023

Originally published by BARR Advisory. In August of 2022, LastPass, the cloud-based password saver, was breached as bad actors stole information that would eventually lead them to access a copy of the data vaults of tens of thousands of customers. When the firm was hacked for a second time in Nov...

How to Avoid Cybersecurity Whack-a-Mole
Published: 01/31/2023

Originally published by Nasuni on November 8, 2022. Written by Jason Patterson, Nasuni. Although Cybersecurity Awareness Month is behind us now, that is no reason to take the focus off the subject. This year’s theme – “See Yourself in Cyber” – highlighted the fact that strong security really come...

Your Guide to IAM – and IAM Security in the Cloud
Published: 01/27/2023

Originally published by Ermetic. As user credentials become a coveted target for attackers, IAM (Identity Access Management) technologies are gaining popularity among enterprises. IAM tools are used in part to implement identity-based access security practices in the cloud. But is IAM security en...

5 Timely SaaS Security Recommendations for 2023
Published: 01/27/2023

Written by Jesse Butts, Head of Content & Communications, AppOmni. While our colleagues were winding down for the holidays, cybersecurity professionals spent the tail-end of 2022, and first week of 2023, responding to major SaaS breaches. Late December ushered in disclosures of Okta, Last...

What is an Access Control Server in 3DS?
Published: 01/24/2023

Originally published by TokenEx. Written by Anni Burchfiel, TokenEx. Quick Hits 3DS is a form of multifactor authentication used to reduce card-not-present fraud by verifying cardholder identities. The 3DS Access Control Server is a tool used by issuing banks to confirm the identity of the cardh...

Who Has Control: The SaaS App Admin Paradox
Published: 01/23/2023

Originally published by Adaptive Shield. Written by Eliana Vuijsje, Adaptive Shield. Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization's external admin attempts to disable MFA for themselves. They don't think to consult with the security team and d...

Five Steps Towards Building a Better Data Security Strategy
Published: 01/17/2023

Originally published by Lookout. Written by Sundaram Lakshmanan, CTO of SASE Products, Lookout. In the past when organizations had a new security need, they would meet that need by purchasing a new security product. But that approach is how we ended up with an average of 76 security tools per...

Identity and Access Management: Automation, Risks, and Best Practices
Published: 01/11/2023

Originally published by TokenEx. Written by Anni Burchfiel, TokenEx. Identity and access management (IAM) uses a combination of tools and procedures to limit access to internal systems and sensitive data. Rigourous protection of account access is one of the best ways to prevent account takeover f...

Key Takeaways from Forrester’s Embrace A Paradigm Shift In SaaS Protection: SaaS Security Posture Management Report
Published: 01/10/2023

Originally published by Adaptive Shield. Written by Zehava Musahanov, Adaptive Shield. Forrester, a research and advisory company, offers organization’s a variety of services including research and consulting. Their reports help professionals understand their customer’s behavior, concerns, and in...

From Access-Centric Security to Data-Centric Security
Published: 01/05/2023

Originally published by Lookout. Written by Maria Teigeiro, Lookout. In the early days of internet security, an access-centric security model made sense. Access lists on routers were complemented by firewalls and, later, intrusion detection systems. Given the processing capacity available at ...

How to Control (Maneuver) the Post-IdP Wasteland
Published: 01/04/2023

Originally published by DoControl. Written by Tony Klor, DoControl. In a world where digital transformation is the new normal and employees are more mobile than ever, organizations are inundated with managing often highly sensitive Software as a Service (SaaS) application data. To meet these dema...

How to Prevent Account Takeover Fraud
Published: 12/29/2022

Originally published by TokenEx. Written by Anni Burchfiel, TokenEx. Quick Hits:Account takeover fraud is the most popular kind of cyberattack for hackers looking to make a large sum of money quickly.Businesses affected by account takeover attacks (ATOs) often lose large numbers of customers due ...

Sealing Off Your Cloud’s Blast Radius
Published: 12/28/2022

Originally published by Ermetic. Migrating to the cloud? Cloud security requires a shift in mindset from traditional on-premises security. Implementing relevant principles and practices, like for permissions management, can mitigate vulnerabilities and significantly reduce the blast radius of an ...

Minimizing your Data Attack Surface in the Cloud
Published: 12/27/2022

Originally published by Sentra. Written by Ron Reiter, CTO, Sentra. The cloud is one of the most important developments in the history of information technology. It drives innovation and speed for companies, giving engineers instant access to virtually any type of workload with unlimited scal...

Important Factors to Consider When Implementing an IAM System
Published: 12/21/2022

By Alex Vakulov Identity and Access Management (IAM) solutions provide business applications with centralized authentication as well as credential management. Competent and thoughtful implementation is the key to success in building centralized authentication systems. Let me describe several vita...

Preventing Unauthorized Usage of Non-Person Entities (NPEs)
Published: 12/08/2022

Originally published by TrueFort. Written by Trish Reilly, TrueFort. What is an “NPE”? For those of you not working at a Federal agency, the acronym ‘NPE’ may be foreign. Or you may know it as service accounts for non-federal organizations. Like any other industry, the US Federal government oft...

Social Engineering and VPN Access: The Making of a Modern Breach
Published: 12/05/2022

Originally published by Lookout. Written by Hank Schless, Senior Manager, Security Solutions, Lookout. In what seems to be a constant drip of headlines about large enterprises experiencing security incidents, the world most recently learned of a successful data infiltration of rideshare and de...

Uber’s Internal Network Breach and Business-Critical SaaS Data Compromise
Published: 12/02/2022

Originally published by DoControl on September 16, 2022. Written by Corey O'Connor, DoControl. Multiple sources have reported that Uber has become the next victim to a man-in-the-middle attack with social engineering and Multi-factor Authentication (MFA) compromise at its core. In this example, t...

Advisory: Persistent MFA Circumvention in an Advanced BEC Campaign on Microsoft 365 Targets
Published: 12/01/2022

Originally published by Mitiga. Written by Mitiga's Research Team. Mitiga spotted a sophisticated, advanced business email compromise campaign, targeting Microsoft 365 organizations, leveraging inherent weaknesses in Microsoft 365 MFA, Microsoft Authenticator, and Microsoft 365 Identity Protectio...

Cloud First, Security Second?
Published: 11/22/2022

Originally published by Thales. Written by Chad Couser, Director, Marketing Communications, Thales. Cloud solutions were a lifesaver for organizations during the height of the COVID-19 pandemic as employees worked remotely or went hybrid and businesses pivoted their technology strategies to keep ...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.