Cloud 101
Circle
Events
Blog

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Pipeline Sprawl in DevOps: It’s a Thing
Published: 01/13/2023

Originally published by Dazz. Written by Tomer Schwartz, Co-founder & CTO, Dazz. CI/CD pipeline sprawl is happening faster than you can rein it inCompanies are developing software in the cloud in a big way. Under the umbrella of digital transformation, and driven by customer expectations and comp...

Managing Cloud Security in a Multicloud Environment (Part 2)
Published: 01/09/2023

Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. As discussed in my last article, to date, most known security incidents in the cloud have been the fault of the customer rather than that of the cloud security provider (CSP). And yet, CSP...

7 Significant Findings from the 2022 SaaS Security Survey Report
Published: 12/19/2022

Originally published by Adaptive Shield. Written by Eliana Vuijsje, Adaptive Shield. Last year, we spearhead our first annual SaaS Security Survey Report, where the findings illuminated the SSPM landscape and where the market was holding. In the 2022 SaaS Security Survey Report, in collaborat...

How to Detect Cloud Storage Misconfigurations to Protect Valuable Data
Published: 12/14/2022

Originally published by CrowdStrike. Written by Ciaran O'Brien and Matt Johnston, CrowdStrike. Cloud storage misconfigurations continue to become more prevalent and problematic for organizations as they expand their cloud infrastructure, driving the importance of technologies such as cloud sec...

Top Threat #9 to Cloud Computing: Misconfiguration and Exploitation of Serverless and Container Workloads
Published: 11/20/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...

2022 State of Public Cloud Security Report Reveals Critical Cloud Security Gaps
Published: 09/30/2022

Originally published by Orca Security here. Written by Bar Kaduri and Deborah Galea, Orca Security. Orca Security has released the 2022 State of the Public Cloud Security report, which provides important insights into the current state of public cloud security and where the most critical security...

8 Common Cloud Misconfiguration Types (And How to Avoid Them)
Published: 09/27/2022

Originally published by Vulcan Cyber here. Written by Roy Horev, Vulcan Cyber. Cloud misconfiguration refers to any errors, glitches, or gaps in the cloud environment that could pose a risk to valuable information and assets. It occurs when the cloud-based system is not correctly configured by th...

Monitor Your SaaS Environment for Three Common SaaS Misconfigurations
Published: 09/23/2022

Originally published by AppOmni here. Written by John Whelan, Senior Director of Product Management, AppOmni. SaaS is ubiquitous across the enterprise and accounts for approximately 70% of software usage in companies. And SaaS usage is growing, with thousands of SaaS applications available to...

Top Threat #3 to Cloud Computing: Misconfiguration and Inadequate Change Control
Published: 08/22/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...

Google Workspace - Log Insights to Your Threat Hunt
Published: 08/16/2022

Originally published by Mitiga here. Written by Ariel Szarf and Lionel Saposnik, Mitiga. Google Workspace is a popular service for document collaboration for organizations and for individual users. Threat actors note that the popularity of this service has increased and search for ways to exp...

The New Kubernetes Gateway API and Its Use Cases
Published: 08/02/2022

Originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO. Despite being a large open-source and complex project, Kubernetes keeps on evolving at an impressive pace. Being at the center of various platforms and solutions, the biggest challenge for the Kubernetes proj...

The 5 Faces of Development Risk
Published: 07/28/2022

Written by Tony Karam, Strategic Marketing Leader, Concourse Labs.Which of these development risks do you recognize?Delivering cloud-native applications, quickly, is an existential requirement for most businesses. Security, Risk Management, and DevSecOps leaders are tasked with ensuring cloud mis...

An Easy Misconfiguration to Make: Hidden Dangers in the Cloud Control Plane
Published: 07/12/2022

This blog was originally published by Mitiga here. Written by Andrew Johnston, Mitiga. There’s a good reason many developers are excited about the cloud. The advent of managed services has enabled solutions architecture to become an assortment of building blocks—configuration is simple, scaling i...

Prioritizing Cloud Security Threats: What You Need to Know
Published: 05/18/2022

This blog was originally published by Vulcan Cyber here. Written by Roy Horev, Vulcan Cyber Co-founder and CTO. As enterprises across the globe continue to leverage cloud technologies in order to improve business efficiency, cloud service providers (CSPs) looking to gain a competitive edge are ex...

The Five Universal Fundamentals for Securing Your Cloud
Published: 05/06/2022

This blog was originally published on fugue.co on April 7, 2022.Written by Josh Stella, chief architect at Snyk. The word “misconfiguration” can seem quite innocuous — an innocent mistake that’s easy to fix, like putting your car into drive while the parking brake is still engaged. You quickl...

The Dangers of Exposed Elasticsearch Instances
Published: 04/15/2022

This blog was originally published by Open Raven here. Written by Michael Ness, Open Raven. Elasticsearch is a widely used text-search and analytics engine. The tooling provides a simple solution to quickly, easily, and efficiently store and search large volumes of data. Elasticsearch is utilized...

Cloud Threats: What Business Executives Need to Know Right Now
Published: 03/31/2022

This blog was originally published on fugue.co on February 4, 2022. Written by Josh Stella, Fugue. Read the first blog in this series here and the second blog here. The ancient Chinese general Sun Tzu famously wrote: “If you know the enemy and know yourself, you need not fear the result of a h...

To Err is Human, and That is What Hackers are Counting On
Published: 03/23/2022

Originally published January 20, 2022 on Fugue’s website. Written by Josh Stella. Read the first blog in this series here. It’s understandable if you’ve made thwarting ransomware your top cybersecurity priority for 2022. The number of successful ransomware attacks, which encrypt computers unt...

Learning from the State of Washington’s Data Breach
Published: 03/16/2022

This blog was originally published by AppOmni here. Written by Brian Soby, CTO and Co-Founder of AppOmni. It's not surprising to hear about another data breach in the news, especially one involving a large SaaS deployment like the State of Washington announced in February 2022. SaaS has great...

Multi Cloud Security
Published: 02/17/2022

Written by Madhukeshwar Bhat, Director, Chapter Development, CSA Bangalore, and Rob Aragao, Chief Security Strategist, CyberRes “Computing may someday be organized as a public utility just as the telephone system is a public utility”- Prof. John McCarthy at MIT’s centennial celebration in 1961.T...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.