Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Survey Report: Cloud Security Posture Management and Misconfiguration Risks
Published: 09/20/2021

Written by VMware.The worldwide public cloud services market grew 24.1% YoY in 2020.[1] With companies relying heavily on public clouds as the driver for digital transformation, the security of their cloud applications, data, and underlying infrastructure remains a top priority for Chief Informat...

Why IaaS Security Should be a Priority
Published: 08/20/2021

This blog was originally published by Bitglass here. Written by Jonathan Andresen, Bitglass. Why are CIOs and IT organizations prioritizing investment in cloud infrastructure? The answer is simple: to better support virtual workforces, supply chains, and partners. Getting the most value out of le...

Bad guys are watching for new openings in your cloud, are you?
Published: 07/30/2021

This blog was originally published by Sysdig here.Written by Janet Matsuda, Sysdig CMO.You see the headlines, and perhaps, ‘thank goodness it wasn’t us’ flickers through your mind. An overly permissive web server exposes 100 million+ consumer credit applications, or an S3 bucket leaves hundreds o...

Cloud lateral movement: Breaking in through a vulnerable container
Published: 05/25/2021

This blog was originally published by Sysdig hereWritten By Stefano Chierici, SysdigLateral movement is a growing concern with cloud security. That is, once a piece of your cloud infrastructure is compromised, how far can an attacker reach?What often happens in famous attacks to Cloud environment...

The Multi-Factor Factor (or How to Manage Authentication Risk)
Published: 11/18/2020

By Wendy Nathers, Head of Advisory CISOs at DuoAs we debate the necessity of various authentication factors, particularly for passwordless projects, it’s good to take a step back and remember how we got here. There are key three types of authentication:The 3 Key Types of Authentication1. “Somethi...

No Free Rides With Your OAuth Tokens
Published: 10/03/2020

By Ian Sharpe, Product Leader at AppOmni It’s just another typical Wednesday in May. You’ve received an email from one of your contacts, someone with whom you haven’t spoken to in years. They’ve shared a Google Docs with you. It seems a bit odd, but you’re curious, so you click on the “Open in D...

RECON (CVE-2020-6287) and its impact on Cloud Applications
Published: 09/29/2020

By Shamun Mahmud, Sr. Research Analyst at Cloud Security AllianceKey takeawaysCloud adoption is growing when it comes to ERP ApplicationsERP Applications in the cloud can be vulnerable security issues and organizations need to apply the proper security controls and patches.IntroductionThe RECON v...

Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks
Published: 09/28/2020

By Nicole Fishbein, Malware Analyst and Reverse Engineer at IntezerTeamTNT is a cybercrime group that targets cloud environments including Docker and Kubernetes instances. The group has been previously documented using several tools including crypto-miners and Amazon Web Services (AWS) credential...

​Building a Secure Amazon S3 Bucket
Published: 09/23/2020

By Josh Stella, Co-Founder and CTO, FugueOriginally Published at fugue.co/blog on Sept 8, 2020Much has been said about Amazon S3 security on Amazon Web Services (AWS) in the press and technical publications, and much of it is oversimplified and of limited practical use. Amazon S3 is an incredibly...

​Polyrize Launches Its Inaugural Shadow Identity Report
Published: 09/17/2020

Key trends and challenges in securing cloud identities and privilegesPolyrize, an innovator in managing and securing privileges and identity access across the public cloud, today launched its 2020 Shadow Identity Report, developed by its new SaaS Threat Labs Team. The report covers key trends and...

SaaS Security Series: Understanding Salesforce Administrative Permissions
Published: 08/19/2020

Brian Soby, CTO & Co-founder of AppOmniToday, more than ever, SaaS applications drive the modern enterprise. They are relied upon for managing customer data, allowing internal collaboration, and keeping organizations connected across the world. As the amount of sensitive and business-critical...

Strong MFA: The First Stop on the Path to Passwordless
Published: 07/31/2020

By Andrew Hickey, Director of Content at DuoStrong MFA: The First Stop on the Path to PasswordlessPasswords, the antiquated security mechanism in place since the 1960’s, have since their inception caused user and administrative frustration due to their complexity and frequent resets. As technolog...

Abusing Privilege Escalation in Salesforce Using APEX
Published: 07/16/2020

By Nitay Bachrach, Senior Security Researcher, PolyrizeThis article describes in detail a Salesforce privilege escalation scenario whereby a malicious insider exploits Author Apex permission to take over an organization’s Salesforce account and all data within it. The user abuses the fact that so...

​Securing the multi-cloud environment through CSPM and SSPM
Published: 07/13/2020

By the CipherCloud TeamMisconfigurations are the biggest cause of data breaches in the cloud, exposing more than 33 billion records and costing companies close to $5 trillion in 2018 and 2019. - DivvyCloudIt took decades to convince IT leaders to move to the cloud. In the initial years, cloud ado...

The State of Cloud Security 2020 Report: Understanding Misconfiguration Risk
Published: 05/05/2020

By Drew Wright, Fugue IncCloud misconfiguration remains the top cause of data breaches in the cloud, and the COVID-19 crisis is making the problem worse. These are among the findings of Fugue’s new State of Cloud Security 2020 survey. Nearly everyone is now working from home, and 84% are concerne...

​Prevent security misconfigurations in a multi-cloud environment
Published: 01/20/2020

By the CipherCloud TeamIn November 2019, we witnessed one of the biggest data breaches to date. Personal information of 1.2 billion users got exposed, including phone numbers, email addresses and profiles of hundreds of millions of people that include home and cell phone numbers, associated socia...

4 Common Cloud Misconfigurations & What To Do About Them
Published: 11/14/2019

By Kevin Tatum, IT Security Engineer at ExtraHopIn a recent report, McAfee uncovered the rise of Cloud-Native Breaches and the state of multi-cloud adoption. We'll define the top 4 cloud misconfiguration goofs from their list, how they can affect your organization, and what to do about them.When ...

Cloud Security Posture Management: Why You Need It Now
Published: 10/01/2019

By Samantha Nguyen, Product Manager, BitglassGartner recommends that security and risk management leaders invest in CSPM (cloud security posture management) processes and tools to avoid misconfigurations that can lead to data leakage. Although it is a relatively new class of tools, this recommend...

What Executives Should Know About the Capital One Breach
Published: 09/09/2019

By Phillip Merrick, CEO of FugueMost enterprises are already using public cloud computing services at scale or are planning to adopt the cloud soon. As an executive, chances are you’re paying attention to the Capital One data breach and wondering how this event should impact your decision-making....

A Technical Analysis of the Capital One Cloud Misconfiguration Breach
Published: 08/09/2019

This article was originally published on Fugue's blog here. By Josh Stella, Co-founder & Chief Technology Officer, Fugue This is a technical exploration of how the Capital One breach might have occurred, based on the evidence we have from the criminal complaint. I want to start by say...

Browse by Topic
Write for the CSA blog
Submit your blog proposal