Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Prioritizing Cloud Security Threats: What You Need to Know
Published: 05/18/2022

This blog was originally published by Vulcan Cyber here. Written by Roy Horev, Vulcan Cyber Co-founder and CTO. As enterprises across the globe continue to leverage cloud technologies in order to improve business efficiency, cloud service providers (CSPs) looking to gain a competitive edge are ex...

The Five Universal Fundamentals for Securing Your Cloud
Published: 05/06/2022

This blog was originally published on on April 7, 2022.Written by Josh Stella, chief architect at Snyk. The word “misconfiguration” can seem quite innocuous — an innocent mistake that’s easy to fix, like putting your car into drive while the parking brake is still engaged. You quickl...

The Dangers of Exposed Elasticsearch Instances
Published: 04/15/2022

This blog was originally published by Open Raven here. Written by Michael Ness, Open Raven. Elasticsearch is a widely used text-search and analytics engine. The tooling provides a simple solution to quickly, easily, and efficiently store and search large volumes of data. Elasticsearch is utilized...

Cloud Threats: What Business Executives Need to Know Right Now
Published: 03/31/2022

This blog was originally published on on February 4, 2022. Written by Josh Stella, Fugue. Read the first blog in this series here and the second blog here. The ancient Chinese general Sun Tzu famously wrote: “If you know the enemy and know yourself, you need not fear the result of a h...

To Err is Human, and That is What Hackers are Counting On
Published: 03/23/2022

Originally published January 20, 2022 on Fugue’s website. Written by Josh Stella. Read the first blog in this series here. It’s understandable if you’ve made thwarting ransomware your top cybersecurity priority for 2022. The number of successful ransomware attacks, which encrypt computers unt...

Learning from the State of Washington’s Data Breach
Published: 03/16/2022

This blog was originally published by AppOmni here. Written by Brian Soby, CTO and Co-Founder of AppOmni. It's not surprising to hear about another data breach in the news, especially one involving a large SaaS deployment like the State of Washington announced in February 2022. SaaS has great...

Multi Cloud Security
Published: 02/17/2022

Written by Madhukeshwar Bhat, Director, Chapter Development, CSA Bangalore, and Rob Aragao, Chief Security Strategist, CyberRes “Computing may someday be organized as a public utility just as the telephone system is a public utility”- Prof. John McCarthy at MIT’s centennial celebration in 1961.T...

Cloud Applications Put Your Data at Risk. Here's How to Regain Control
Published: 12/10/2021

Written by Yaki Faitelson, Co-Founder and CEO of Varonis. Cloud applications boost productivity and ease collaboration. But when it comes to keeping your organization safe from cyberattacks, they're also a big, growing risk. Your data is in more places than ever before. It lives in sanctioned ...

DevSecOps and Misconfigurations: Key Facts to Know
Published: 11/21/2021
Author: Hillary Baron

Secure DevOps, DevSecOps, and “shifting left” have become increasingly popular terms in cybersecurity. With the rapid increase both in volume and speed to delivery of applications, attacks on applications have also increased in both volume and complexity. Combine this with the shortage of cyberse...

5 Areas Exposing Your AWS Deployments to Security Threats
Published: 09/27/2021

This blog was originally published on Let’s be honest, the cloud has come at us fast this past year—especially if you’re a security practitioner. Like lining up to race Usain Bolt in the 100 meters kind of fast. Only he’s the cloud and you’re trying to keep up. As soon as you get se...

Survey Report: Cloud Security Posture Management and Misconfiguration Risks
Published: 09/20/2021

Written by VMware.The worldwide public cloud services market grew 24.1% YoY in 2020.[1] With companies relying heavily on public clouds as the driver for digital transformation, the security of their cloud applications, data, and underlying infrastructure remains a top priority for Chief Informat...

Why IaaS Security Should be a Priority
Published: 08/20/2021

This blog was originally published by Bitglass here. Written by Jonathan Andresen, Bitglass. Why are CIOs and IT organizations prioritizing investment in cloud infrastructure? The answer is simple: to better support virtual workforces, supply chains, and partners. Getting the most value out of le...

Bad guys are watching for new openings in your cloud, are you?
Published: 07/30/2021

This blog was originally published by Sysdig here.Written by Janet Matsuda, Sysdig CMO.You see the headlines, and perhaps, ‘thank goodness it wasn’t us’ flickers through your mind. An overly permissive web server exposes 100 million+ consumer credit applications, or an S3 bucket leaves hundreds o...

Cloud lateral movement: Breaking in through a vulnerable container
Published: 05/25/2021

This blog was originally published by Sysdig hereWritten By Stefano Chierici, SysdigLateral movement is a growing concern with cloud security. That is, once a piece of your cloud infrastructure is compromised, how far can an attacker reach?What often happens in famous attacks to Cloud environment...

The Multi-Factor Factor (or How to Manage Authentication Risk)
Published: 11/18/2020

By Wendy Nathers, Head of Advisory CISOs at DuoAs we debate the necessity of various authentication factors, particularly for passwordless projects, it’s good to take a step back and remember how we got here. There are key three types of authentication:The 3 Key Types of Authentication1. “Somethi...

No Free Rides With Your OAuth Tokens
Published: 10/03/2020

By Ian Sharpe, Product Leader at AppOmni It’s just another typical Wednesday in May. You’ve received an email from one of your contacts, someone with whom you haven’t spoken to in years. They’ve shared a Google Docs with you. It seems a bit odd, but you’re curious, so you click on the “Open in D...

RECON (CVE-2020-6287) and its impact on Cloud Applications
Published: 09/29/2020

By Shamun Mahmud, Sr. Research Analyst at Cloud Security AllianceKey takeawaysCloud adoption is growing when it comes to ERP ApplicationsERP Applications in the cloud can be vulnerable security issues and organizations need to apply the proper security controls and patches.IntroductionThe RECON v...

Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks
Published: 09/28/2020

By Nicole Fishbein, Malware Analyst and Reverse Engineer at IntezerTeamTNT is a cybercrime group that targets cloud environments including Docker and Kubernetes instances. The group has been previously documented using several tools including crypto-miners and Amazon Web Services (AWS) credential...

​Building a Secure Amazon S3 Bucket
Published: 09/23/2020

By Josh Stella, Co-Founder and CTO, FugueOriginally Published at on Sept 8, 2020Much has been said about Amazon S3 security on Amazon Web Services (AWS) in the press and technical publications, and much of it is oversimplified and of limited practical use. Amazon S3 is an incredibly...

​Polyrize Launches Its Inaugural Shadow Identity Report
Published: 09/17/2020

Key trends and challenges in securing cloud identities and privilegesPolyrize, an innovator in managing and securing privileges and identity access across the public cloud, today launched its 2020 Shadow Identity Report, developed by its new SaaS Threat Labs Team. The report covers key trends and...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.