Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
On the Criticality of SDLC Context for Vulnerability Remediation
Published: 01/25/2023

Originally published by Dazz. Written by Eyal Golombek, Director of Product Management, Dazz. Risk can go undetected when full context of the SDLC is missing Risk to cloud environments originates from multiple possible sources. Managing cloud risk requires a deep understanding of how that risk en...

If You Could Only Ask One Question About Your Data, It Should be This
Published: 01/25/2023

Originally published by Sentra. Written by Guy Spilberg, VP R&D, Sentra. When security and compliance teams talk about data classification, they speak in the language of regulations and standards. Personal Identifiable Information needs to be protected one way. Health data another way. Employee i...

5 Steps to Managing Third-Party Risk in the Healthcare Industry
Published: 01/21/2023

Written by the Health Information Management Working Group. Healthcare organizations are struggling to identify, protect, detect, respond, and recover from third-party or vendor-related data breaches, vulnerabilities, and threat events. The number of third-party vendors that handle sensitive data...

Five Steps Towards Building a Better Data Security Strategy
Published: 01/17/2023

Originally published by Lookout. Written by Sundaram Lakshmanan, CTO of SASE Products, Lookout. In the past when organizations had a new security need, they would meet that need by purchasing a new security product. But that approach is how we ended up with an average of 76 security tools per...

Everything You Need to Know About HITRUST Certification
Published: 01/13/2023

Originally published by A-LIGN. Written by Blaise Wabo, A-LIGN. HITRUST is a standards organization focused on security, privacy and risk management. The organization developed the HITRUST CSF to provide healthcare organizations with a comprehensive security and privacy program. This program was ...

Security Tips to Keep in Mind for 2023
Published: 01/12/2023

Written by Rebecca Harrisson, Content Specialist, Ardoq. Fast-growing scale-ups constantly work to scale their security to match their growth. Ardoq has experienced the proverbial growing pains associated with our own fast growth. As 2023 starts, we’d like to share some tips for better security...

Key Takeaways from Forrester’s Embrace A Paradigm Shift In SaaS Protection: SaaS Security Posture Management Report
Published: 01/10/2023

Originally published by Adaptive Shield. Written by Zehava Musahanov, Adaptive Shield. Forrester, a research and advisory company, offers organization’s a variety of services including research and consulting. Their reports help professionals understand their customer’s behavior, concerns, and in...

How To Understand Impact Through Asset Management and Threat Intelligence, Part 3
Published: 01/03/2023

Originally published by Axonius. Written by Katie Teitler, Axonius. In part one and part two of this series, we defined what cyber asset intelligence is, how — combined with threat intelligence — it informs cyber asset management as a way to decrease risk, and how organizations can start to build...

Build a Strong SAP Security Strategy With the NIST Framework
Published: 12/22/2022

Originally published by Onapsis. Written by JP Perez-Etchegoyen, CTO, Onapsis. Business applications like SAP are responsible for running the enterprise, powering operations and fueling the global economy. Considering 77% of the world’s transactional revenue touches an SAP system and 92% of the F...

The Top Cloud Computing Risk Treatment Options
Published: 12/17/2022
Author: Megan Theimer

Cloud threats pose great harm to organizations’ business objectives. Storage, compute, and even network services have been subjected to nefarious attacks. Since cloud compliance and security is a shared responsibility, every organization should collaborate with their cloud service providers to im...

Data States Security Experts Unhappy With Traditional Tokenization
Published: 12/08/2022

Originally published by Titaniam. Titaniam’s 2022 State of Enterprise Tokenization Survey shows that the vast majority of cybersecurity experts are dissatisfied with their current tokenization tools. In fact, despite spending 1 million dollars annually on tokenization security tools, 99% of respo...

Preventing Unauthorized Usage of Non-Person Entities (NPEs)
Published: 12/08/2022

Originally published by TrueFort. Written by Trish Reilly, TrueFort. What is an “NPE”? For those of you not working at a Federal agency, the acronym ‘NPE’ may be foreign. Or you may know it as service accounts for non-federal organizations. Like any other industry, the US Federal government oft...

Security Program Management (SPM) and Governance, Risk and Compliance (GRC): What’s the Difference?
Published: 12/07/2022

Originally published by Blue Lava. Written by Emily Shipman, Blue Lava. Compliant but not Secure: The Differences Between Governance, Risk and Compliance (GRC) and Security Program Management (SPM) and Why it Matters Security programs bear many responsibilities, but chief among them is the duty t...

Zero Trust is Key to Supply Chain Security
Published: 12/07/2022

Originally published by CXO REvolutionaries. Written by Jeff Lund, Global CISO - Global Information Security, Marsh McLennan. When former director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Chris Krebs spoke at Black Hat 2022, he highlighted two factors that regularly und...

5 Tips for CISOs and Boards Navigating the Evolving Regulatory Landscape
Published: 12/06/2022

Originally published by ShardSecure. Written by Marc Blackmer, VP of Marketing, ShardSecure. Corporate boards are facing mounting pressure to “get smart” about data protection as they navigate an evolving regulatory landscape. It starts with a deeper understanding of cybersecurity, but under...

IoT Vulnerabilities and Security Concerns
Published: 11/19/2022
Author: Megan Theimer

In Part 1 of this blog, we covered the many reasons that Internet of Things (IoT) security is needed and should be properly funded. Now, to help you understand how to design and develop IoT products securely, we will explain some of the challenges security engineers face when dealing with IoT dev...

Data Center Resilience and Risk Assessment
Published: 11/15/2022

Originally published by ShardSecure. Written by Marc Blackmer, VP of Marketing, ShardSecure. What is data resilience? A multifaceted endeavor, data resilience can include data integrity and availability, cluster storage, regular testing, disaster recovery, redundancy, backups, and more. As TA...

What is ERP Security?
Published: 11/14/2022

Originally published by Onapsis on October 6, 2022. This month marks CISA’s 19th Cybersecurity Awareness Month, a joint effort between the government and public to raise awareness of the importance of cybersecurity. This year's theme, "See Yourself in Cyber," demonstrates that while cybersecurity...

How Cybersecurity Asset Management Helps Amid Economic Uncertainty
Published: 11/09/2022

Originally published by Axonius. Written by Kathleen Ohlson, Axonius. Trying to understand, manage and protect the disparate parts that make up an IT infrastructure can be one of the biggest challenges — and headaches — for IT and cybersecurity professionals. With today’s increased economic uncer...

Cloud Data Security Means Shrinking the “Data Attack Surface”
Published: 11/08/2022

Originally published by Sentra. Traditionally, the attack surface was just the sum of the different attack vectors that your IT was exposed to. The idea being as you removed vectors through patching and internal audits. With the adoption of cloud technologies, the way we managed the attack surfac...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.