Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Understanding the Updates to Risk Management in PCI DSS v4.0
Published: 05/23/2022

This blog was originally published by Schellman here. Written by David Moody, Schellman. Formula One legend Ayrton Senna once said this about racing: “I don't know driving in another way which isn't risky. Each driver has its limit. My limit is a little bit further than others.” It’s safe to...

Prioritizing Cloud Security Threats: What You Need to Know
Published: 05/18/2022

This blog was originally published by Vulcan Cyber here. Written by Roy Horev, Vulcan Cyber Co-founder and CTO. As enterprises across the globe continue to leverage cloud technologies in order to improve business efficiency, cloud service providers (CSPs) looking to gain a competitive edge are ex...

How to Secure Deployments in Kubernetes?
Published: 05/09/2022

This blog was originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO. Security is crucial ‌for containerized applications that run on a shared infrastructure. With more and more organizations moving their container workloads to Kubernetes, K8s has become the go-to pl...

Who Owns Third-Party Risks: Breaking Down Management and Compliance Silos
Published: 05/03/2022

This blog was originally published by OneTrust here. Third-party risk management (TPRM) can have a different meaning for different business units, but one thing is for certain: visibility and proper oversight is an absolute must. There are a variety of stakeholders in the business who require...

The State of Data Security in 2022
Published: 05/02/2022

This blog was originally published by BigID here. Written by Neil Patel, BigID. Data is an organization’s single most valuable asset, relied upon to make critical strategic and operational decisions every day. Much of this information is highly sensitive or critical — and in some cases vulnerable...

Four Ways to Use the Cloud Security Maturity Model
Published: 04/22/2022

This blog was originally published by Secberus here. Written by Fausto Lendeborg, Secberus.With a name like, Cloud Security Maturity Model, you may be one of the CISOs who think: Sounds like a lot of work.Where does my organization sit?How do we advance?Why should I care?And if any of those quest...

What the Businesses at Work Report Means for Your SaaS Security Program
Published: 04/18/2022

This blog was originally published on February 22, 2022 by DoControl. Written by Corey O'Connor, DoControl. Earlier this month, Identity and access management platform leader Okta published their 8th annual “Businesses at Work” report. The report pulls data from their more than 14,000 global cust...

The Dangers of Exposed Elasticsearch Instances
Published: 04/15/2022

This blog was originally published by Open Raven here. Written by Michael Ness, Open Raven. Elasticsearch is a widely used text-search and analytics engine. The tooling provides a simple solution to quickly, easily, and efficiently store and search large volumes of data. Elasticsearch is utilized...

SANS Cloud Security Survey 2022 – Highlights
Published: 04/14/2022

This blog was originally published by Vulcan Cyber here. Written by Orani Amroussi, Vulcan Cyber. In 2022, security issues have increased in cloud assets, leading to more data breaches involving cloud environments. But, despite the growing threats and attached cyber risk, organizations are undete...

Governing the Organization
Published: 04/13/2022

This blog was originally published by Coalfire here. Written by Matt Klein, Field CISO, Coalfire. Security is the biggest risk to business today. Managing security has become one of the hardest jobs in the enterprise, and failing to do so effectively can create opportunities for severe operationa...

6 Questions to Ask Along Your Journey to the Cloud
Published: 04/11/2022

Written by Robert Clyde, ShardSecure A few years ago, a question many enterprises wrestled with was whether migrating to the cloud was a worthwhile endeavor. While there are still some server-huggers, enterprises have resoundingly answered ”yes” to that question and moved beyond that basic ques...

The End of AWS Keys in Slack Channels
Published: 03/31/2022

This blog was originally published by DoControl here. Written by Adam Gavish, DoControl. It’s time for security teams to enforce stronger controls over the sharing of AWS keys in Slack.Slack (and Microsoft Teams) revolutionized the way organizations collaborate efficiently, especially in the work...

Log4j Vulnerability: Threat Intelligence and Mitigation Strategies to Protect Your SAP Applications
Published: 03/30/2022

This blog was originally published by Onapsis on February 9, 2022. Written by Onapsis Research Labs. On Thursday, December 9, a critical vulnerability (CVE-2021-44228) in Apache log4j, a widely used Java logging library, was made public. Some are calling it “the most serious vulnerability they ...

Key Ways to Improve DLP Coverage and Accuracy
Published: 03/18/2022

Written by Amit Kandpal, Director - Customer Success at NetskopeIn this blog series, we’ve been examining key questions for cloud DLP transformation. Make sure to also check out Part 1, Part 2, and Part 3. In this final part, let’s look at some available options in decreasing order of breadth in ...

CAASM Should Be an Early Security Investment in Every CISO’s Playbook
Published: 03/07/2022

This blog was originally published by JupiterOne here. Written by Jasmine Henry, JupiterOne. It’s possible to improve your security posture on a shoestring budget. There are a growing number of open source tools for security and compliance, but there are also key areas to invest in at the beginni...

Key Steps to Follow Before Embarking on Specific DLP Policies
Published: 03/04/2022

Written by Amit Kandpal, Director - Customer Success at Netskope. Make sure to also check out Part 1 and Part 2 of this series. As discussed briefly in the first part of this blog series, it is very important to reduce the risk surface area before jumping into configuring and tuning specific DLP ...

The North Star Your Cloud Strategy Needs
Published: 02/25/2022

This blog was originally published by Booz Allen here. Written by Delie Minaie, Booz Allen. Orient cloud success around mission assuranceAs IT leaders throughout the federal government look to guide their agencies toward enterprise-wide cloud maturity, they are met with endless choices regarding ...

A Data Privacy Day Call to Arms: The Shared Responsibility to Protect Customer Data
Published: 02/22/2022

This blog was originally published by JupiterOne here.Written by Melissa Pereira, JupiterOne. Today, millions of people worldwide are becoming aware of how their personal data is collected, shared, and monetized in our modern digital economy. Studies show that Americans are becoming increasingly ...

Key Differences Between Legacy vs Cloud-First DLP
Published: 02/18/2022

Written by Amit Kandpal, Director - Customer Success at Netskope The first blog in this series covered some critical and fundamental aspects of DLP transformation programs that are often not fully understood.A simple but effective framework to analyze the key differences between legacy DLP contex...

From the Trenches: Common-Sense Measures to Prevent Cloud Incidents - Part 2
Published: 02/16/2022

Written by Omri Segev Moyal & Brenton Morris, Profero - Rapid IRIntroduction In part one of this series, we discussed some specific incidents that we at Profero have dealt with in the past and some ways in which attackers can take advantage of cloud environments during an incident. In part two w...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.