Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Cloud 101
Circle
Events
Blog
Sign In

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Home
Industry Insights
Five Steps to a Secure Cloud Architecture
Published: 06/30/2022

This blog was originally published by Fugue here. By Josh Stella, Chief Architect, Snyk, Co-Founder, Fugue. Cloud computing cyberattacks don’t play out like the scenes from Hollywood thrillers. No one is slowly lowering Tom Cruise into a preselected target’s secure data center equipped with u...

What a More Holistic Approach to Cloud-Native Security and Observability Looks Like
Published: 06/27/2022

This blog was originally published by Tigera here. Written by Laura Ferguson, Tigera. The rise of cloud native and containerization, along with the automation of the CI/CD pipeline, introduced fundamental changes to existing application development, deployment, and security paradigms. Because clo...

Cloud Security Risk Often Lingers - Why That Should Alarm You!
Published: 06/21/2022

Written by Tim Sedlack, Sr. Director, Product Management, BeyondTrust. I think you’d agree that, today, “The Cloud” is ubiquitous. If surveys are to be believed, most of us are using more than one cloud service provider (CSP) to achieve our goals of speed of service, simplicity, and (generally) c...

Far, Wide, and Worrisome: Third-Party Blind Spots Bring Risk
Published: 06/13/2022

This blog was originally published by OneTrust here. Whether it’s legal, procurement, human resources, security — every business unit within an organization is optimizing a network of vendors, also known as third parties. Those vendors, while specializing in specific functions that boost speed an...

SEC Cybersecurity Rule Changes: The Straight Path to Now
Published: 06/08/2022

This blog was originally published by Agio on April 4, 2022 here. Written by Kirk Samuels, Executive Director, Cybersecurity, Agio. On February 9th, 2022 the United States Securities and Exchange Commission (SEC) proposed new rules related to cybersecurity risk management and disclosures for regi...

How to Perform a Risk Assessment Ahead of a SOC 2: 5 Steps
Published: 06/03/2022

This blog was originally published by Schellman here. Written by Drew Graham, Senior Associate, Schellman. When Alex Honnold scaled El Capitan in Yosemite without any kind of rope, his assessment of the risk was pretty simple.Sure, he saw falling off the face of a mountain as a “high consequence”...

How to Integrate Risk-Based Security With Your Cloud-Native Infrastructure
Published: 05/26/2022

This blog was originally published by Vulcan Cyber here.Written by Roy Horev, Vulcan Cyber co-founder.Cloud-native infrastructures take advantage of all cloud computing has to offer: distributed architecture, scalability, flexibility, and the ability to abstract multiple layers of infrastructure—...

Understanding the Updates to Risk Management in PCI DSS v4.0
Published: 05/23/2022

This blog was originally published by Schellman here. Written by David Moody, Schellman. Formula One legend Ayrton Senna once said this about racing: “I don't know driving in another way which isn't risky. Each driver has its limit. My limit is a little bit further than others.” It’s safe to...

Prioritizing Cloud Security Threats: What You Need to Know
Published: 05/18/2022

This blog was originally published by Vulcan Cyber here. Written by Roy Horev, Vulcan Cyber Co-founder and CTO. As enterprises across the globe continue to leverage cloud technologies in order to improve business efficiency, cloud service providers (CSPs) looking to gain a competitive edge are ex...

How to Secure Deployments in Kubernetes?
Published: 05/09/2022

This blog was originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO. Security is crucial ‌for containerized applications that run on a shared infrastructure. With more and more organizations moving their container workloads to Kubernetes, K8s has become the go-to pl...

Who Owns Third-Party Risks: Breaking Down Management and Compliance Silos
Published: 05/03/2022

This blog was originally published by OneTrust here. Third-party risk management (TPRM) can have a different meaning for different business units, but one thing is for certain: visibility and proper oversight is an absolute must. There are a variety of stakeholders in the business who require...

The State of Data Security in 2022
Published: 05/02/2022

This blog was originally published by BigID here. Written by Neil Patel, BigID. Data is an organization’s single most valuable asset, relied upon to make critical strategic and operational decisions every day. Much of this information is highly sensitive or critical — and in some cases vulnerable...

Four Ways to Use the Cloud Security Maturity Model
Published: 04/22/2022

This blog was originally published by Secberus here. Written by Fausto Lendeborg, Secberus.With a name like, Cloud Security Maturity Model, you may be one of the CISOs who think: Sounds like a lot of work.Where does my organization sit?How do we advance?Why should I care?And if any of those quest...

What the Businesses at Work Report Means for Your SaaS Security Program
Published: 04/18/2022

This blog was originally published on February 22, 2022 by DoControl. Written by Corey O'Connor, DoControl. Earlier this month, Identity and access management platform leader Okta published their 8th annual “Businesses at Work” report. The report pulls data from their more than 14,000 global cust...

The Dangers of Exposed Elasticsearch Instances
Published: 04/15/2022

This blog was originally published by Open Raven here. Written by Michael Ness, Open Raven. Elasticsearch is a widely used text-search and analytics engine. The tooling provides a simple solution to quickly, easily, and efficiently store and search large volumes of data. Elasticsearch is utilized...

SANS Cloud Security Survey 2022 – Highlights
Published: 04/14/2022

This blog was originally published by Vulcan Cyber here. Written by Orani Amroussi, Vulcan Cyber. In 2022, security issues have increased in cloud assets, leading to more data breaches involving cloud environments. But, despite the growing threats and attached cyber risk, organizations are undete...

Governing the Organization
Published: 04/13/2022

This blog was originally published by Coalfire here. Written by Matt Klein, Field CISO, Coalfire. Security is the biggest risk to business today. Managing security has become one of the hardest jobs in the enterprise, and failing to do so effectively can create opportunities for severe operationa...

6 Questions to Ask Along Your Journey to the Cloud
Published: 04/11/2022

Written by Robert Clyde, ShardSecure A few years ago, a question many enterprises wrestled with was whether migrating to the cloud was a worthwhile endeavor. While there are still some server-huggers, enterprises have resoundingly answered ”yes” to that question and moved beyond that basic ques...

The End of AWS Keys in Slack Channels
Published: 03/31/2022

This blog was originally published by DoControl here. Written by Adam Gavish, DoControl. It’s time for security teams to enforce stronger controls over the sharing of AWS keys in Slack.Slack (and Microsoft Teams) revolutionized the way organizations collaborate efficiently, especially in the work...

Log4j Vulnerability: Threat Intelligence and Mitigation Strategies to Protect Your SAP Applications
Published: 03/30/2022

This blog was originally published by Onapsis on February 9, 2022. Written by Onapsis Research Labs. On Thursday, December 9, a critical vulnerability (CVE-2021-44228) in Apache log4j, a widely used Java logging library, was made public. Some are calling it “the most serious vulnerability they ...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.

« First
1
2
3
5
7
8
Last »