Industry Insights
Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Five Steps to a Secure Cloud Architecture
This blog was originally published by Fugue here. By Josh Stella, Chief Architect, Snyk, Co-Founder, Fugue. Cloud computing cyberattacks don’t play out like the scenes from Hollywood thrillers. No one is slowly lowering Tom Cruise into a preselected target’s secure data center equipped with u...
What a More Holistic Approach to Cloud-Native Security and Observability Looks Like
This blog was originally published by Tigera here. Written by Laura Ferguson, Tigera. The rise of cloud native and containerization, along with the automation of the CI/CD pipeline, introduced fundamental changes to existing application development, deployment, and security paradigms. Because clo...
Cloud Security Risk Often Lingers - Why That Should Alarm You!
Written by Tim Sedlack, Sr. Director, Product Management, BeyondTrust. I think you’d agree that, today, “The Cloud” is ubiquitous. If surveys are to be believed, most of us are using more than one cloud service provider (CSP) to achieve our goals of speed of service, simplicity, and (generally) c...
Far, Wide, and Worrisome: Third-Party Blind Spots Bring Risk
This blog was originally published by OneTrust here. Whether it’s legal, procurement, human resources, security — every business unit within an organization is optimizing a network of vendors, also known as third parties. Those vendors, while specializing in specific functions that boost speed an...
SEC Cybersecurity Rule Changes: The Straight Path to Now
This blog was originally published by Agio on April 4, 2022 here. Written by Kirk Samuels, Executive Director, Cybersecurity, Agio. On February 9th, 2022 the United States Securities and Exchange Commission (SEC) proposed new rules related to cybersecurity risk management and disclosures for regi...
How to Perform a Risk Assessment Ahead of a SOC 2: 5 Steps
This blog was originally published by Schellman here. Written by Drew Graham, Senior Associate, Schellman. When Alex Honnold scaled El Capitan in Yosemite without any kind of rope, his assessment of the risk was pretty simple.Sure, he saw falling off the face of a mountain as a “high consequence”...
How to Integrate Risk-Based Security With Your Cloud-Native Infrastructure
This blog was originally published by Vulcan Cyber here.Written by Roy Horev, Vulcan Cyber co-founder.Cloud-native infrastructures take advantage of all cloud computing has to offer: distributed architecture, scalability, flexibility, and the ability to abstract multiple layers of infrastructure—...
Understanding the Updates to Risk Management in PCI DSS v4.0
This blog was originally published by Schellman here. Written by David Moody, Schellman. Formula One legend Ayrton Senna once said this about racing: “I don't know driving in another way which isn't risky. Each driver has its limit. My limit is a little bit further than others.” It’s safe to...
Prioritizing Cloud Security Threats: What You Need to Know
This blog was originally published by Vulcan Cyber here. Written by Roy Horev, Vulcan Cyber Co-founder and CTO. As enterprises across the globe continue to leverage cloud technologies in order to improve business efficiency, cloud service providers (CSPs) looking to gain a competitive edge are ex...
How to Secure Deployments in Kubernetes?
This blog was originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO. Security is crucial for containerized applications that run on a shared infrastructure. With more and more organizations moving their container workloads to Kubernetes, K8s has become the go-to pl...
Who Owns Third-Party Risks: Breaking Down Management and Compliance Silos
This blog was originally published by OneTrust here. Third-party risk management (TPRM) can have a different meaning for different business units, but one thing is for certain: visibility and proper oversight is an absolute must. There are a variety of stakeholders in the business who require...
The State of Data Security in 2022
This blog was originally published by BigID here. Written by Neil Patel, BigID. Data is an organization’s single most valuable asset, relied upon to make critical strategic and operational decisions every day. Much of this information is highly sensitive or critical — and in some cases vulnerable...
Four Ways to Use the Cloud Security Maturity Model
This blog was originally published by Secberus here. Written by Fausto Lendeborg, Secberus.With a name like, Cloud Security Maturity Model, you may be one of the CISOs who think: Sounds like a lot of work.Where does my organization sit?How do we advance?Why should I care?And if any of those quest...
What the Businesses at Work Report Means for Your SaaS Security Program
This blog was originally published on February 22, 2022 by DoControl. Written by Corey O'Connor, DoControl. Earlier this month, Identity and access management platform leader Okta published their 8th annual “Businesses at Work” report. The report pulls data from their more than 14,000 global cust...
The Dangers of Exposed Elasticsearch Instances
This blog was originally published by Open Raven here. Written by Michael Ness, Open Raven. Elasticsearch is a widely used text-search and analytics engine. The tooling provides a simple solution to quickly, easily, and efficiently store and search large volumes of data. Elasticsearch is utilized...
SANS Cloud Security Survey 2022 – Highlights
This blog was originally published by Vulcan Cyber here. Written by Orani Amroussi, Vulcan Cyber. In 2022, security issues have increased in cloud assets, leading to more data breaches involving cloud environments. But, despite the growing threats and attached cyber risk, organizations are undete...
Governing the Organization
This blog was originally published by Coalfire here. Written by Matt Klein, Field CISO, Coalfire. Security is the biggest risk to business today. Managing security has become one of the hardest jobs in the enterprise, and failing to do so effectively can create opportunities for severe operationa...
6 Questions to Ask Along Your Journey to the Cloud
Written by Robert Clyde, ShardSecure A few years ago, a question many enterprises wrestled with was whether migrating to the cloud was a worthwhile endeavor. While there are still some server-huggers, enterprises have resoundingly answered ”yes” to that question and moved beyond that basic ques...
The End of AWS Keys in Slack Channels
This blog was originally published by DoControl here. Written by Adam Gavish, DoControl. It’s time for security teams to enforce stronger controls over the sharing of AWS keys in Slack.Slack (and Microsoft Teams) revolutionized the way organizations collaborate efficiently, especially in the work...
Log4j Vulnerability: Threat Intelligence and Mitigation Strategies to Protect Your SAP Applications
This blog was originally published by Onapsis on February 9, 2022. Written by Onapsis Research Labs. On Thursday, December 9, a critical vulnerability (CVE-2021-44228) in Apache log4j, a widely used Java logging library, was made public. Some are calling it “the most serious vulnerability they ...
Browse by Topic
Write for the CSA blog
Submit your blog proposalSign up to receive CSA's latest blogs
This list receives 1-2 emails a month.