Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Scaling GRC Programs: 5 Ways Security Leaders Enable the Business
Published: 07/19/2021

This blog was originally published by OneTrust GRC here.The compliance landscape is in constant flux between external factors changing and businesses working toward scaling GRC programs. Managing compliance is difficult for organizations operating across multiple geographies with multiple sets of...

The Right Time to Hire a Product Security Analyst
Published: 06/30/2021

This blog was originally published by CyberCrypt here.A doll that understands what children say and responds to them seemed, in 2015, like a great idea — unless you were a security analyst.Unfortunately for Mattel, security analysts seem to have been left out of the conversation until the toymake...

Is the Cloud Control Plane a New Frontline in Cybersecurity?
Published: 06/29/2021

This blog was originally published on As cloud adoption continues to accelerate with no end in sight, the evolution of the next generation of modern attacks will traverse through and towards an enterprise’s cloud control plane. But why is that? The control plane provides management...

​Continuous Security Control Enforcement & Governance in the Cloud Ecosystem
Published: 06/23/2021

Written by Raghvendra Singh, Head, Cloud Security CoE, Cyber Security Unit, TCS Digital transformation across industries has witnessed unprecedented acceleration in recent times. Cloud, with its greater flexibility, agility, resilience, and scalability, is invariably the cornerstone technology...

How to Enhance GRC Program Collaboration in Your Organization
Published: 06/10/2021

This blog was originally published by OneTrust GRC here. When it comes to Governance, Risk, and Compliance (GRC), understanding the integrated risk management responsibilities for each internal and external stakeholder isn’t just a best practice. It’s a critical component to preparing for and ...

Real-Time Security Metrics: Insights Every Risk Management Team Should Monitor
Published: 06/08/2021

This blog was originally published by OneTrust GRC here. There is one thing that businesses of all sizes, industries, and sectors have in common – they face a wide range of risk management threats. Specifically, retail, finance, hospitality, government, manufacturing, and healthcare industries...

How CSPs Can Make the Security and Compliance Evaluation Process Easier for Financial Institutions
Published: 06/02/2021

This blog was originally published by Oracle hereOracle author: Maywun Wong, Director, Product MarketingContributed by: Steven D'Alfonso, Research Director, IDC Financial InsightsSo, you have finally decided to move applications to the cloud. But your board's risk committee wants assurance that s...

With Great Power Comes Great Responsibility: The Challenge of Managing Healthcare Data in the Cloud
Published: 05/26/2021

By Jon Moore, MS, JD, HCISSP, Chief Risk Officer and Head of Consulting Services, Clearwater Seeking flexibility, scalability, and cost savings, an increasing number of healthcare organizations are moving systems and data to the Cloud. This trend is accelerating, fueled by increased adoption of ...

Incident Response and Knowing When to Automate
Published: 03/24/2021

This blog was originally published on Measuring and improving total time of response is easier said than done. The reality is many organizations do not know their existing state of readiness to be able to respond to a cybersecurity incident in a fast, effective manner. And most don’t...

​The Age of Collaborative Security
Published: 03/09/2021

Written by: Philippe Humeau, CEO, CrowdSecThe Cloud Security Alliance was born from a need, the need to collaborate, whether we are partners or competitors, for the greater good of our industry and its customers. That’s what alliances are made for, to become stronger together.Security wise, few a...

Transforming Your IT Risk Management from Reactive to Proactive in 5 Steps
Published: 03/04/2021

This blog was originally published on Hyperproof's blog.Written by Jingcong Zhao, Director of Content Strategy at HyperproofAs a seasoned IT risk management professional, you already know that staying on top of security is a constant battle. You probably also know that managing IT risks proactive...

NACHA Updates | Supplementing Data Security Requirements
Published: 01/19/2021

Written by TokenExIn late 2019, NACHA supplemented its existing Security Framework for the ACH Network with a new rule applying to all merchants, billers, businesses, governments, and third parties that send 2 million or more ACH payments per year. The rule was expected to roll out in two phases,...

SolarWinds - How Cybersecurity Teams Should Respond
Published: 12/16/2020

By Paul Kurtz Co-founder and Executive Chairman, TruSTAR Technology SolarWinds perhaps represents the most severe hack of the digital age. The playbook of our adversaries continues to evolve, but defenders are losing, and the gap is widening. Discussion of imposing consequences on adversaries see...

The Way You Protect Your Customers' Data Is Fundamentally Changing
Published: 11/10/2020

By WhisticAs an InfoSec professional, you’ve seen your fair share of growth and change in the industry. Information security presents an interesting challenge because the technology is actively solving for very real threats and risks. As the technology used by malicious forces grows and expands i...

Is your vendor platform future proof?
Published: 09/21/2020

Written by WhisticIn the last few years, the InfoSec and data privacy sectors have grown exponentially. From on-premise hardware and servers to fully adopting cloud-based, SaaS-focused security workflows, the InfoSec world of 2020 looks much different from ten years ago. If you’re like most InfoS...

What is Third Party Risk and Why Does It Matter?
Published: 09/14/2020

Written by WhisticIn the world of information security, third party risk is a topic that comes up often. As more and more organizations turn to SaaS-based vendors and move their operations to a cloud-driven environment, third party risk has become one of the most critical topics for an organizati...

Understanding the Complexities of Securing a Remote Workforce
Published: 09/09/2020

By Sean Gray, Sr. Director InfoSec at Paypal and Co-Chair of the CSA Financial Services Working GroupWe have all witnessed sudden and stunning changes in how companies – big and small – operate in response to the challenges necessitated by COVID-19. Many have pivoted successfully, however there ...

3 Ways to Overcome Challenges in Vendor Risk Management
Published: 08/25/2020

Written by WhisticOne of the most significant catalysts for the shift from reactive to proactive vendor security was the change in the way organizations do business and handle data and information.The Changing SaaS LandscapeInfoSec is one of the latest industries to hop on the SaaS train, but it ...

Cloud Risk Management
Published: 07/02/2020

By Ashwin Chaudhary with AccedereCloud Risk Management is an important aspect in today’s world where majority of the organizations have adopted the cloud in some form or the other. Cloud risks continue to remain high for a CISO or a CIO and is gaining more importance in today’s world where more o...

Cloud Penetration Testing the Capital One Breach
Published: 10/10/2019

By Alexander Getsin, Lead Author for Cloud Penetration Testing PlaybookAligning the Capital One breach with the CSA Cloud Penetration Testing PlaybookIn March 2019, Capital One suffered a unique cloud breach. 140,000 Social Security numbers and 80,000 linked bank account numbers were exposed, alo...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.