Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Monitor Your SaaS Environment for Three Common SaaS Misconfigurations
Published: 09/23/2022

Originally published by AppOmni here. Written by John Whelan, Senior Director of Product Management, AppOmni. SaaS is ubiquitous across the enterprise and accounts for approximately 70% of software usage in companies. And SaaS usage is growing, with thousands of SaaS applications available to...

What is the Cloud Security Alliance and Why Should I (as Someone Selling or Buying Cloud Services) Care?
Published: 06/17/2022

This blog was originally published by Pivot Point Security here.If you’re not involved in cloud services you’re probably frozen in ice somewhere. With SaaS penetration nearing 100% of businesses, what is the state of cloud security?To talk about the biggest issues and answers in cloud security to...

What’s Zero Trust Data Access?
Published: 05/04/2022

This blogs was originally published by DoControl here. Written by Adam Gavish, DoControl. “Zero trust is a way of thinking, not a specific technology or architecture,” says Gartner Distinguished VP Analyst Neil MacDonald. “It’s really about zero implicit trust, as that’s what we want to get rid o...

What the Businesses at Work Report Means for Your SaaS Security Program
Published: 04/18/2022

This blog was originally published on February 22, 2022 by DoControl. Written by Corey O'Connor, DoControl. Earlier this month, Identity and access management platform leader Okta published their 8th annual “Businesses at Work” report. The report pulls data from their more than 14,000 global cust...

Pentests Often Miss 6 Critical SaaS Security Issues. Here’s Why.
Published: 04/13/2022

This blog was originally published by AppOmni here. Written by Tim Bach, Vice President of Engineering, AppOmni. As security and compliance teams assess the fallout and lessons learned from data breaches, they’ll need to re-evaluate their security practices and controls. This is particularly ...

What NIST SP 800-207 Means for SaaS Security
Published: 04/08/2022

This blog was originally published by DoControl here. Written by Corey O'Connor, DoControl. The National Institute of Standards and Technology (NIST) and Cybersecurity and Infrastructure Security Agency (CISA) in August 2020 published NIST Special Publication 800-207. This special publication fol...

When It Comes to SaaS Security, Ignorance is Not Bliss for Corporate Leadership
Published: 03/29/2022

Written by Brendan O’Connor, CEO and Co-Founder of AppOmni Organizations are increasingly moving their data to SaaS platforms. But while companies are racing to adopt SaaS, many haven’t yet put the tools and processes in place to protect their SaaS data, leaving it vulnerable in the cloud. It...

Learning from the State of Washington’s Data Breach
Published: 03/16/2022

This blog was originally published by AppOmni here. Written by Brian Soby, CTO and Co-Founder of AppOmni. It's not surprising to hear about another data breach in the news, especially one involving a large SaaS deployment like the State of Washington announced in February 2022. SaaS has great...

The CFO and Cloud Adoption: 102
Published: 01/14/2022
Author: Jeffrey Westcott, CPA

In my last post, I discussed the NIST definition of the cloud. Let’s take this to the next level by discussing the different service models offered by cloud service providers (CSPs). Three basic delivery models – SaaS, PaaS and IaaS – are listed below. These are the basic and oft-referenced model...

The Three Pillars of a CARTA-enabled CSPM Strategy
Published: 12/28/2021

This blog was originally published by Secberus here. Written by Fausto Lendeborg, Secberus. The cloud has changed how enterprises operate today. It has allowed companies to more easily store and share data. And with all this new data, it's increasingly important to make sure your security strat...

Single-Tenant Versus Multitenant SaaS Solutions: When Does it Matter?
Published: 12/22/2021

Written by Morey J. Haber, BeyondTrust Today, there are many cloud-native, software-as-a-service (SaaS) solutions, built and optimized for the cloud, from which to choose. Yet, many competing solutions continue to tout themselves as “cloud-based”, even though they really represent just a lift and...

SaaS Insecurity: How to Regain Control
Published: 10/20/2021

By Andrew Sweet, AppOmni. Is your SaaS environment running? Then you better go catch it! Or, better yet, secure it. Jokes aside, it’s common knowledge these days that SaaS environments are popular for their agility and scalability, helping businesses streamline operations, improve customer...

Building A SaaS Security Program: A Quick Start Guide
Published: 09/28/2021

Written by Bryan Solari, AppOmni Every few years a new technology takes hold of businesses worldwide, expanding adoption at a speed that far outpaces our ability to secure it. Inevitably, the security shortfalls of this technology become known, and we build risk mitigation strategies that mel...

What are the Most Common Cloud Computing Service Delivery Models?
Published: 08/24/2021

This blog was originally published by Alert Logic here.Written by Angelica Torres-Corral, Alert Logic.Cloud computing has transformed the way companies use technology, and your organization stands to gain a lot from migrating to a cloud solution. But which service delivery model is right for you...

SaaS Security: Risks and Mitigation Methods
Published: 08/16/2021

Written by Dipen Rana and Pooja Patil, TCS As a pandemic-triggered hybrid work model settles in, many enterprises are moving onto the cloud for better agility and greater efficiency. With the cloud offering subscription-based models and eliminating infrastructure cost, organizations have the flex...

​CSA STAR Attestation and STAR Certification Case Studies
Published: 02/28/2021

As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. The CSA STAR Attestation and Certification are the fi...

Cloud Security for SaaS Startups Part 1: Requirements for Early Stages of a Startup
Published: 02/19/2021

Based on the Cloud Security for Startups guidelines written by the CSA Israel ChapterBackground Information security is a complicated subject even for mature enterprises, so it’s no wonder that startups find the area challenging. Planning, implementing and maintaining good-practice security are n...

How to avoid the biggest mistakes with your SaaS security
Published: 02/08/2021

This blog was originally published on Wandera.comWritten by Alex Powell at WanderaThe biggest mistakes in SaaS securityThe popularity of SaaS applications for businesses continues to grow with 95% of businesses hosting sensitive information in the cloud. Traditional security models and boundary-f...

Security Policies | Q&A with TokenEx Industry Experts
Published: 12/10/2020

Contributed by TokenExSecurity Policies | What You Need to KnowWhat is a Security Policy?Security policies are internal frameworks that formally document an organization’s requirements for the safe handling of sensitive information and assets. Effective security policies tend to be developed for ...

Securely Implementing Salesforce as a IdP in a Multi-Org Architecture
Published: 12/09/2020

Written by Aaron Costello is an Offensive Security Engineer at AppOmniBy focusing on streamlining access to applications and services, most enterprises have deployed tooling that allows consolidated login for quicker access to the resources their employees need to accomplish their day-to-day job ...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.