Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Cloud 101
Circle
Events
Blog
Sign In

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Home
Industry Insights
SANS 2022 Cloud Security Survey, Chapter 3: How Do Enterprises Keep Their Cloud Infrastructure Secure?
Published: 01/18/2023

Originally published by Gigamon.Editor’s note: This post explores Chapter 3 of the SANS 2022 Cloud Security Survey. Read Chapter 1 and Chapter 2. And check back or future posts covering Chapter 4.There’s been a cloud land rush over the past few years as more and more organizations move compute an...

The Top 10 SaaS Data Access Risks
Published: 10/06/2022

Originally published by DoControl here. Written by Corey O'Connor, DoControl. Modern businesses increasingly rely on SaaS applications like Google Drive, Box, Dropbox, and Slack to facilitate daily exchanges of sensitive data and files. Although these tools allow for real-time collaboration that ...

Study: The Truth About SaaS Security and Why No One Cares…Yet
Published: 09/29/2022

Originally published by Axonius here. Written by Tracey Workman, Axonius. A few months ago, we decided to conduct a study of IT and security professionals in the U.S. and Europe to better understand how they’re handling the rapid adoption of SaaS applications across their organizations. We alread...

Are You Ready for a Slack Breach? 5 Ways to Minimize Potential Impact
Published: 09/22/2022

Originally published by Mitiga here. Written by Ofer Maor, Co-Founder and Chief Technology Officer, Mitiga. TL; DRAs Slack becomes a dominant part of the infrastructure in your organization, it will become a target for attacks and at some point, it is likely to be breached (just like any other te...

A Roadmap to Zero Trust Architecture
Published: 09/01/2022

Originally published by DoControl here. Written by Corey O'Connor, DoControl. Zero Trust was first introduced in 2010, which was also the same year Apple introduced the iPad! This new concept was a bit slow to catch on before really gaining any sort of traction. Fast forward to today, Zero Trust ...

Rise of Cloud Computing Adoption and Cybercrimes
Published: 08/24/2022

Originally published by HCL Technologies here.Written by Sam Thommandru, VP, Global Alliances and Product Management, Cybersecurity & GRC Services, HCL Technologies. The COVID-19 pandemic has caused a major disruption in the business leaders’ perspectives of their company’s’ requirements. A surve...

What is CSA STAR Certification and Why it is Important for ISO/IEC 27001 Certified Organizations?
Published: 07/27/2022

This blog was originally published by MSECB here. What is CSA STAR Certification? Building security and data protection into the DNA of an organization’s management system and operations is very important considering the intensive use of cloud computing by all organizations nowadays. CSA STAR...

Gatekeepers to Gateopeners
Published: 07/07/2022

This blog was originally published by Laminar here. Written by Amit Shaked, Laminar. The past couple of years have been tragic and challenging as the world responded to COVID-19. One positive side effect of the pandemic however, has been the positive momentum of digital transformation, and the sh...

The SASE Journey: A Head of IT Talks Shop
Published: 07/06/2022

This blog was originally published by Lookout here. Written by Steve Banda, Senior Manager, Security Solutions, Lookout.Organizations that are adopting a permanent hybrid or remote-first work environment can use a Secure Access Services Edge (SASE) platform to implement cybersecurity that is not ...

What is Disaster Recovery as a Service? | 10 Benefits to DRaaS
Published: 06/18/2022

Written by the Security as a Service Working Group.PurposeBacking up, or making an extra copy of data in case of accidental deletion or corruption is often a standalone service. Disaster Recovery as a Service (DRaaS) is a cloud computing service model that allows organizations to back up data and...

DLP Approach for The Cloud is Broken: Here's Why and How to Solve It
Published: 05/27/2022

This blog was originally published by Polar Security here. Written by Nimrod Iny, Polar Security. Data Loss Prevention (DLP) is one of the long-standing and more traditional approaches to securing enterprise data. It can be either network or endpoint-based, each having their own unique benefits a...

Security Service Edge (SSE) is the Way to Go, But How Do You Choose?
Published: 05/02/2022

This blog was originally published by Lookout here. Written by Pravin Kothari, Executive Vice President, Product and Strategy, SASE, Lookout. Gartner® recently predicted that “By 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services and private application access from...

Your Data Is Everywhere: Here Are The Critical Capabilities Of A Modern Data Loss Prevention (DLP)
Published: 03/21/2022

This blog was originally published by Lookout here. Written by Sundaram Lakshmanan, CTO of SASE Products, Lookout. In some ways, IT teams had a great life in the early 2000s. Data was stored inside data centers and accessed through known ingress and egress points like a castle with a limited numb...

Key Ways to Improve DLP Coverage and Accuracy
Published: 03/18/2022

Written by Amit Kandpal, Director - Customer Success at NetskopeIn this blog series, we’ve been examining key questions for cloud DLP transformation. Make sure to also check out Part 1, Part 2, and Part 3. In this final part, let’s look at some available options in decreasing order of breadth in ...

Key Steps to Follow Before Embarking on Specific DLP Policies
Published: 03/04/2022

Written by Amit Kandpal, Director - Customer Success at Netskope. Make sure to also check out Part 1 and Part 2 of this series. As discussed briefly in the first part of this blog series, it is very important to reduce the risk surface area before jumping into configuring and tuning specific DLP ...

Key Differences Between Legacy vs Cloud-First DLP
Published: 02/18/2022

Written by Amit Kandpal, Director - Customer Success at Netskope The first blog in this series covered some critical and fundamental aspects of DLP transformation programs that are often not fully understood.A simple but effective framework to analyze the key differences between legacy DLP contex...

Key Questions for Cloud DLP Transformation
Published: 02/04/2022

Written by Amit Kandpal, Director - Customer Success at NetskopeBased on prior, documented deployments of many DLP transformation programs (as companies adjust to the new cloud-first security stack), there are some critical and fundamental aspects that are often not fully understood:How is DLP di...

The Pros and Cons of Using SaaS Security Services
Published: 12/11/2021

Written by the Security Guidance Working GroupIn this blog we discuss the benefits and concerns of security services delivered from the cloud. These services, which are typically SaaS or PaaS, aren’t necessarily used exclusively to protect cloud deployments; they are just as likely to help defend...

CSA Survey Finds Organizations are Shifting their Use of IAM Capabilities in 2021
Published: 11/25/2020

The use of cloud services have continued to increase over the past decade. Particularly in the wake of the COVID-19 public health crisis, many enterprises' digital transformations are on an accelerated track to enable employees to work from home. CSA surveyed these organizations to better underst...

SaaS Security Series: Salesforce Guest User Log Analysis
Published: 11/05/2020

By Drew Gatchell, Senior Engineer at AppOmniIn early October, Security Researcher Aaron Costello published a blog detailing how to leverage Aura (aka Lightning) Controllers as an anonymous guest user to extract and manipulate data within a misconfigured Salesforce Community, Portal, or Site.This...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.

1
Last »