Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
CCSK Success Stories: From a Cloud Technical Specialist
Published: 09/13/2021

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

Six Pillars of DevSecOps Series
Published: 09/09/2021

Last updated: September 9, 2021While DevOps practices can help improve the management and operations of information security processes in an organization, the execution of these practices has to be secured. Security vulnerabilities can be inadvertently created due to lack of consideration of all ...

How Security Changes With Cloud Networking
Published: 09/08/2021

Common on-premises network practices work differently for the cloud user and provider due to the lack of direct management of the underlying physical network. The most commonly used network security patterns rely on control of the physical communication paths and insertion of security appliances....

The Microservices Architecture Pattern: Expanding Security Assurance Ideas in Containers and Microservices
Published: 09/02/2021

After 137 rolling discussions on Circle and growing a library of input material to 42 unique documents, 2 co-chairs and 343 Application Containers and Microservices (ACM) working group members spanning 5 continents created a third installment further expanding the ideas of CSA security assurance ...

CSA CxO Trust Initiative: Understanding the Priorities of the C-Suite
Published: 08/25/2021

CSA’s CxO Trust Initiative is a broad-based, forward-looking initiative to elevate the knowledge of cloud computing and cybersecurity. Its core mission is to help Chief Information Security Officers (CISOs) better understand the priorities of their peers within the C-Suite and effectively communi...

Five Recommendations for Securing Cloud Containers
Published: 08/19/2021

Written by the members of the Security Guidance Working Group. This blog came from Domain 8 of the CSA Security Guidance for Cloud Computing v4.Understanding the impacts of virtualization on security is fundamental to properly architecting and implementing cloud security. In this blog, we will be...

Secure Containers and Microservices Series
Published: 08/18/2021

Last updated: September 1, 2021CSA Application Containers and Microservices Working Group’s Secure Containers and Microservices SeriesApplication containers and a microservices architecture, as defined in NIST SP 800-180, are being used to design, develop and deploy applications leveraging agile ...

Three Network Weaknesses that Zero Trust Addresses
Published: 08/04/2021

Zero Trust is a network security concept that aims to protect enterprise assets. Under Zero Trust, organizations should not automatically trust anything inside or outside traditional perimeters. Before granting access to assets, organizations should require the verification of anything and everyt...

Secure Distributed Ledger Technology Framework for Financial Institutes
Published: 08/03/2021

Last updated: August 3, 2021Distributed ledger technologies (DLT) introduce a multitude of value propositions for the financial services industry. The pace of innovation is aggressively picking up in use cases pertaining to finance such as digital assets, tokenization and cryptocurrency. However,...

The Use of Blockchain in Healthcare: A Collaboration Between Two CSA Working Groups
Published: 08/02/2021

The unique attributes of healthcare data make it a prime target for nefarious actors. Predictably, healthcare information is tightly regulated by privacy and security laws in the United States, the European Union and international rules governing cloud data storage. The data’s high value, coupled...

Got Vulnerability? Cloud Security Alliance Wants to Identify It
Published: 07/15/2021
Author: Jim Reavis

I wanted to take some time to tell you about a new CSA working group in formation that I am taking a personal interest in. I am sure you have all heard the expression, “when you have a hammer, all problems look like nails.” This is very relatable to our industry as we have to be careful that we d...

Cloud Network Virtualization: Benefits of SDN over VLAN
Published: 06/25/2021

Written by the members of the Security Guidance Working GroupAll clouds utilize some form of virtual networking to abstract the physical network and create a network resource pool. Typically the cloud user provisions desired networking resources from this pool, which can then be configured within...

Critical Controls for Oracle E-Business Suite
Published: 06/11/2021

Written by Mike Miller, OnapsisOver the past months, cyber threat activity has increased to unprecedented levels, with threat actors expanding their capabilities to target critical infrastructure and mission-critical applications. From hacktivists to cyber-criminals and state-sponsored, these act...

What is cloud security? How is it different from traditional on-premises network security?
Published: 11/09/2020

Written by Ryan Bergsma, Training Director at CSACloud is also becoming the back end for all forms of computing, including the ubiquitous Internet of Things and is the foundation for the information security industry. New ways of organizing compute, such as containerization and DevOps are insepar...

Browse by Topic
Write for the CSA blog
Submit your blog proposal