Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Top Threat #9 to Cloud Computing: Misconfiguration and Exploitation of Serverless and Container Workloads
Published: 11/20/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...

Seamlessly Secure Your Cloud Workloads
Published: 10/31/2022

Originally published by The New Stack. Also published by Torq.You’ve secured your cloud identities. You’ve hardened your cloud security posture. You’ve configured strong cloud access controls. But there’s still one more thing you need in order to secure your cloud environment: a cloud workload pr...

5 Business Benefits of Serverless
Published: 05/29/2022

This blog was written by CSA’s Serverless Working Group.Serverless computing offers several business benefits over traditional cloud-based or server-centric infrastructure. Consider a cloud-native serverless architecture for your organization if you’re hoping to improve in any of the following ar...

How to Architect for Sustainability in a Cloud Native Environment
Published: 05/16/2022

This blog was originally published by Contino here. Written by Scott McCracken, Contino. Recognising the impact we have on the environment is more important than ever and ensuring our businesses are sustainable is now paramount. Over the last year, more and more organisations have signed up to Th...

What is Serverless? How Does it Impact Security?
Published: 01/25/2022

Written by the Serverless Working Group What is serverless?Serverless computing is a cloud computing execution model in which the cloud provider is responsible for allocating compute and infrastructure resources needed to serve Application Owners workloads. An Application Owner is no longer requi...

Kubernetes Security Best Practices
Published: 01/21/2022

Written by the CSA Serverless Working Group Kubernetes is an open-source container orchestration engine for automating deployment, scaling, and management of containerized applications. A Kubernetes cluster consists of worker nodes/pods that host applications. The Kubernetes control plane manages...

What is a Cloud-Native Application Protection Platform (CNAPP)?
Published: 10/25/2021

This blog was originally published by Wiz here. Written by Josh Dreyfuss, Wiz. The security space is rife with acronyms and it can be difficult to keep track of everything. There is a new acronym emerging, however, that is worth diving into: CNAPP. CNAPP, or Cloud-Native Application Protection Pl...

Kubernetes 1.22 – What’s new?
Published: 09/06/2021

This blog was originally published by Sysdig here. Written by Víctor Jiménez Cerrada, Sysdig. Kubernetes 1.22 was released in early August, and it comes packed with novelties! Where do we begin? This release brings 56 enhancements, an increase from 50 in Kubernetes 1.21 and 43 in Kubernet...

Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass
Published: 06/22/2021

This blog was originally published by Sysdig hereWritten by Stefano Chierici, SysdigThe CVE-2021-25735 medium-level vulnerability has been found in Kubernetes kube-apiserver that could bypass a Validating Admission Webhook and allow unauthorised node updates.The kube-apiserver affected are:kube-a...

Do You Really Need Kubernetes?
Published: 03/10/2021

This article was originally published on Intezer's blog. Kubernetes is one of the top open-source container orchestration projects, as it dramatically simplifies the creation and management of applications by providing built-in solutions to common problems. Although Kubernetes can be a solution f...

The 12 Most Critical Risks for Serverless Applications
Published: 02/11/2019

By Sean Heide, CSA Research Analyst and Ory Segal, Israel Chapter Board MemberWhen building the idea and thought process around implementing a serverless structure for your company, there are a few key risks one must take into account to ensure the architecture is gathering proper controls when s...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.