Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Cloud 101
Circle
Events
Blog
Sign In

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Home
Industry Insights
Managing Cloud Security in a Multicloud Environment (Part 1)
Published: 12/20/2022

Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. Cloud computing has become mainstream. The challenge for companies is how best to manage operations and security in a multicloud environment. Most large enterprises now use anywhere from t...

Don’t Keep Us in the Dark: Addressing the Cloud Change Management Gap
Published: 12/14/2022

Sean Heide, Research Technical Director at CSA Jez Goldstone, Director of Security Architecture, Cloud & Innovation | CSO Cyber Security Assurance at Barclays Hillary Baron, Sr. Research Technical Director at CSA John Yeoh, Global VP of Research at CSA The innovation in cloud services and platfor...

Don’t Leave it to Your Apps: Why Security Needs to be a Shared Responsibility
Published: 11/07/2022

Originally published by Lookout. Written by Hank Schless, Senior Manager, Security Solutions, Lookout. Here’s a scenario that was unlikely just two years ago: permanently telecommuting from Honolulu to your financial job on Wall Street. Fast forward to today, the world has accepted that productiv...

Definitive Guide to Hybrid Clouds, Chapter 1: Navigating the Hybrid Cloud Journey
Published: 11/04/2022

Originally published by Gigamon. Written by Stephen Goudreault, Gigamon. This post explores Chapter 1 of the Definitive Guide™ to Network Visibility and Analytics in the Hybrid Cloud. Many organizations are deploying assets to the cloud, which is often the start of their cloud migration journey. ...

7 Best Practices for Cloud Incident Response
Published: 10/18/2022

Originally published by Mitiga here. Written by Matthew Stephen, Mitiga. You may have heard the saying that it is not a matter of “if” but “when” you will experience a breach. An attack could be targeted or opportunistic, performed by a nation-state or a less sophisticated threat actor, focused o...

Verizon’s 2022 Mobile Security Index Report – Confirming What We All Suspected
Published: 09/14/2022

Originally published by Thales here. Written by Todd Moore, VP, Encryption Products, Thales.What happens when you combine a pandemic that forces most businesses into a remote work environment, coupled with increased mobile device use for many daily tasks? On the one hand, you get increased produc...

Challenges of Cloud Security (5 Traps to Avoid)
Published: 09/12/2022

Originally published by Vulcan Cyber here. Written by Gal Gonen, Vulcan Cyber. It’s no surprise that one of the biggest concerns for companies using the cloud - whether they were born in the cloud or migrated to one - is the attached challenges of cloud security, specifically when “operating in t...

Implementing Outsourced Cloud Monitoring
Published: 06/09/2022

This blog was originally published by Weaver here. Written by David Friedenberg, Senior Manager, IT Advisory Services, Weaver. If your organization has decided to hire an outsourced cloud monitoring service, it is important to consider how you will ensure that the services are delivered in the ri...

Essential Cloud Security & Compliance Tips from CSA
Published: 06/02/2022

This blog was originally published by Pivot Point Security here.Even before the pandemic, the majority of businesses were already moving to the cloud. Now, it seems you can’t do business without it. This means cloud security and compliance are more important than ever.That’s why I’m speaking to o...

Governing the Organization
Published: 04/13/2022

This blog was originally published by Coalfire here. Written by Matt Klein, Field CISO, Coalfire. Security is the biggest risk to business today. Managing security has become one of the hardest jobs in the enterprise, and failing to do so effectively can create opportunities for severe operationa...

A Whole New World for PCI DSS
Published: 03/30/2022

This blog was originally published by PKWARE on November 23, 2021. As we know, the new Payment Card Industry Data Security Standard (PCI DSS) 4.0 guidelines are coming out in Q1 of next year, with some predicting a March timeframe for its release based on previous releases. The last time PCI came...

When It Comes to SaaS Security, Ignorance is Not Bliss for Corporate Leadership
Published: 03/29/2022

Written by Brendan O’Connor, CEO and Co-Founder of AppOmni Organizations are increasingly moving their data to SaaS platforms. But while companies are racing to adopt SaaS, many haven’t yet put the tools and processes in place to protect their SaaS data, leaving it vulnerable in the cloud. It...

Hey You, Get Out of My Cloud!
Published: 03/25/2022

Written by Jim Mandelbaum, Gigamon Field CTO When we take a cloud solution to production how do we know who has access to that data? The process of deploying the production environment has certainly involved several groups and individuals. Who still has access and what can they do with it? Ho...

Five Cloud Security Traps (And How to Avoid Them)
Published: 03/21/2022

This blog was originally published by Vulcan Cyber here. Written by Gal Gonen, Vulcan Cyber. It’s no surprise that one of the biggest concerns for companies using the cloud – whether they were born in the cloud or migrated to one – is the attached security management, specifically when “operating...

App Patching is a No-Win Situation. First Principles Reveals a Better Approach.
Published: 02/03/2022

Written by Satya Gupta, Co-Founder and CTO, Virsec When organizations need to get applications up and running quickly, they turn to cloud infrastructure. The last two years accelerated this strategy as nearly everything went digital. But now cloud users are facing an existential threat. I...

What is Serverless? How Does it Impact Security?
Published: 01/25/2022

Written by the Serverless Working Group What is serverless?Serverless computing is a cloud computing execution model in which the cloud provider is responsible for allocating compute and infrastructure resources needed to serve Application Owners workloads. An Application Owner is no longer requi...

Why Cloud-Ready, Centralized AppSec Must Underpin State Government Cloud Adoption
Published: 11/17/2021

This blog was originally published by Checkmarx here. Written by Rebecca Spiegel, Checkmarx. State and local governments are accelerating their use of the cloud as they focus on delivering more digital services with fewer resources and continue responding to pandemic pressures. In a recent Fe...

SaaS Insecurity: How to Regain Control
Published: 10/20/2021

By Andrew Sweet, AppOmni. Is your SaaS environment running? Then you better go catch it! Or, better yet, secure it. Jokes aside, it’s common knowledge these days that SaaS environments are popular for their agility and scalability, helping businesses streamline operations, improve customer...

The Evolution of Private Cloud Computing and Shared Responsibility
Published: 09/15/2021
Author: Vishwas Manral

Summary: Cloud computing has changed over the last 10 years – the Private Cloud has undergone a big change too. This blog captures the evolution of the Private Cloud with a focus on the shared responsibility model. A previous blog talks about the different service models as they have evolved...

SaaS Security: Risks and Mitigation Methods
Published: 08/16/2021

Written by Dipen Rana and Pooja Patil, TCS As a pandemic-triggered hybrid work model settles in, many enterprises are moving onto the cloud for better agility and greater efficiency. With the cloud offering subscription-based models and eliminating infrastructure cost, organizations have the flex...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.

1
Last »