Circle
Events
Blog

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Attack Vector vs. Attack Surface: What is the Difference?
Published: 05/19/2022

This blog was originally published by BitSight here. Written by Rachel Holmes, BitSight. The terms attack vector and attack surface are often used interchangeably. But there are very clear differences between both terms. Understanding those differences can help your organization maintain ...

The One Cloud Threat Everyone Is Missing
Published: 05/19/2022

Blog originally published at fugue.co on April 22, 2022. Written by Josh Stella, Chief Architect at Snyk. Ask security professionals to name the biggest threat to their organizations’ cloud environments, and most won’t hesitate to give a one-word answer: misconfigurations. Technically, t...

Prioritizing Cloud Security Threats: What You Need to Know
Published: 05/18/2022

This blog was originally published by Vulcan Cyber here. Written by Roy Horev, Vulcan Cyber Co-founder and CTO. As enterprises across the globe continue to leverage cloud technologies in order to improve business efficiency, cloud service providers (CSPs) looking to gain a competitive edge are ex...

Breaking The Chain: Are You The Unintended Victim Of A Supply Chain Attack?
Published: 05/17/2022

This blog was originally published by Lookout here. Written by Hank Schless, Senior Manager, Security Solutions, Lookout. We’ve heard a lot about “supply chains” of various industries over the past couple of years, and the cybersecurity sector is no exception. When Colonial Pipeline was compr...

Threat Modelling: What It Is and Why It Matters
Published: 04/21/2022

This blog was originally published by Contino here. Written by Marcus Maxwell, Contino. Identifying the security threats that your systems face is one step towards mitigating potential vulnerabilities as part of a wider risk management strategy. But on its own, awareness of threats is not enough ...

Weathering Russian Winter: The Current State of Russian APTs
Published: 04/20/2022

This blog was originally published by LogicHub on April 8, 2022. Written by Tessa Mishoe, Senior Threat Analyst, LogicHub. Russian Advanced Persistent Threats (APTs)It’s no secret that Russian Advanced Persistent Threats (APTs) are a significant burden on cybersecurity teams. For years, organizat...

Cyber Protection Week 2022: The Need (And Demand) For Integration Grows
Published: 04/15/2022

This blog was originally published on March 31, 2022 by Acronis. Written by Dave Kostos, Acronis. For a long time, March 31 was World Backup Day: an annual event created to raise awareness of the importance of backup best practices. In 2020, we celebrated the final World Backup Day and, with a vi...

SANS Cloud Security Survey 2022 – Highlights
Published: 04/14/2022

This blog was originally published by Vulcan Cyber here. Written by Orani Amroussi, Vulcan Cyber. In 2022, security issues have increased in cloud assets, leading to more data breaches involving cloud environments. But, despite the growing threats and attached cyber risk, organizations are undete...

Drawing the RedLine - Insider Threats in Cybersecurity
Published: 04/06/2022

This blog was originally published by LogicHub here. Written by Tessa Mishoe, LogicHub. RedLine Password Theft MalwareThe RedLine password theft malware is a hot topic this month with Microsoft’s employee compromise. Though Microsoft didn’t offer many officially released details on what occurred,...

Cloud Threats: What Business Executives Need to Know Right Now
Published: 03/31/2022

This blog was originally published on fugue.co on February 4, 2022. Written by Josh Stella, Fugue. Read the first blog in this series here and the second blog here. The ancient Chinese general Sun Tzu famously wrote: “If you know the enemy and know yourself, you need not fear the result of a h...

Amazon Ring: A Case of Data Security and Privacy
Published: 03/26/2022

This case study is based off of CSA’s Top Threats to Cloud Computing: Egregious Eleven Deep Dive. The Deep Dive connects the dots between CSA Top Threats through the use of nine real-world attacks and breaches. Pulling from one of the case studies, this article provides a security analysis overvi...

To Err is Human, and That is What Hackers are Counting On
Published: 03/23/2022

Originally published January 20, 2022 on Fugue’s website. Written by Josh Stella. Read the first blog in this series here. It’s understandable if you’ve made thwarting ransomware your top cybersecurity priority for 2022. The number of successful ransomware attacks, which encrypt computers unt...

Data Breach vs Data Exposure
Published: 03/22/2022

This blog was originally published by TokenEx here. Written by Anni Burchfiel, TokenEx. Data breaches have become increasingly common, and costly, as the world continues to work from home. According to CyberTalk in 2021, 36 billion company records were exposed, and data breach costs soared to $4....

Learning from the State of Washington’s Data Breach
Published: 03/16/2022

This blog was originally published by AppOmni here. Written by Brian Soby, CTO and Co-Founder of AppOmni. It's not surprising to hear about another data breach in the news, especially one involving a large SaaS deployment like the State of Washington announced in February 2022. SaaS has great...

Milliseconds Matter: Defending Against the Next Zero-Day Exploit
Published: 03/14/2022

Written by Jim Routh, Virsec Zero-day exploits have made headline news over the past two years, attracting newfound attention from regulators and increasing pressure on software manufacturers and security leaders. The most recent exploit comes from the Log4J vulnerabilities. However, zero-day...

An Analysis of the 2020 Zoom Breach
Published: 03/13/2022

This case study is based off of CSA’s Top Threats to Cloud Computing: Egregious Eleven Deep Dive. The Deep Dive connects the dots between CSA Top Threats by using nine real-world attacks and breaches. Pulling from one of the case studies, this article provides a security analysis overview of the ...

DevSecOps: Mission-Critical to Enterprise Resilience
Published: 03/11/2022

This blog was originally published by Coalfire here. Written by Caitlin Johanson, Director, Application Security, Coalfire. Whatever tolerance we had for failure has been turned upside down in the cloud. The consequences, never greater. So, what’s the solution? Nothing is more important to en...

Predictions 2022: Five Threats That Will Impact Your Personal Data And Privacy
Published: 03/09/2022

This blog was originally published by Lookout here. Written by Firas Azmeh, General Manager, Personal Digital Safety & Carrier Partnerships, Lookout. It will be increasingly difficult to tell what is legitimate online‍ In Q1 of 2021, 4 in 10 people encountered an unsafe link while using their mob...

The Significance of PwnKit to Insider Threats
Published: 03/01/2022

This blog was originally published by Alert Logic here. Written by Josh Davies, Alert Logic. Alert Logic has been covering and tracking PwnKit since its initial discovery, and we’ve developed the appropriate detection and coverage to both determine exposure and identify compromises. PwnKit all...

CSA Summit Coming to Minneapolis, MN
Published: 02/19/2022

Written by Rachel Soanes, Director of Marketing and Communications for CSA MN Chapter BOD Cloud Security Alliance - Minnesota Chapter is excited to announce the first ever regional CSA Midwest Summit coming to Minneapolis, MN on April 5th, 2022. CSA MN is very excited to be co-hosting this event ...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.