Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Three Network Weaknesses that Zero Trust Addresses
Published: 08/04/2021

Zero Trust is a network security concept that aims to protect enterprise assets. Under Zero Trust, organizations should not automatically trust anything inside or outside traditional perimeters. Before granting access to assets, organizations should require the verification of anything and everyt...

Secure Distributed Ledger Technology Framework for Financial Institutes
Published: 08/03/2021

Last updated: August 3, 2021Distributed ledger technologies (DLT) introduce a multitude of value propositions for the financial services industry. The pace of innovation is aggressively picking up in use cases pertaining to finance such as digital assets, tokenization and cryptocurrency. However,...

The Use of Blockchain in Healthcare: A Collaboration Between Two CSA Working Groups
Published: 08/02/2021

The unique attributes of healthcare data make it a prime target for nefarious actors. Predictably, healthcare information is tightly regulated by privacy and security laws in the United States, the European Union and international rules governing cloud data storage. The data’s high value, coupled...

Got Vulnerability? Cloud Security Alliance Wants to Identify It
Published: 07/15/2021
Author: Jim Reavis

I wanted to take some time to tell you about a new CSA working group in formation that I am taking a personal interest in. I am sure you have all heard the expression, “when you have a hammer, all problems look like nails.” This is very relatable to our industry as we have to be careful that we d...

Food Industry Increasingly Targeted by Cybercriminals
Published: 07/02/2021

This blog was originally published by Ericom Software hereBy Simon Moran, VP Business Development, Ericom Software In recent weeks, cybercriminals seem to be working their way down a checklist of the basic necessities of a modern life: Healthcare – check, Scripps, HSE and a bunch more. Energy – ...

Is the Cloud Control Plane a New Frontline in Cybersecurity?
Published: 06/29/2021

This blog was originally published on Vectra.ai As cloud adoption continues to accelerate with no end in sight, the evolution of the next generation of modern attacks will traverse through and towards an enterprise’s cloud control plane. But why is that? The control plane provides management...

Cloud Network Virtualization: Benefits of SDN over VLAN
Published: 06/25/2021

Written by the members of the Security Guidance Working GroupAll clouds utilize some form of virtual networking to abstract the physical network and create a network resource pool. Typically the cloud user provisions desired networking resources from this pool, which can then be configured within...

Cybercriminals Ramp Up Attacks on Healthcare, Again
Published: 06/24/2021

This blog was originally published by Ericom here Written by James Lui, Ericom Sometimes, even knowing what’s coming can’t help you stop it. Cybersecurity experts anticipated an increase in cyberattacks on healthcare organizations during 2021. And sure enough, by the end of April, 30 US hospita...

Security Spotlight: Ransomware Woes Continue Even As DarkSide Shuts Down After Claiming Multiple Victims
Published: 06/15/2021

This blog was originally published by Bitglass hereWritten by Jeff Birnbaum, BitglassHere are the top security stories from recent weeks. DarkSide Ransomware Operations Shut Down Colonial Pipeline Pays $5 Million Ransomware Demand After DarkSide Ransomware AttackChemical Distributor Brenntag Pays...

Critical Controls for Oracle E-Business Suite
Published: 06/11/2021

Written by Mike Miller, OnapsisOver the past months, cyber threat activity has increased to unprecedented levels, with threat actors expanding their capabilities to target critical infrastructure and mission-critical applications. From hacktivists to cyber-criminals and state-sponsored, these act...

7 Simple but effective tactics to protect your website against DDoS attacks in 2021
Published: 06/04/2021

Written by Tars Geerts, from Mlytics Intro Experts believe that the total number of DDoS attacks will double from the 7.9 million seen in 2018 to over 15 million by 2023. One of the reasons for this significant increase is that DDoS attacks are quite easy to pull off, making them very appeali...

Security Spotlight: US Government Agencies Take Action Against Exchange Vulnerabilities and Social Media Giants Leak Data
Published: 05/10/2021

This article was originally published by Bitglass hereWritten by Jeff Birnbaum, BitglassHere are the top security stories from recent weeks. FBI Removes Web Shells from Compromised Exchange Servers Without Notifying OwnersCISA Requires Federal Agencies to Patch Exchange Servers for Vulnerabilitie...

Beware of Legitimate, but Compromised Websites
Published: 03/30/2021

This blog was originally published by Ericom By Mendy Newman, Group CTO, International, Ericom SoftwareIt’s easy to get lulled into a false sense of security when visiting a website you know – “I navigated directly to xyz.com so I know this isn’t a spoofed site. Surfing here, even downloading thi...

​A Powerful New Approach to Phishing – the Biggest Issue for Cybersecurity
Published: 03/02/2021

Originally published on Ericom's blog.By Nigel Willis, Ericom Group CTO for EMEAPhishing attacks – which start with emails that appear to come from a legitimate company but are really devised by cybercriminals – are the top delivery mechanism for ransomware. Phishing takes full advantage of human...

SolarWinds - How Cybersecurity Teams Should Respond
Published: 12/16/2020

By Paul Kurtz Co-founder and Executive Chairman, TruSTAR Technology SolarWinds perhaps represents the most severe hack of the digital age. The playbook of our adversaries continues to evolve, but defenders are losing, and the gap is widening. Discussion of imposing consequences on adversaries see...

Cloud Security: The Necessity of Threat Hunting
Published: 10/28/2020

By the CSA Minnesota Chapter What is threat hunting? Threat hunting is the proactive search for real and potential threats that may be hidden in a network’s environment. These threats are tricky and malicious and are designed to pass through endpoint defenses undetected. If unfound, these att...

Abusing Privilege Escalation in Salesforce Using APEX
Published: 07/16/2020

By Nitay Bachrach, Senior Security Researcher, PolyrizeThis article describes in detail a Salesforce privilege escalation scenario whereby a malicious insider exploits Author Apex permission to take over an organization’s Salesforce account and all data within it. The user abuses the fact that so...

Cloud Security Challenges in 2020
Published: 02/18/2020

By Ashwin Chaudhary, Chief Executive Officer, Accedere Inc.The worldwide public cloud services market is forecast to grow 17% in 2020 to total $266.4 billion, up from $227.8 billion in 2019 according to Gartner. As the cloud continues to be more and more heavily adopted, it’s important to be awa...

Egregious 11 Meta-Analysis Part 3: Weak Control Plane and DoS
Published: 09/12/2019

By Victor Chin, Research Analyst, CSAThis is the third blog post in the series where we analyze the security issues in the new iteration of the Top Threats to Cloud Computing report. Each blog post features a security issue that is being perceived as less relevant and one that is being perceived ...

Egregious 11 Meta-Analysis Part 2: Virtualizing Visibility
Published: 08/28/2019

By Victor Chin, Research Analyst, CSAThis is the second blog post in the series where we analyze the security issues in the new iteration of the Top Threats to Cloud Computing report. Each blog post features a security issue that is being perceived as less relevant and one that is being perceived...

Browse by Topic
Write for the CSA blog
Submit your blog proposal