Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Introduction to the NIST Cybersecurity Framework
Published: 04/21/2021

This blog was originally published by OpsCompass hereWritten by Kevin Hakanson, OpsCompassSecurity Framework Based on Standards, Guidelines, and PracticesThe NIST Cybersecurity Framework (NIST CSF) was created via a collaboration between the United States government and industry as a voluntary fr...

​Cloud-Native Security Starts with the Cloud
Published: 04/07/2021

Oracle author: Maywun Wong, Director, Product MarketingContributed by: Frank Dickson, IDC, Program Vice President, Security & Trust“Cloud-native security!” is the battle cry of the day. We all want it. But what is it? Everyone seems to define it differently. My suggestion is that any discussi...

Cloud Security for SaaS Startups Part 1: Requirements for Early Stages of a Startup
Published: 02/19/2021

Based on the Cloud Security for Startups guidelines written by the CSA Israel ChapterBackground Information security is a complicated subject even for mature enterprises, so it’s no wonder that startups find the area challenging. Planning, implementing and maintaining good-practice security are n...

How to avoid the biggest mistakes with your SaaS security
Published: 02/08/2021

This blog was originally published on Wandera.comWritten by Alex Powell at WanderaThe biggest mistakes in SaaS securityThe popularity of SaaS applications for businesses continues to grow with 95% of businesses hosting sensitive information in the cloud. Traditional security models and boundary-f...

The Evolution of Cloud Computing and the Updated Shared Responsibility
Published: 02/04/2021

Written by Vishwas Manral, Founder and CEO at NanoSec, CSA Silicon Valley Chapter.Cloud computing has changed over the last 10 years. This blog captures the reason why the original service models are no longer sufficient as a result of the changes in the cloud landscape with the growth of Contain...

Transitioning Traditional Apps into the Cloud
Published: 02/03/2021

Contributed by IntezerFor organizations, cloud adoption is the primary driver of digital transformation and modernizing traditional applications to cloud constructs is a major milestone. Cloud opens up a world of opportunities, with a choice of IaaS, PaaS, and SaaS as deployment models.Organizati...

CCSK Success Stories: from a Cybersecurity Engineer
Published: 01/31/2021

In this blog series we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the Certificate of Cloud Security Knowledge (CCSK) in their current roles. In this blog we'll be interviewing Lucas, a Cyb...

Resources to Help Address Cybersecurity Challenges in Healthcare
Published: 01/29/2021

By Vince Campitelli, Co-Chair for the CSA Health Information Management Working Group (HIM)According to a 2019 Thales Report (3) 70% of healthcare organizations surveyed reported a data breach, with a third reporting a breach within the last year. All organizations surveyed reported collecting, ...

The CSA Cloud Controls Matrix (CCM) V4: Raising the cloud security bar to the next level
Published: 01/21/2021

Written by: Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance and Lefteris Skoutaris, CCM Program Manager, Cloud Security AllianceOver the course of the last decade since its first appearance in 2010, the Cloud Controls Matrix (CCM) has become a reference for any organization se...

What is cloud security? How is it different from traditional on-premises network security?
Published: 11/09/2020

Written by Ryan Bergsma, Training Director at CSACloud is also becoming the back end for all forms of computing, including the ubiquitous Internet of Things and is the foundation for the information security industry. New ways of organizing compute, such as containerization and DevOps are insepar...

What is the Cloud Controls Matrix (CCM)?
Published: 10/16/2020

By Eleftherios Skoutaris, Program Manager for CCM Working Group at Cloud Security AllianceWhat is the Cloud Controls Matrix?The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing. It is a spreadsheet that lists 16 domains covering all key aspects of cloud tec...

Understanding the Complexities of Securing a Remote Workforce
Published: 09/09/2020

By Sean Gray, Sr. Director InfoSec at Paypal and Co-Chair of the CSA Financial Services Working GroupWe have all witnessed sudden and stunning changes in how companies – big and small – operate in response to the challenges necessitated by COVID-19. Many have pivoted successfully, however there ...

Introducing Reflexive Security for integrating security, development and operations
Published: 10/14/2019

By the CSA DevSecOps Working Group Organizations today are confronted with spiraling compliance governance costs, a shortage of information security professionals, and a disconnect between strategic security and operational security. Due to these challenges, more and more companies value agilit...

CSA Issues Top 20 Critical Controls for Cloud Enterprise Resource Planning Customers
Published: 06/10/2019

By Victor Chin, Research Analyst, Cloud Security AllianceCloud technologies are being increasingly adopted by organizations, regardless of their size, location or industry. And it’s no different when it comes to business-critical applications, typically known as enterprise resource planning (ERP)...

Cloud Migration Strategies and Their Impact on Security and Governance
Published: 06/29/2018

By Peter HJ van Eijk, Head Coach and Cloud Architect, ClubCloudComputing.comPublic cloud migrations come in different shapes and sizes, but I see three major approaches. Each of these has very different technical and governance implications.Three approaches to cloud migrationCompanies dying to ge...

Five Cloud Migration Mistakes That Will Sink a Business
Published: 06/05/2018

By Jon-Michael C. Brook, Principal, Guide Holdings, LLCToday, with the growing popularity of cloud computing, there exists a wealth of resources for companies that are considering—or are in the process of—migrating their data to the cloud. From checklists to best practices, the Internet teems wit...

Top 3 Reasons Enterprises Hesitate to Adopt the Cloud
Published: 04/02/2015

By Stephanie Bailey, Senior Director/Product Marketing, PerspecsysDespite the clear benefits of the cloud, many enterprises still hesitate to fully adopt or capitalize on all the advantages. There are a few key reasons for hesitation, including the prevalence of data breaches and hacks in recent ...

Application-Aware Firewalls
Published: 08/09/2012

You may have heard the term "application-aware firewalls" recently and wondered what it meant. When it comes to security, everyone thinks of Firewalls, Proxies, IPS, IDS, Honeypots, VPN devices, email security and even Web security, but most people don’t think in terms of application level securi...

Test Accounts: Another Compliance Risk
Published: 10/07/2011

By: Merritt MaximiA major benefit associated with deploying identity management and/or identity governance into an organization is that these solutions provide the ability to detect and remove orphan accounts. Orphan accounts refer to active accounts belonging to a user who is no longer involved...

Securing Your File Transfer in the Cloud
Published: 09/30/2011

By Stuart Lisk, Sr. Product Manager, Hubspan Inc. File transfer has been around since the beginning of time. Ok, well maybe that is an exaggeration, but the point is, file transfer was one of the earliest uses of “network” computing dating back to the early 1970’s when IBM introduced the floppy d...

Browse by Topic