Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Will New Executive Order on Cybersecurity Fast Track Zero Trust?
Published: 07/13/2021

This blog was originally published by Bitglass hereWritten by Jonathan Andresen, BitglassOn May 12, US President Biden issued a landmark executive order on Improving the Nation’s Cybersecurity that signals the need for governments and enterprises alike to boost their cyber defenses around the pri...

Cloud Security: 5 Lessons I Learned the Hard Way
Published: 07/09/2021

This blog was originally published by OpsCompass hereWritten by John Grange, OpsCompassIt’s 2021, and it’s clear that cloud is a global IT trend relevant to every company, regardless of size or industry. The main cloud infrastructure providers (AWS, Azure, and GCP), as well as their local alterna...

​The Case for Identity Modernization
Published: 06/14/2021

Written by Eric Leach, Co-founder and Chief Product Officer of Strata Identity Companies have been deploying on-premises identity products for over two decades. It worked pretty well for the most part — managing accounts, provisioning, and authenticating users — when everything was inside the ...

How CSPs Can Make the Security and Compliance Evaluation Process Easier for Financial Institutions
Published: 06/02/2021

This blog was originally published by Oracle hereOracle author: Maywun Wong, Director, Product MarketingContributed by: Steven D'Alfonso, Research Director, IDC Financial InsightsSo, you have finally decided to move applications to the cloud. But your board's risk committee wants assurance that s...

Five Approaches for Securing Identity in Cloud Infrastructure
Published: 05/20/2021

Written by Shai MoragAs clouds have drifted into the mainstream of business, it has become clear that they offer numerous advantages. They streamline processes, cut costs and create new ways to work. In some cases, the benefits are transformative. However, there’s a dark side to the public cloud,...

Cloud Security for SaaS Startups Part 2: Application & Platform Security
Published: 05/03/2021

Based on the Cloud Security for Startups guidelines written by the CSA Israel ChapterAs a SaaS startup, how can your organization ensure you implement proper security for your applications and platforms? In this blog we provide a preview of the information and guidelines available in the Cloud Se...

How to Secure Cloud Non-Native Workloads
Published: 04/26/2021

This blog was originally published by Intezer here.Not All Applications are Cloud-NativeCompanies are adopting cloud at a faster pace but not all applications are born cloud-native. Many traditional applications are simply “lifted and shifted” to the cloud as a first step in the cloud transformat...

Introduction to the NIST Cybersecurity Framework
Published: 04/21/2021

This blog was originally published by OpsCompass hereWritten by Kevin Hakanson, OpsCompassSecurity Framework Based on Standards, Guidelines, and PracticesThe NIST Cybersecurity Framework (NIST CSF) was created via a collaboration between the United States government and industry as a voluntary fr...

​Cloud-Native Security Starts with the Cloud
Published: 04/07/2021

Oracle author: Maywun Wong, Director, Product MarketingContributed by: Frank Dickson, IDC, Program Vice President, Security & Trust“Cloud-native security!” is the battle cry of the day. We all want it. But what is it? Everyone seems to define it differently. My suggestion is that any discussion o...

Cloud Security for SaaS Startups Part 1: Requirements for Early Stages of a Startup
Published: 02/19/2021

Based on the Cloud Security for Startups guidelines written by the CSA Israel ChapterBackground Information security is a complicated subject even for mature enterprises, so it’s no wonder that startups find the area challenging. Planning, implementing and maintaining good-practice security are n...

How to avoid the biggest mistakes with your SaaS security
Published: 02/08/2021

This blog was originally published on Wandera.comWritten by Alex Powell at WanderaThe biggest mistakes in SaaS securityThe popularity of SaaS applications for businesses continues to grow with 95% of businesses hosting sensitive information in the cloud. Traditional security models and boundary-f...

The Evolution of Cloud Computing and the Updated Shared Responsibility
Published: 02/04/2021

Written by Vishwas Manral, Founder and CEO at NanoSec, CSA Silicon Valley Chapter.Cloud computing has changed over the last 10 years. This blog captures the reason why the original service models are no longer sufficient as a result of the changes in the cloud landscape with the growth of Contain...

Transitioning Traditional Apps into the Cloud
Published: 02/03/2021

Contributed by IntezerFor organizations, cloud adoption is the primary driver of digital transformation and modernizing traditional applications to cloud constructs is a major milestone. Cloud opens up a world of opportunities, with a choice of IaaS, PaaS, and SaaS as deployment models.Organizati...

CCSK Success Stories: from a Cybersecurity Engineer
Published: 01/31/2021

In this blog series we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the Certificate of Cloud Security Knowledge (CCSK) in their current roles. In this blog we'll be interviewing Lucas, a Cyb...

Resources to Help Address Cybersecurity Challenges in Healthcare
Published: 01/29/2021

By Vince Campitelli, Co-Chair for the CSA Health Information Management Working Group (HIM)According to a 2019 Thales Report (3) 70% of healthcare organizations surveyed reported a data breach, with a third reporting a breach within the last year. All organizations surveyed reported collecting, ...

The CSA Cloud Controls Matrix (CCM) V4: Raising the cloud security bar to the next level
Published: 01/21/2021

Written by: Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance and Lefteris Skoutaris, CCM Program Manager, Cloud Security AllianceOver the course of the last decade since its first appearance in 2010, the Cloud Controls Matrix (CCM) has become a reference for any organization se...

What is cloud security? How is it different from traditional on-premises network security?
Published: 11/09/2020
Author: Ryan Bergsma

Cloud is also becoming the back end for all forms of computing, including the ubiquitous Internet of Things and is the foundation for the information security industry. New ways of organizing compute, such as containerization and DevOps are inseparable from cloud and accelerating the digital revo...

What is the Cloud Controls Matrix (CCM)?
Published: 10/16/2020

By Eleftherios Skoutaris, Program Manager for CCM Working Group at Cloud Security AllianceWhat is the Cloud Controls Matrix?The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing. It is a spreadsheet that lists 16 domains covering all key aspects of cloud tec...

Understanding the Complexities of Securing a Remote Workforce
Published: 09/09/2020

By Sean Gray, Sr. Director InfoSec at Paypal and Co-Chair of the CSA Financial Services Working GroupWe have all witnessed sudden and stunning changes in how companies – big and small – operate in response to the challenges necessitated by COVID-19. Many have pivoted successfully, however there ...

Introducing Reflexive Security for integrating security, development and operations
Published: 10/14/2019

By the CSA DevSecOps Working Group Organizations today are confronted with spiraling compliance governance costs, a shortage of information security professionals, and a disconnect between strategic security and operational security. Due to these challenges, more and more companies value agilit...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.