Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Cloud 101
Circle
Events
Blog
Sign In

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Home
Industry Insights
What is Microsegmentation?
Published: 03/27/2023

Originally published by TrueFort. Written by Nik Hewitt. Microsegmentation: The Zero Trust “best practice” becoming “standard practice.” Often described by the broader term ‘Zero Trust,’ which is the name given to the overall security model, microsegmentation is the industry-recognized best pract...

Understanding Data Protection Needs in a Cloud-Enabled Hybrid Work World
Published: 03/24/2023

Originally published by Netskope. Written by Carmine Clementelli. Netskope partnered with the Cloud Security Alliance to release the Data Loss Prevention (DLP) and Data Security Survey Report, a survey focused on data protection needs in cloud and hybrid work environments. Unsurprisingly, the...

Too Much Trust in the Cuckoo’s Nest
Published: 03/22/2023

Originally published by CXO REvolutionaries. Written by Kyle Fiehler, Senior Transformation Analyst, Zscaler. Editor’s note: The world’s first cyber thriller anticipated zero trust more than three decades before it was born. And yes, this article could be a spoiler for some readers.I didn’t read ...

Why Your SOC Won’t Save You
Published: 03/15/2023

Originally published by CXO REvolutionaries. Written by Tony Fergusson, CISO - EMEA, Zscaler. Are SOCs just the emperor’s new clothes?It’s sometimes suggested in this industry that a security operations center (SOC) is a sign of superior cybersecurity and business success. But is that really wisd...

When is SD-WAN Zero Trust and When is it Not?
Published: 03/08/2023

Originally published by CXO REvolutionaries. Written by Gary Parker, Field CTO - AMS, Zscaler. Deploying a standalone SD-WAN might seem reasonable given the way workers connect today. Many of today's knowledge workers are returning to branch offices, while others still work remotely more often th...

Protecting Data and Promoting Collaboration During Times of Change
Published: 03/01/2023

Originally published by Lookout. Written by Hank Schless, Senior Manager, Security Solutions, Lookout. When it comes to the way we work, change is now the status quo — and it often happens so quickly that security teams have a tough time keeping up. Organizations that try to keep using their ...

Zero Trust Security: The Guide to Zero Trust Strategies
Published: 02/27/2023

Originally published by Titaniam. Companies today face more and more security risks. Ransomware is on the rise, and cybercriminals are beginning to breach critical infrastructure with new techniques. In an effort to reduce the frequency and severity of these attacks, the United States government ...

CSA ZTAC: Addressing the Challenges of Implementing Zero Trust
Published: 02/16/2023
Author: Illena Armstrong

Catching up with industry friends and other professional contacts about the developments of our Zero Trust Advancement Center (ZTAC) and the various activities underpinning it during industry events has proven pretty enlightening. Establishment or even implementation of zero trust (ZT) strategies...

Why You Need Active Cloud-Native Application Security
Published: 02/14/2023

Originally published by Tigera. Written by Ratan Tipirneni, Tigera. First-generation security solutions for cloud-native applications have been failing because they apply a legacy mindset where the focus is on vulnerability scanning instead of a holistic approach to threat detection, threat preve...

Access Control Review: Addressing Challenges and Ensuring Compliance in Cloud Service Consumers
Published: 02/10/2023

Written by members of the CSA IAM Working Group and the Zero Trust Working Group's Identity Subgroup. An access control review is a process of evaluating and analyzing an organization's access control system to ensure that it is functioning properly and effectively. Access control systems are des...

Using Automated Just-in-Time (JIT) to Reach Least Privilege – A Guide
Published: 02/09/2023

Originally published by Ermetic. Privileged access and elevated permissions expose organizations to vulnerabilities that could be exploited. On-premises, security teams often use PAM tools for managing these types of risks. But for cloud operations, PAM tools are insufficient as they are built ar...

Securing Cloud Workloads in 5 Easy Steps
Published: 01/30/2023

Originally published by Tigera. Written by Senthil Nithiyananthan, Tigera. As organizations transition from monolithic services in traditional data centers to microservices architecture in a public cloud, security becomes a bottleneck and causes delays in achieving business goals. Traditional sec...

5 Timely SaaS Security Recommendations for 2023
Published: 01/27/2023

Written by Jesse Butts, Head of Content & Communications, AppOmni. While our colleagues were winding down for the holidays, cybersecurity professionals spent the tail-end of 2022, and first week of 2023, responding to major SaaS breaches. Late December ushered in disclosures of Okta, Last...

Double Trouble for Cyberinsurers
Published: 01/20/2023

Originally published by Ericom Software. Written by Stewart Edelman, Ericom Software. Read Part 1 of this blog, "How Well Will Cyberinsurance Protect You When You Really Need It?," here. Times are tough for insurers, who face two distinct types of cybersecurity challenges: profiting from the cy...

Enabling Secure Cloud Migration to Enterprise Cloud Environments
Published: 01/20/2023

Written by Andy Packham, Chief Architect and Senior Vice President, Microsoft Business Unit, and Syam Thommandru, Global Alliances and Product Management, Cybersecurity & GRC Services, HCLTech. Global enterprises are at an exciting new threshold of possibilities in the new normal. As remote work ...

Five Steps Towards Building a Better Data Security Strategy
Published: 01/17/2023

Originally published by Lookout. Written by Sundaram Lakshmanan, CTO of SASE Products, Lookout. In the past when organizations had a new security need, they would meet that need by purchasing a new security product. But that approach is how we ended up with an average of 76 security tools per...

Zero Trust, as Explained by a Pirate (With Help from ChatGPT)
Published: 01/12/2023

Originally published by CXO REvolutionaries. Written by Greg Simpson, Former Chief Technology Officer, Synchrony. OpenAI's ChatGPT is turning lots of heads on the internet. It grew to a million users in five days, and people are already putting it to all sorts of uses, from writing gear reviews t...

Identity and Access Management: Automation, Risks, and Best Practices
Published: 01/11/2023

Originally published by TokenEx. Written by Anni Burchfiel, TokenEx. Identity and access management (IAM) uses a combination of tools and procedures to limit access to internal systems and sensitive data. Rigourous protection of account access is one of the best ways to prevent account takeover f...

Managing Cloud Security in a Multicloud Environment (Part 2)
Published: 01/09/2023

Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. As discussed in my last article, to date, most known security incidents in the cloud have been the fault of the customer rather than that of the cloud security provider (CSP). And yet, CSP...

How Well Will Cyberinsurance Protect You When You Really Need It?
Published: 01/09/2023

Originally published by Ericom Software. Written by Stewart Edelman, Chief Financial Officer, Ericom Software. According to a report from Hiscox, a UK-based insurer with over 3,000 employees across 14 countries, 20% of the more than 5,000 businesses surveyed responded that a cyberattack had nearl...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.

1
3
4
5
Last »