Industry Insights
Read the latest cloud security news, trends, and thought leadership from subject matter experts.

What is Microsegmentation?
Originally published by TrueFort. Written by Nik Hewitt. Microsegmentation: The Zero Trust “best practice” becoming “standard practice.” Often described by the broader term ‘Zero Trust,’ which is the name given to the overall security model, microsegmentation is the industry-recognized best pract...
Understanding Data Protection Needs in a Cloud-Enabled Hybrid Work World
Originally published by Netskope. Written by Carmine Clementelli. Netskope partnered with the Cloud Security Alliance to release the Data Loss Prevention (DLP) and Data Security Survey Report, a survey focused on data protection needs in cloud and hybrid work environments. Unsurprisingly, the...
Too Much Trust in the Cuckoo’s Nest
Originally published by CXO REvolutionaries. Written by Kyle Fiehler, Senior Transformation Analyst, Zscaler. Editor’s note: The world’s first cyber thriller anticipated zero trust more than three decades before it was born. And yes, this article could be a spoiler for some readers.I didn’t read ...
Why Your SOC Won’t Save You
Originally published by CXO REvolutionaries. Written by Tony Fergusson, CISO - EMEA, Zscaler. Are SOCs just the emperor’s new clothes?It’s sometimes suggested in this industry that a security operations center (SOC) is a sign of superior cybersecurity and business success. But is that really wisd...
When is SD-WAN Zero Trust and When is it Not?
Originally published by CXO REvolutionaries. Written by Gary Parker, Field CTO - AMS, Zscaler. Deploying a standalone SD-WAN might seem reasonable given the way workers connect today. Many of today's knowledge workers are returning to branch offices, while others still work remotely more often th...
Protecting Data and Promoting Collaboration During Times of Change
Originally published by Lookout. Written by Hank Schless, Senior Manager, Security Solutions, Lookout. When it comes to the way we work, change is now the status quo — and it often happens so quickly that security teams have a tough time keeping up. Organizations that try to keep using their ...
Zero Trust Security: The Guide to Zero Trust Strategies
Originally published by Titaniam. Companies today face more and more security risks. Ransomware is on the rise, and cybercriminals are beginning to breach critical infrastructure with new techniques. In an effort to reduce the frequency and severity of these attacks, the United States government ...
CSA ZTAC: Addressing the Challenges of Implementing Zero Trust
Catching up with industry friends and other professional contacts about the developments of our Zero Trust Advancement Center (ZTAC) and the various activities underpinning it during industry events has proven pretty enlightening. Establishment or even implementation of zero trust (ZT) strategies...
Why You Need Active Cloud-Native Application Security
Originally published by Tigera. Written by Ratan Tipirneni, Tigera. First-generation security solutions for cloud-native applications have been failing because they apply a legacy mindset where the focus is on vulnerability scanning instead of a holistic approach to threat detection, threat preve...
Access Control Review: Addressing Challenges and Ensuring Compliance in Cloud Service Consumers
Written by members of the CSA IAM Working Group and the Zero Trust Working Group's Identity Subgroup. An access control review is a process of evaluating and analyzing an organization's access control system to ensure that it is functioning properly and effectively. Access control systems are des...
Using Automated Just-in-Time (JIT) to Reach Least Privilege – A Guide
Originally published by Ermetic. Privileged access and elevated permissions expose organizations to vulnerabilities that could be exploited. On-premises, security teams often use PAM tools for managing these types of risks. But for cloud operations, PAM tools are insufficient as they are built ar...
Securing Cloud Workloads in 5 Easy Steps
Originally published by Tigera. Written by Senthil Nithiyananthan, Tigera. As organizations transition from monolithic services in traditional data centers to microservices architecture in a public cloud, security becomes a bottleneck and causes delays in achieving business goals. Traditional sec...
5 Timely SaaS Security Recommendations for 2023
Written by Jesse Butts, Head of Content & Communications, AppOmni. While our colleagues were winding down for the holidays, cybersecurity professionals spent the tail-end of 2022, and first week of 2023, responding to major SaaS breaches. Late December ushered in disclosures of Okta, Last...
Double Trouble for Cyberinsurers
Originally published by Ericom Software. Written by Stewart Edelman, Ericom Software. Read Part 1 of this blog, "How Well Will Cyberinsurance Protect You When You Really Need It?," here. Times are tough for insurers, who face two distinct types of cybersecurity challenges: profiting from the cy...
Enabling Secure Cloud Migration to Enterprise Cloud Environments
Written by Andy Packham, Chief Architect and Senior Vice President, Microsoft Business Unit, and Syam Thommandru, Global Alliances and Product Management, Cybersecurity & GRC Services, HCLTech. Global enterprises are at an exciting new threshold of possibilities in the new normal. As remote work ...
Five Steps Towards Building a Better Data Security Strategy
Originally published by Lookout. Written by Sundaram Lakshmanan, CTO of SASE Products, Lookout. In the past when organizations had a new security need, they would meet that need by purchasing a new security product. But that approach is how we ended up with an average of 76 security tools per...
Zero Trust, as Explained by a Pirate (With Help from ChatGPT)
Originally published by CXO REvolutionaries. Written by Greg Simpson, Former Chief Technology Officer, Synchrony. OpenAI's ChatGPT is turning lots of heads on the internet. It grew to a million users in five days, and people are already putting it to all sorts of uses, from writing gear reviews t...
Identity and Access Management: Automation, Risks, and Best Practices
Originally published by TokenEx. Written by Anni Burchfiel, TokenEx. Identity and access management (IAM) uses a combination of tools and procedures to limit access to internal systems and sensitive data. Rigourous protection of account access is one of the best ways to prevent account takeover f...
Managing Cloud Security in a Multicloud Environment (Part 2)
Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. As discussed in my last article, to date, most known security incidents in the cloud have been the fault of the customer rather than that of the cloud security provider (CSP). And yet, CSP...
How Well Will Cyberinsurance Protect You When You Really Need It?
Originally published by Ericom Software. Written by Stewart Edelman, Chief Financial Officer, Ericom Software. According to a report from Hiscox, a UK-based insurer with over 3,000 employees across 14 countries, 20% of the more than 5,000 businesses surveyed responded that a cyberattack had nearl...
Browse by Topic
Write for the CSA blog
Submit your blog proposalSign up to receive CSA's latest blogs
This list receives 1-2 emails a month.