Signal vs. Noise: Banker Cloud Stories by Craig Balding

A good question to ask any professional in any line of business is: which “industry events” do you attend and why?  Over a few decades of attending a wide variety of events – and skipping many more – my primary driver is “signal to noise” ratio.  In other words, I look for events attended by people that are shaping our industry […]

Read more...

“Shift Left” to Harden Your Cloud Security Posture

By Josh Stella, Co-founder & Chief Technology Officer, Fugue After a decade-long uneasy courtship with cloud computing, enterprises are migrating their IT systems to platforms like AWS and Azure as fast as they can. This means the key question for the security team is no longer “do we trust the cloud?” — it’s “can we […]

Read more...

How Traffic Mirroring in the Cloud Works

By Tyson Supasatit, Sr. Product Marketing Manage, ExtraHop Learn how Amazon traffic mirroring and the Azure vTAP fulfill the SOC visibility triad After years of traffic mirroring not being available in the cloud, between Amazon VPC traffic mirroring and the Azure vTAP, it’s finally here! In this lightboard video, we’ll explain what traffic mirroring is […]

Read more...

Highlights from the CSA Summit at Cyberweek

By Moshe Ferber, Chairman, Cloud Security Alliance, Israel and Damir Savanovic, Senior Innovation Analyst, Cloud Security Alliance The city of Tel Aviv is crowded throughout the year with a buzzing cybersecurity ecosystem, but in the last week of June, this ecosystem comes to boil when Tel Aviv University hosts their annual Cyberweek conference – one […]

Read more...

The State of SDP Survey: A Summary

The CSA recently completed its first annual “State of Software-Defined Perimeter” Survey, gauging market awareness and adoption of this modern security architecture – summarized in this infographic. The survey indicates it is still early for SDP market adoption and awareness, with only 24% of respondents claiming that they are very familiar or have fairly in-depth […]

Read more...

Using The CAIQ-Lite to Assess Third Party Vendors

By Dave Christiansen, Marketing Director, Whistic The mere mention of “security questionnaires” can evoke thoughts of hundreds of questions aimed at auditing internal processes in order to mitigate third party risk. This typically means a lengthy process prime to be optimized. While we don’t disagree with being thorough when evaluating third party vendors, in order […]

Read more...

What is a CASB and How Do You Even Say It?

Caleb Mast, Regional Sales Director, Bitglass These are some of the questions that I asked as I went through the recruiting process with Bitglass. My goal was to understand the product completely before going out and pitching it to prospective clients. So, what exactly is a Cloud Access Security Broker (CASB)? By Gartner’s definition, CASBs (Cloud Access […]

Read more...

Will Hybrid Cryptography Protect Us from the Quantum Threat?

By Roberta Faux, Director of Advance Cryptography, BlackHorse Solutions Our new white paper explains the pros and cons of hybrid cryptography. The CSA Quantum-Safe Security Working Group has produced a new primer on hybrid cryptography. This paper, “Mitigating the Quantum Threat with Hybrid Cryptography,” is aimed at helping non-technical corporate executives understand how to potentially […]

Read more...

CSA Issues Top 20 Critical Controls for Cloud Enterprise Resource Planning Customers

By Victor Chin, Research Analyst, Cloud Security Alliance Cloud technologies are being increasingly adopted by organizations, regardless of their size, location or industry. And it’s no different when it comes to business-critical applications, typically known as enterprise resource planning (ERP) applications. Most organizations are migrating business-critical applications to a hybrid architecture of ERP applications. To […]

Read more...

Security Spotlight: G Suite User Passwords Stored in Plaintext

By Will Houcheime, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks:   G Suite User Passwords Stored in Plaintext Since 2005 Contact Data of Millions of Instagram Influencers Exposed Rogue Iframe Phishing Used to Steal Payment Card Information London Commuters to be Tracked Through the Use of Wi-Fi Hotspots Thousands of […]

Read more...

What Will Happen If Encryption Used to Protect Data in Corporations Can Be Broken?

By Edward Chiu, Emerging Cybersecurity Technologist, Chevron While the development of quantum computers is still at a nascent stage, its potential in solving problems not feasible with classical computers draws interest from many industries. On one hand, Volkswagen is researching using quantum computers to help optimize traffic, and researchers at Roche are investigating the use […]

Read more...

New and Unique Security Challenges in Native Cloud, Hybrid and Multi-cloud Environments

Cloud Security Complexity

By Hillary Baron, Research Analyst, Cloud Security Alliance CSA’s latest survey, Cloud Security Complexity: Challenges in Managing Security in Hybrid and Multi-Cloud Environments, examines information security concerns in a complex cloud environment. Commissioned by AlgoSec, the survey of 700 IT and security professionals aims to analyze and better understand the state of adoption and security […]

Read more...

Financial Services: Counting on CASBs

Counting on CASBs

By Will Houcheime, Product Marketing Manager, Bitglass Financial institutions handle a great deal of sensitive data and are highly conscientious of where they store and process it. Nevertheless, they are aware of the many benefits that they can gain by using cloud applications. In order to embrace the cloud’s myriad advantages without compromising the security […]

Read more...

“Collection #1” Data Breach

hacker in a hoodie sitting in front of a laptop

By Paul Sullivan, Software Engineer, Bitglass News of the 773 million email data breach that Troy Hunt announced for Have I Been Pwned certainly got a lot of coverage a few months ago. Now that the dust has settled, let’s cut through some of the hype and see what this really means for enterprise security. First, let’s clear […]

Read more...

AWS Cloud: Proactive Security and Forensic Readiness – Part 5

incident response lifecycle

By Neha Thethi, Information Security Analyst, BH Consulting Part 5: Incident Response in AWS In the event your organization suffers a data breach or a security incident, it’s crucial to be prepared and conduct timely investigations. Preparation involves having a plan or playbook at hand, along with pre-provisioned tools to effectively respond to and mitigate the potential […]

Read more...

CSA on This Millennium Alliance Podcast

top threats interview image

By Cara Bernstein, Manager/Executive Education Partnerships, The Millennium Alliance This podcast episode features The Millennium Alliance partner, The Cloud Security Alliance. We sat down with Vince Campitelli, Enterprise Security Specialist, and Jon-Michael C. Brook, Principal, Guide Holdings, LLC, and co-chair of CSA’s Top Threats Working Group, to discuss the work of CSA, the top threats […]

Read more...