Keeping Your Boat Afloat with a Cloud Access Security Broker

boat on an Alpine lake

By Prasidh Srikanth, Senior Product Manager, Bitglass If you were on a sinking ship that was full of holes of various sizes, which ones would you patch first? Probably the big ones. Now, consider this: As an enterprise, you’ve been successfully sailing and securing your corporate data on premises for some time. However, now you’re migrating […]

Read more...

Development of Cloud Security Guidance, with Mapping MY PDPA Standard to CCM Control Domains, Jointly Developed by MDEC and CSA

By Ekta Mishra, Research Analyst/APAC, Cloud Security Alliance The Cloud Security Alliance Cloud Controls Matrix (CCM) provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the CSA CCM rest on its customized relationship to other industry-accepted […]

Read more...

OneTrust and Cloud Security Alliance Partner to Launch Free Vendor Risk Tool for CSA Members

CSA OneTrust Vendor Risk Management Software

By Gabrielle Ferree, Public Relations and Marketing Manager, OneTrust OneTrust is excited to announce that we have partnered with Cloud Security Alliance to launch a free Vendor Risk Management (VRM) tool. The tool, available to CSA members today, automates the vendor risk lifecycle for compliance with the GDPR, CCPA and other global privacy frameworks. Get started […]

Read more...

Typical Challenges in Understanding CCSK and CCSP: Technology Architecture

CCSK exam

By Peter HJ van Eijk, Head Coach and Cloud Architect, ClubCloudComputing.com As cloud computing is becoming increasingly mainstream, more people are seeking cloud computing security certification. Because I teach prep courses for the two most popular certifications—the Certificate of Cloud Security Knowledge (CCSK), organized by the Cloud Security Alliance (CSA), and the Certified Cloud Security […]

Read more...

Bitglass Security Spotlight: US Government Breaches Abound

man reading cybersecurity headlines in newspaper

By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity headlines of recent weeks: —Healthcare.gov breached —US weapons systems contain cybersecurity gaps —Over 35 million US voter records for sale —National Guard faces ransomware attack Healthcare.gov breached 75,000 people had their personal details stolen when hackers breached a government system that is frequently used […]

Read more...

Documentation of Distributed Ledger Technology and Blockchain Use

Beyond Cryptocurrency blockchain DLT use cases

By Ashish Mehta, Co-chair, CSA Blockchain/Distributed Ledger Working Group CSA’s newest white paper, Beyond Cryptocurrency: Nine Relevant Blockchain and Distributed Ledger Technology (DLT) Use Cases, aims to identify wider use cases for both technologies beyond just cryptocurrency, an area with which both technologies currently have the widest association. In the process of outlining several use […]

Read more...

How to Do the Impossible and Secure BYOD

Mission Impossible: Securing BYOD report cover

By Will Houcheime, Product Marketing Manager, Bitglass The use of cloud tools in the enterprise is becoming increasingly common, enabling employees to collaborate and work incredibly efficiently. On top of this, when employees are allowed to work from their personal devices (known as bring your own device or BYOD), it makes it even easier for them to […]

Read more...

Fixing Your Mis-Deployed NGFW

firewall logo image

By Rich Campagna, Chief Marketing Officer, Bitglass The Firewall/Next-Gen Firewall has been the cornerstone of information security strategy for decades now. The thing is, changes in network traffic patterns have resulted in most firewalls protecting a smaller and smaller percentage of enterprise network traffic over time. This post will illustrate the root cause of these firewall mis-deployments, […]

Read more...

Weigh in on the Cloud Control Matrix Addenda

Mapping of the cloud controls matrix

Dear Colleagues, The Cloud Security Alliance would like to invite you to review and comment on the Cloud Control Matrix (CCM) addenda for the following standards: —German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5). (Add your comments to CCM-C5.) —ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018. (Add your comments to CCM-ISO.) These […]

Read more...

Voice Your Opinion on the New Top Threats to Cloud Computing

Top Threats to Cloud Computing: Deep Dive cover

Dear Colleagues, The CSA Top Threats Working Group is happy to announce the survey for the next iteration of the Top Threats to Cloud Computing report. This time round we have shortlisted 19 security issues from recurring issues such as Data Breaches and Insecure Interfaces and APIs to new issues such as Weak Control Plane.  […]

Read more...

CCSK Success Stories: Cloud Security Training from a CTO’s Perspective

CCSK training

By the CSA Education Team We’re kicking off a series on cloud security training today with a Q&A with the Vice President and CTO of Fusion Risk Management, Cory Cowgill. With a background in enterprise software development spanning multiple industries, Cowgill has multiple certifications including Salesforce System Architect and Application Architect, Amazon Web Services Solution […]

Read more...

AWS Cloud: Proactive Security and Forensic Readiness – Part 4

data protection padlock

Part 4: Detective Controls in AWS By Neha Thethi, Information Security Analyst, BH Consulting Security controls can be either technical or administrative. A layered security approach to protecting an organization’s information assets and infrastructure should include preventative controls, detective controls and corrective controls. Preventative controls exist to prevent the threat from coming in contact with the weakness. […]

Read more...

Data Breaches on the Rise in Financial Services

Financial World: Breach Kingdom report cover

By Jacob Serpa, Product Marketing Manager, Bitglass Financial services organizations are a prime target for hackers looking to steal and sell valuable data. This is because these firms handle sensitive information known as PII, personally identifiable information, as well as other financial data. In Financial World: Breach Kingdom, Bitglass’ latest financial breach report, the Next-Gen CASB reveals information about […]

Read more...

Cloud Security Alliance Releases Minor Update to CCM v3.0.1

CCM logo

By the CSA Research Team The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Working Group has released a minor update for the CCM v3.0.1. This update incorporates mappings to IEC 62443-3-3 and BSI Compliance Controls Catalogue (C5). The CCM is specifically designed to provide fundamental security principles to guide cloud vendors and to assist […]

Read more...

Cloud Security Alliance Announces the Release of the Spanish Translation of Guidance 4.0

Guidance 4.0 Spanish version cover

By JR Santos, Executive Vice President of Research, Cloud Security Alliance. The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the release of Guidance for Critical Areas of Focus in Cloud Computing 4.0 in Spanish. This is the […]

Read more...

Seven Reasons Why Proxy-based CASBs Are Required for Office 365

O365 logo

By Rich Campagna, Chief Marketing Officer, Bitglass A competing CASB vendor blogged recently on why proxy-based Cloud Access Security Brokers (CASBs) shouldn’t be used for Office 365. The post cites “7 reasons,” all of which are variations of just one reason: their CASB breaks each time Microsoft makes changes to Office 365.  What they call “application breakages” due to […]

Read more...

Bitglass Security Spotlight: Uber, Apollo, & Chegg

man reading cybersecurity headlines in newspaper

By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity stories of recent weeks: —Uber fined $148 million over cover-up —Apollo database of 200 million contacts breached —Chegg hack exposes 40 million users’ credentials —Port of San Diego faces cyberattack Uber fined $148 million over cover-up In late 2016, Uber suffered a breach at […]

Read more...

Bitglass Security Spotlight: Veeam, Mongo Lock, Password Theft, Atlas Quantum & the 2020 Census

man reading cybersecurity headlines in newspaper

By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity headlines of recent weeks: —440 million email addresses exposed by Veeam —Unprotected MongoDB databases being targeted —42 million emails, passwords, and more leaked —Cold-boot attacks steal passwords and encryption keys —2 billion devices still vulnerable to Bluetooth attack —Atlas Quantum, cryptocurrency platform, breached —Security […]

Read more...