CCSK vs CCSP: An Unbiased Comparison

By Graham Thompson, CCSK, CCSP, CISSP, Authorized Trainer, Intrinsec Security Introduction CCSK vs CCSP–I’m commonly asked two questions whenever someone discovers I’m an instructor for both the Cloud Security Alliance CCSK and (ISC)2 CCSP courses: 1 – “What’s the difference between the two certifications?” 2 – “How hard is the CCSK exam?” … It’s very hard, […]

Read more...

GDPR Is Coming: Will the Industry Be Ready?

By Jervis Hui, Senior Product Marketing Manager, Netskope With the impending May 25, 2018, date for GDPR compliance coming up, Netskope worked with the Cloud Security Alliance (CSA) to survey IT and security professionals for a recently released report covering GDPR preparation and challenges. According to one of our recent Netskope Cloud Reports, only about 25 […]

Read more...

Imagine a Day Without Safe Cryptography

By Jeffrey Ritter, Visiting Fellow, Kellogg College, University of Oxford Every security professional, at one time or another (or at many times), confronts executive opposition to changing technology. We all know that every innovation in technology requires adaptations in the security services, introducing new costs tied to shifts in equipment, third-party services, and human resources. […]

Read more...

Building a Foundation for Successful Cyber Threat Intelligence Exchange: A New Guide from CSA

By Brian Kelly, Co-chair/Cloud Cyber Incident Sharing Center (CISC) Working Group, and CSO/Rackspace No organization is immune from cyber attack. Malicious actors collaborate with skill and agility, moving from target to target at a breakneck pace. With new attacks spreading from dozens of companies to a few hundred within a matter of days, visibility into […]

Read more...

Speeding the Secure Cloud Adoption Process

By Vinay Patel, Chair, CSA Global Enterprise Advisory Board, and Managing Director, Citigroup Innovators and early adopters have been using cloud for years, taking advantage of the quicker deployment, greater scalability, and cost saving of services. The growth of cloud computing continues to accelerate, offering more solutions with added features and benefits, and with proper […]

Read more...

Cloud Security and Compliance Is a Shared Responsibility

By Gail Coury, Chief Information Security Officer, Oracle Cloud Organizations around the world are ramping up to comply with the European Union’s General Data Protection Regulation (GDPR), which will be enforced beginning on May 25, 2018, and each must have the right people, processes and technology in place to comply or else potentially face litigation and heavy […]

Read more...

The Early Bird Gets the Virus

By Kevin Lee, Systems QA Engineer, Bitglass Most people have heard of the proverb, “The early bird gets the worm.” The part that many haven’t heard is the followup, “But the second mouse gets the cheese.” The latter proverb makes a lot of sense when you apply it to the current state of virus and malware […]

Read more...

Australia’s First OAIC Breach Forecasts Grim GDPR Outcome

By Rich Campagna, Chief Marketing Officer, Bitglass The first breach under the Office of the Australian Information Commissioner’s (OAIC) Privacy Amendment Bill was made public on March 16. While this breach means bad press for the offending party, shipping company Svitzer Australia, more frightening is the grim outcome it forecasts for organizations subject to GDPR regulations, which go into […]

Read more...

CSA Summit at RSA Conference 2018 Turns Its Focus to Enterprise Grade Security: Will you be there?

By J.R. Santos,  Executive Vice President of Research, Cloud Security Alliance Today’s enterprise cloud adoption has moved well beyond the early adopters to encompass a wide range of mission-critical business functions. As financial services, government and other industries with regulatory mandates have made significant steps into the cloud over the past year, it’s only fitting that […]

Read more...

The “Ronald Reagan” Attack Allows Hackers to Bypass Gmail’s Anti-phishing Security

By Yoav Nathaniel, ‎Customer Success Manager, Avanan We started tracking a new method hackers use to bypass Gmail’s SPF check for spear-phishing. The hackers send from an external server, the user sees an internal user (For example, your CEO) and Gmail’s SPF-check, designed to indicate the validity of the sender, shows “SPF-OK.” Why are we calling this “The […]

Read more...

Saturday Security Spotlight: Cryptomining, AWS, and O365

By Jacob Serpa, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks: —Malicious cryptomining the top cybercrime —New details emerge on unsecured AWS buckets —Data Keeper ransomware begins to spread —Office 365 used in recent mass phishing attacks —SgxSpectre attacking Intel SGX enclaves Malicious cryptomining the top cybercrime Since September of 2017, malicious […]

Read more...

AWS Cloud: Proactive Security and Forensic Readiness – Part 3

Part 3: Data protection in AWS By Neha Thethi, Information Security Analyst, BH Consulting This is the third in a five-part blog series that provides a checklist for proactive security and forensic readiness in the AWS cloud environment. This post relates to protecting data within AWS. Data protection has become all the rage for organizations that are processing personal […]

Read more...

34 Cloud Security Terms You Should Know

By Dylan Press, Director of Marketing, Avanan We hope you use this as a reference not only for yourself but for your team and in training your organization. Print this out and pin it outside your cubicle. How can you properly research a cloud security solution if you don’t understand what you are reading? We have always […]

Read more...

Are Healthcare Breaches Down Because of CASBs?

By Salim Hafid, Product Marketing Manager, Bitglass Bitglass just released its fourth annual Healthcare Breach Report, which dives into healthcare breaches over 2017 and compares the rate of breach over previous years. A big surprise this year was the precipitous drop in the volume of breaches and the scope of each attack. Our research team set […]

Read more...

You Are the Weakest Link – Goodbye

By Jacob Serpa, Product Marketing Manager, Bitglass Security in the cloud is a top concern for the modern enterprise. Fortunately, provided that organizations do their due diligence when evaluating security tools, storing data in the cloud can be even more secure than storing data on premises. However, this does require deploying a variety of solutions […]

Read more...

AWS Cloud: Proactive Security and Forensic Readiness – Part 2

By Neha Thethi, Information Security Analyst, BH Consulting Part 2: Infrastructure-level protection in AWS  This is the second in a five-part blog series that provides a checklist for proactive security and forensic readiness in the AWS cloud environment. This post relates to protecting your virtual infrastructure within AWS. Protecting any computing infrastructure requires a layered or defense-in-depth approach. The […]

Read more...

Securing the Internet of Things: Devices & Networks

By Ranjeet Khanna, Director of Product Management–IoT/Embedded Security, Entrust Datacard The Internet of Things (IoT) is changing manufacturing for the better. With data from billions of connected devices and trillions of sensors, supply chain and device manufacturing operators are taking advantage of new benefits. Think improved efficiency and greater flexibility among potential business models. But as […]

Read more...

Zero-Day in the Cloud – Say It Ain’t So

By Steve Armstrong, Regional Sales Director, Bitglass Zero-day vulnerabilities are computer or software security gaps that are unknown to the public – particularly to parties who would like to close said gaps, like the vendors of vulnerable software. To many in the infosec community, the term “zero-day” is synonymous with the patching or updating of systems. […]

Read more...

Saturday Security Spotlight: Tesla, FedEx, & the White House

By Jacob Serpa, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks: —Tesla hacked and used to mine cryptocurrency —FedEx exposes customer data in AWS misconfiguration —White House releases cybersecurity report —SEC categorizes knowledge of unannounced breaches as insider information —More Equifax data stolen than initially believed Tesla hacked and used […]

Read more...