EU GDPR vs US: What Is Personal Data?

GDPR-personal data screen shot

  By Rich Campagna, Chief Marketing Officer, Bitglass May 25, 2018—GDPR enforcement day,—has come and gone with little fan fare (and about 6 quadrillion privacy policy updates), but that doesn’t mean we all know what to do to get into compliance. In fact, some measures put only one third of organizations in compliance as of the deadline, […]


CVE and Cloud Services, Part 1: The Exclusion of Cloud Service Vulnerabilities

Example of CVE and other associated information

By Kurt Seifried, Director of IT, Cloud Security Alliance and Victor Chin, Research Analyst, Cloud Security Alliance The vulnerability management process has traditionally been supported by a finely balanced ecosystem, which includes such stakeholders as security researchers, enterprises, and vendors. At the crux of this ecosystem is the Common Vulnerabilities and Exposures (CVE) identification system. In order […]


Software-Defined Perimeter Architecture Guide Preview

cyber security, lock

Part 1 in a four-part series. By Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc. The Software-Defined Perimeter (SDP) Working Group was founded five years ago, with a mission to promote and evangelize a new, more secure architecture for managing user access to applications. Since the initial publication of the SDP Specification, we’ve witnessed growing […]


Convincing Organizations to Say “Yes to InfoSec”

security turned on in smartphone

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Security departments have their hands full. The first half of my career was government-centric, and we always seemed to be the “no” team, eliminating most initiatives before they started. The risks were often found to outweigh the benefits, and unless there was a very strong executive sponsor, say the […]


What Is a CASB?

cartoon of man asking What is a CASB

By Dylan Press, Director of Marketing, Avanan Email is the #1 attack vector. Cloud Account Takeover is the #1 attack target. A CASB is the best way to protect against these threats. Gartner first defined the term Cloud Access Security Broker (CASB) in 2011, when most IT applications were hosted in the data center and […]


Avoiding Cyber Fatigue in Four Easy Steps

coffee cup by an IT worker's screen indicating cyber fatigue

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Cyber alert fatigue. In the cybersecurity space, it is inevitable. Every day, there will be a new disclosure, a new hack, a new catchy title for the latest twist on an old attack sequence. As a 23-year practitioner, the burnout is a real thing, and it unfortunately comes in […]


Methodology for the Mapping of the Cloud Controls Matrix

By Victor Chin, Research Analyst, Cloud Security Alliance The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud customers seeking to assess the overall security risk of a cloud service. To reduce compliance fatigue in the cloud services industry, the CCM program also includes controls mappings […]


Top Security Tips for Small Businesses

employees discussing top small business security tips

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Most small businesses adopt some sort of cloud offering, be it Software as a Service like Quickbooks or Salesforce, or even renting computers in Amazon Web Services or Microsoft’s Azure, in an Infrastructure as a Service environment. You get Fortune 50 IT support, including things that a small business […]


Updated CCM Introduces Reverse Mappings, Gap Analysis

CCM logo

By Sean Cordero, VP of Cloud Strategy, Netskope Since its introduction in 2010, the Cloud Security Alliance’s Cloud Control Matrix (CCM) has led the industry in the measurement of cloud service providers (CSP). The CCM framework continues to deliver for CSPs and cloud consumers alike a uniform set of controls to measure the security readiness […]


Cybersecurity Trends and Training Q and A

cybersecurity word montage

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Q: Why is it important for organizations and agencies to stay current in their cybersecurity training? A: Changes accelerate in technology. There’s an idea called Moore’s Law, named after Gordon Moore working with Intel, that the power of a micro-chip doubles every 18 months. When combined with the virtualization […]


Cybersecurity Certifications That Make a Difference

cloud security symbol overlaying laptop

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC The security industry is understaffed. By a lot. Previous estimates by the Ponemon Institute suggest as much as 50 percent underemployment for cybersecurity positions. Seventy percent of existing IT security organizations are understaffed and 58 percent say it’s difficult to retain qualified candidates. ESG’s 2017 annual global survey of […]


Microsoft Workplace Join Part 2: Defusing the Security Timebomb

timebomb countdown to Workplace Join infosecurity risk

By Chris Higgins, Technical Support Engineer, Bitglass In my last post, I introduced Microsoft Workplace Join. It’s a really convenient feature that can automatically log users in to corporate accounts from any devices of their choosing. However, this approach essentially eliminates all sense of security. So, if you’re a sane and rational security professional (or even […]


Firmware Integrity in the Cloud Data Center

firmware integrity in the cloud data center cover

By John Yeoh, Research Director/Americas, Cloud Security Alliance As valued members, we wanted you to be among the first to hear about the newest report out from CSA—Firmware Integrity in the Cloud Data Center, in which key cloud providers and datacenter development stakeholders share their thoughts on building cloud infrastructure using secure servers that enable customers […]


New Software-Defined Perimeter Glossary Sheds Light on Industry Terms

By Shamun Mahmud, Research Analyst, Cloud Security Alliance The Cloud Security Alliance’s Software Defined Perimeter Working Group set out to author a comprehensive resource on the terms and definitions within software defined perimeter (SDP) architectures. SDP has changed since the working group’s inception in 2014, so the Working Group went about creating a glossary to reflect this […]


Continuous Monitoring in the Cloud

lock and key for cloud security

By Michael Pitcher, Vice President, Technical Cyber Services, Coalfire Federal I recently spoke at the Cloud Security Alliance’s Federal Summit on the topic “Continuous Monitoring / Continuous Diagnostics and Mitigation (CDM) Concepts in the Cloud.” As government has moved and will continue to move to the cloud, it is becoming increasingly important to ensure continuous monitoring […]


Microsoft Workplace Join Part 1: The Security Timebomb

timebomb countdown to Workplace Join infosecurity risk

By Chris Higgins, Technical Support Engineer, Bitglass It’s no secret that enterprise users wish to access work data and applications from a mix of both corporate and personal devices. In order to help facilitate this mix of devices, Microsoft has introduced a new feature called Workplace Join into Azure Active Directory, Microsoft’s cloud-based directory and identity service. While […]


Cloud Security Trailing Cloud App Adoption in 2018

By Jacob Serpa, Product Marketing Manager, Bitglass In recent years, the cloud has attracted countless organizations with its promises of increased productivity, improved collaboration, and decreased IT overhead. As more and more companies migrate, more and more cloud-based tools arise. In its fourth cloud adoption report, Bitglass reveals the state of cloud in 2018. Unsurprisingly, […]


Five Cloud Migration Mistakes That Will Sink a Business

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Today, with the growing popularity of cloud computing, there exists a wealth of resources for companies that are considering—or are in the process of—migrating their data to the cloud. From checklists to best practices, the Internet teems with advice. But what about the things you shouldn’t be doing? The […]


Cybersecurity and Privacy Certification from the Ground Up

By Daniele Catteddu, CTO, Cloud Security Alliance The European Cybersecurity Act, proposed in 2017 by the European Commission, is the most recent of several policy documents adopted and/or proposed by governments around the world, each with the intent (among other objectives) to bring clarity to cybersecurity certifications for various products and services. The reason why […]