Better Vulnerability Management: How to Master Container Security in Three Steps

International Container Cargo ship in the ocean,

By Nate Dyer, Product Marketing Director, Tenable Application containers like Docker have exploded in popularity among IT and development teams across the world. Since its inception in 2013, Docker software has been downloaded 80 billion times and more than 3.5 million applications have been “dockerized” to run in containers. With all the enthusiasm and near-mainstream […]

Read more...

Are Cryptographic Keys Safe in the Cloud?

encryption key inside the cloud

By Istvan Lam, CEO, Tresorit By migrating data to the cloud, businesses can enjoy scalability, ease of use, enhanced collaboration and mobility, together with significant cost savings. The cloud can be especially appealing to subject-matter experts as they no longer have to invest in building and maintaining their own infrastructure. However, the cloud also brings challenges when it comes to information […]

Read more...

Cornerstone Capabilities of Cloud Access Security Brokers

By Jacob Serpa, Marketing Manager, Bitglass Traditional security tools are not built to protect cloud data that is accessed from personal devices around the clock and around the world. With the rise of bring your own device (BYOD) and cloud-based tools like AWS, Office 365, and Salesforce, it can be challenging to figure out which technologies are needed to keep […]

Read more...

Webinar: The Ever Changing Paradigm of Trust in the Cloud

abstract line connection on night city background implying cloud computing

By CSA Staff The CSA closed its 10th annual Summit at RSA on Monday, and the consensus was that the cloud has come to dominate the technology landscape and revolutionize the market, creating a tectonic shift in accepted practice. The advent of the cloud has been a huge advancement in technology. Today’s need for flexible […]

Read more...

CSA Summit Recap Part 2: CSP & CISO Perspective

Slide: Open CPEs

By Elisa Morrison, Marketing Intern, Cloud Security Alliance When CSA was started in 2009, Uber was just a German word for ‘Super’ and all CSA stood for was Community Supported Agriculture. Now in 2019, spending on cloud infrastructure has finally exceeded on-premises, and CSA is celebrating its 10th anniversary. For those who missed the Summit, […]

Read more...

CSA Summit Recap Part 1: Enterprise Perspective

By Elisa Morrison, Marketing Intern, Cloud Security Alliance CSA’s 10th anniversary, coupled with the bestowal of the Decade of Excellence Awards gave a sense of accomplishment to this Summit that bodes well yet also challenges the CSA community to continue its pursuit of excellence. The common theme was the ‘Journey to the Cloud’ and emphasized […]

Read more...

A Decade of Vision

CSA 10th anniversary logo

By Jim Reavis, Co-founder and CEO, Cloud Security Alliance Developing a successful and sustainable organization is dependent upon a lot of factors: quality services, a market vision, focus, execution, timing and maybe a little luck. For Cloud Security Alliance, now celebrating our 10th anniversary, I would add one more factor—believers.  While we have had a few […]

Read more...

Education: A Cloud Security Investigation (CSI)

cloud education painted on pavement

By Will Houcheime, Product Marketing Manager, Bitglass Cloud computing is now widely used in higher education. It has become an indispensable tool for both the institutions themselves and their students. This is mainly because cloud applications, such as such as G Suite and Microsoft Office 365, come with built-in sharing and collaboration functionality – they are designed for efficiency, […]

Read more...

Introducing CAIQ-Lite

CAIQ-Lite: A New Framework for Cloud Vendor Assessment report cover

By Dave Christiansen, Marketing Director, Whistic The Cloud Security Alliance and Whistic are pleased to release CAIQ-Lite beta, a new framework for cloud vendor assessment. CSA and Whistic identified the need for a lighter-weight assessment questionnaire in order to accommodate the shift to cloud procurement models, and to enable cybersecurity professionals to more easily engage with […]

Read more...

Five Years of the GitHub Bug Bounty Program

GitHub logo

By Philip Turnbull, Senior Application Security Engineer, GitHub GitHub launched our Security Bug Bounty program in 2014, allowing us to reward independent security researchers for their help in keeping GitHub users secure. Over the past five years, we have been continuously impressed by the hard work and ingenuity of our researchers. Last year was no different and […]

Read more...

Bitglass Security Spotlight: DoD, Facebook & NASA

red arrow with news icon

By Will Houcheime, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks:  —Cybersecurity vulnerabilities found in US missile system—Facebook shares private user data with Amazon, Netflix, and Spotify—Personal information of NASA employees exposed—Chinese nationals accused of hacking into major US company databases—Private complaints of Silicon Valley employees exposed via Blind Cybersecurity […]

Read more...

Rocks, Pebbles, Shadow IT

By Rich Campagna, Chief Marketing Officer, Bitglass Way back in 2013/14, Cloud Access Security Brokers (CASBs) were first deployed to identify Shadow IT, or unsanctioned cloud applications. At the time, the prevailing mindset amongst security professionals was that cloud was bad, and discovering Shadow IT was viewed as the first step towards stopping the spread of cloud […]

Read more...

Rethinking Security for Public Cloud

Symantec’s Raj Patel highlights how organizations should be retooling security postures to support a modern cloud environment By Beth Stackpole, Writer, Symantec Enterprises have come a long way with cyber security, embracing robust enterprise security platforms and elevating security roles and best practices. Yet with public cloud adoption on the rise and businesses shifting to […]

Read more...

Bitglass Security Spotlight: Financial Services Facing Cyberattacks

By Will Houcheime, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent months: —Customer information exposed in Bankers Life hack—American Express India leaves customers defenseless—Online HSBC accounts breached—Millions of dollars taken from major Pakistani banks—U.S. government infrastructure accessed via DJI drones Customer information exposed in Bankers Life hack566,000 individuals have been notified […]

Read more...

The 12 Most Critical Risks for Serverless Applications

12 Most Critical Risks for Serverless Applications 2019 report cover

By Sean Heide, CSA Research Analyst and Ory Segal, Israel Chapter Board Member When building the idea and thought process around implementing a serverless structure for your company, there are a few key risks one must take into account to ensure the architecture is gathering proper controls when speaking to security measures and how to […]

Read more...

SaaS Apps and the Need for Specialized Security

computing diagram hovering over computer interface

By Paul Sullivan, Software Engineer, Bitglass Keeping cloud services running is a complex, multi-faceted endeavor for cloud service providers. They need to juggle adding new features, keeping their customers’ sensitive data secure, and having high uptime for their services – there is virtually no room for error. Microsoft learned about the need for high uptime […]

Read more...

Deciphering DevSecOps

two gears

Security needs to be an integral part of the DevOps roadmap. Enterprise Strategy Group’s Doug Cahill shows the way By Beth Stackpole, Writer, Symantec Security has moved to the forefront of the IT agenda as organizations push forward with digital transformation initiatives. At the same time, DevOps, a methodology that applies agile and lean principles […]

Read more...

Bitglass Security Spotlight: Breaches Expose Millions of Emails, Texts, and Call Logs

red arrow with news icon

By Will Houcheime, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks:  —773 million email accounts published on hacking forum— Unprotected FBI data and Social Security numbers found online — Millions of texts and call logs exposed on unlocked server—South Korean Defense Ministry breached by hackers—Ransomware forces City Hall of Del […]

Read more...