Rocks, Pebbles, Shadow IT

bed of small rocks and gravel

By Rich Campagna, Chief Marketing Officer, Bitglass Way back in 2013/14, Cloud Access Security Brokers (CASBs) were first deployed to identify Shadow IT, or unsanctioned cloud applications. At the time, the prevailing mindset amongst security professionals was that cloud was bad, and discovering Shadow IT was viewed as the first step towards stopping the spread of cloud […]


Rethinking Security for Public Cloud

Symantec’s Raj Patel highlights how organizations should be retooling security postures to support a modern cloud environment By Beth Stackpole, Writer, Symantec Enterprises have come a long way with cyber security, embracing robust enterprise security platforms and elevating security roles and best practices. Yet with public cloud adoption on the rise and businesses shifting to […]


Bitglass Security Spotlight: Financial Services Facing Cyberattacks

By Will Houcheime, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent months: —Customer information exposed in Bankers Life hack—American Express India leaves customers defenseless—Online HSBC accounts breached—Millions of dollars taken from major Pakistani banks—U.S. government infrastructure accessed via DJI drones Customer information exposed in Bankers Life hack566,000 individuals have been notified […]


The 12 Most Critical Risks for Serverless Applications

12 Most Critical Risks for Serverless Applications 2019 report cover

By Sean Heide, CSA Research Analyst and Ory Segal, Israel Chapter Board Member When building the idea and thought process around implementing a serverless structure for your company, there are a few key risks one must take into account to ensure the architecture is gathering proper controls when speaking to security measures and how to […]


SaaS Apps and the Need for Specialized Security

computing diagram hovering over computer interface

By Paul Sullivan, Software Engineer, Bitglass Keeping cloud services running is a complex, multi-faceted endeavor for cloud service providers. They need to juggle adding new features, keeping their customers’ sensitive data secure, and having high uptime for their services – there is virtually no room for error. Microsoft learned about the need for high uptime […]


Deciphering DevSecOps

two gears

Security needs to be an integral part of the DevOps roadmap. Enterprise Strategy Group’s Doug Cahill shows the way By Beth Stackpole, Writer, Symantec Security has moved to the forefront of the IT agenda as organizations push forward with digital transformation initiatives. At the same time, DevOps, a methodology that applies agile and lean principles […]


Bitglass Security Spotlight: Breaches Expose Millions of Emails, Texts, and Call Logs

red arrow with news icon

By Will Houcheime, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks:  —773 million email accounts published on hacking forum— Unprotected FBI data and Social Security numbers found online — Millions of texts and call logs exposed on unlocked server—South Korean Defense Ministry breached by hackers—Ransomware forces City Hall of Del […]


Security Risks and Continuous Development Drive Push for DevSecOps

curved steel bridge

How the need to speed application creation and subsequent iterations has catalyzed the adoption of the DevOps philosophy By Dwight B. Davis, Writer, Symantec The sharp rise in cyber security attacks and damaging breaches in recent years has driven a new mantra among both application developers and security professionals: “Build security in from the ground […]


CCSK Success Stories: From the Financial Sector

CCSK Success Stories interview with John Checco

By the CSA Education Team This is the second part in a blog series on Cloud Security Training. Today we will be interviewing an infosecurity professional working in the financial sector. John C Checco is President Emeritus for the New York Metro InfraGard Members Alliance, as well as an Information Security professional providing subject matter […]


CCM Addenda Updates for Two Additional Standards


By the CSA CCM Working Group Dear Colleagues, We’re happy to announce the publication of the updated Cloud Controls Matrix (CCM) Addenda for the following standards: — German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5) — ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018 These CCM addenda aim to help organizations assess […]


Addressing the Skills Gap in Cloud Security Professionals

By Ryan Bergsma, Training Program Director, CSA One of the math lessons that has always stuck with me from childhood is that if you took a penny and doubled it every day for a month,  it would make you a millionaire. In fact, it wouldn’t even take the whole month, you would be a millionaire on […]


Keeping Your Boat Afloat with a Cloud Access Security Broker

boat on an Alpine lake

By Prasidh Srikanth, Senior Product Manager, Bitglass If you were on a sinking ship that was full of holes of various sizes, which ones would you patch first? Probably the big ones. Now, consider this: As an enterprise, you’ve been successfully sailing and securing your corporate data on premises for some time. However, now you’re migrating […]


Development of Cloud Security Guidance, with Mapping MY PDPA Standard to CCM Control Domains, Jointly Developed by MDEC and CSA


By Ekta Mishra, Research Analyst/APAC, Cloud Security Alliance The Cloud Security Alliance Cloud Controls Matrix (CCM) provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the CSA CCM rest on its customized relationship to other industry-accepted […]


OneTrust and Cloud Security Alliance Partner to Launch Free Vendor Risk Tool for CSA Members

CSA OneTrust Vendor Risk Management Software

By Gabrielle Ferree, Public Relations and Marketing Manager, OneTrust OneTrust is excited to announce that we have partnered with Cloud Security Alliance to launch a free Vendor Risk Management (VRM) tool. The tool, available to CSA members today, automates the vendor risk lifecycle for compliance with the GDPR, CCPA and other global privacy frameworks. Get started […]


Typical Challenges in Understanding CCSK and CCSP: Technology Architecture

CCSK exam

By Peter HJ van Eijk, Head Coach and Cloud Architect, As cloud computing is becoming increasingly mainstream, more people are seeking cloud computing security certification. Because I teach prep courses for the two most popular certifications—the Certificate of Cloud Security Knowledge (CCSK), organized by the Cloud Security Alliance (CSA), and the Certified Cloud Security […]


Bitglass Security Spotlight: US Government Breaches Abound

man reading cybersecurity headlines in newspaper

By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity headlines of recent weeks: — breached —US weapons systems contain cybersecurity gaps —Over 35 million US voter records for sale —National Guard faces ransomware attack breached 75,000 people had their personal details stolen when hackers breached a government system that is frequently used […]


Documentation of Distributed Ledger Technology and Blockchain Use

Beyond Cryptocurrency blockchain DLT use cases

By Ashish Mehta, Co-chair, CSA Blockchain/Distributed Ledger Working Group CSA’s newest white paper, Beyond Cryptocurrency: Nine Relevant Blockchain and Distributed Ledger Technology (DLT) Use Cases, aims to identify wider use cases for both technologies beyond just cryptocurrency, an area with which both technologies currently have the widest association. In the process of outlining several use […]


How to Do the Impossible and Secure BYOD

Mission Impossible: Securing BYOD report cover

By Will Houcheime, Product Marketing Manager, Bitglass The use of cloud tools in the enterprise is becoming increasingly common, enabling employees to collaborate and work incredibly efficiently. On top of this, when employees are allowed to work from their personal devices (known as bring your own device or BYOD), it makes it even easier for them to […]


Fixing Your Mis-Deployed NGFW

firewall logo image

By Rich Campagna, Chief Marketing Officer, Bitglass The Firewall/Next-Gen Firewall has been the cornerstone of information security strategy for decades now. The thing is, changes in network traffic patterns have resulted in most firewalls protecting a smaller and smaller percentage of enterprise network traffic over time. This post will illustrate the root cause of these firewall mis-deployments, […]