Recommendations for IoT Firmware Update Processes: Addressing complexities in a vast ecosystem of connected devices

IoT Firmware Update Processes report cover

By Sabri Khemissa, IT-OT-Cloud Cybersecurity Strategist,Thales Traditionally, updating software for IT assets involves three stages: analysis, staging, and distribution of the update—a process that usually occurs during off-hours for the business. Typically, these updates apply cryptographic controls (digital signatures) to safeguard the integrity and authenticity of the software. However, the Internet of Things (IoT), with its […]


PCI Compliance for Cloud Environments: Tackle FIM and Other Requirements with a Host-Based Approach

PCI compliance for cloud

By Patrick Flanders, Director of Marketing, Lacework Compliance frameworks and security standards are necessary, but they can be a burden on IT and security teams. They provide structure, process, and management guidelines that enable businesses to serve customers and interoperate with other organizations, all according to accepted guidelines that facilitate a better experience for end […]


Software-Defined Perimeter Architecture Guide Preview: Part 3

cyber security, lock

Part 3 in a four-part series By Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc. Thanks for returning for our third blog posting, providing a preview of the forthcoming Software-Defined Perimeter (SDP) Architecture Guide. In this article, we’re focusing on the “Core SDP Concepts” section of the document, which introduces the underlying principles of SDP, […]


Pwned Passwords – Have Your Credentials Been Stolen?

hacker in a hoodie staring at data screen

By Paul Sullivan, Software Engineer, Bitglass Data breaches now seem to be a daily occurrence. In recent months, Have I Been Pwned (HIBP) introduced  Pwned Passwords, which allows you to securely check your password against a database of breach data. There are over 280 breaches in the database, and that’s only the tip of the iceberg. Breaches aren’t just a problem for the users who lose their data, but for […]


Join CSA’s New DC Metro Area Chapter

The Cloud Security Alliance (CSA) is pleased to announce that its DC Metro Area chapter has been chartered to serve the DC metro area CSA membership. The chapter’s region includes a diverse range of businesses, government organizations and academic institutions who all have an interest in well-engineered, secure IT systems, including many heavily regulated industries such as […]


Avoiding Holes in Your AWS Buckets

AWS cloud

By Sanjay Kalra, CPO & Co-Founder, Lacework Enterprises are moving to the cloud at a breathtaking pace, and they’re taking valuable data with them. Hackers are right behind them, hot on the trail of as much data as they can steal. The cloud upends traditional notions of networks and hosts, and it topples security practices that […]


US CLOUD Act Drives Adoption of Cloud Encryption

police badge close-up

By Rich Campagna, Chief Marketing Officer, Bitglass The US Clarifying Lawful Overseas Use of Data (CLOUD) Act was quietly enacted into law on March 23, 2018. I say quietly due to the controversial nature of how it was passed—snuck into the back of a 2,300 page Federal spending bill on the eve of Congress’ vote. While debate […]


California’s CCPA Brings EU Data Privacy to the US

California state flag

By Rich Campagna, Chief Marketing Officer, Bitglass Over the summer a new data privacy law, the California Consumer Privacy Act of 2018 (CCPA), was passed. Assembly Bill 375 is scheduled to go into effect on Jan 1, 2020, which means there will likely be a lot of change before we see the final, enforced version of the […]


Software-Defined Perimeter Architecture Guide Preview: Part 2

cyber security, lock

Part 2 in a four-part series By Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc. Thanks for returning for the second blog posting, providing a preview of the forthcoming Software-Defined Perimeter (SDP) Architecture Guide (Read Part 1). In this article, we focus on the “SDP Scenarios” section of the document, which briefly introduces the primary […]


EU GDPR vs US: What Is Personal Data?

GDPR-personal data screen shot

  By Rich Campagna, Chief Marketing Officer, Bitglass May 25, 2018—GDPR enforcement day,—has come and gone with little fan fare (and about 6 quadrillion privacy policy updates), but that doesn’t mean we all know what to do to get into compliance. In fact, some measures put only one third of organizations in compliance as of the deadline, […]


CVE and Cloud Services, Part 1: The Exclusion of Cloud Service Vulnerabilities

Example of CVE and other associated information

By Kurt Seifried, Director of IT, Cloud Security Alliance and Victor Chin, Research Analyst, Cloud Security Alliance The vulnerability management process has traditionally been supported by a finely balanced ecosystem, which includes such stakeholders as security researchers, enterprises, and vendors. At the crux of this ecosystem is the Common Vulnerabilities and Exposures (CVE) identification system. In order […]


Software-Defined Perimeter Architecture Guide Preview

cyber security, lock

Part 1 in a four-part series. By Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc. The Software-Defined Perimeter (SDP) Working Group was founded five years ago, with a mission to promote and evangelize a new, more secure architecture for managing user access to applications. Since the initial publication of the SDP Specification, we’ve witnessed growing […]


Convincing Organizations to Say “Yes to InfoSec”

security turned on in smartphone

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Security departments have their hands full. The first half of my career was government-centric, and we always seemed to be the “no” team, eliminating most initiatives before they started. The risks were often found to outweigh the benefits, and unless there was a very strong executive sponsor, say the […]


What Is a CASB?

cartoon of man asking What is a CASB

By Dylan Press, Director of Marketing, Avanan Email is the #1 attack vector. Cloud Account Takeover is the #1 attack target. A CASB is the best way to protect against these threats. Gartner first defined the term Cloud Access Security Broker (CASB) in 2011, when most IT applications were hosted in the data center and […]


Avoiding Cyber Fatigue in Four Easy Steps

coffee cup by an IT worker's screen indicating cyber fatigue

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Cyber alert fatigue. In the cybersecurity space, it is inevitable. Every day, there will be a new disclosure, a new hack, a new catchy title for the latest twist on an old attack sequence. As a 23-year practitioner, the burnout is a real thing, and it unfortunately comes in […]


Methodology for the Mapping of the Cloud Controls Matrix

By Victor Chin, Research Analyst, Cloud Security Alliance The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud customers seeking to assess the overall security risk of a cloud service. To reduce compliance fatigue in the cloud services industry, the CCM program also includes controls mappings […]


Top Security Tips for Small Businesses

employees discussing top small business security tips

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Most small businesses adopt some sort of cloud offering, be it Software as a Service like Quickbooks or Salesforce, or even renting computers in Amazon Web Services or Microsoft’s Azure, in an Infrastructure as a Service environment. You get Fortune 50 IT support, including things that a small business […]


Updated CCM Introduces Reverse Mappings, Gap Analysis

CCM logo

By Sean Cordero, VP of Cloud Strategy, Netskope Since its introduction in 2010, the Cloud Security Alliance’s Cloud Control Matrix (CCM) has led the industry in the measurement of cloud service providers (CSP). The CCM framework continues to deliver for CSPs and cloud consumers alike a uniform set of controls to measure the security readiness […]


Cybersecurity Trends and Training Q and A

cybersecurity word montage

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Q: Why is it important for organizations and agencies to stay current in their cybersecurity training? A: Changes accelerate in technology. There’s an idea called Moore’s Law, named after Gordon Moore working with Intel, that the power of a micro-chip doubles every 18 months. When combined with the virtualization […]