Egregious 11 Meta-Analysis Part 1: (In)sufficient Due Diligence and Cloud Security Architecture and Strategy  

By Victor Chin, Research Analyst, CSA On August 6th, 2019, the CSA Top Threats working group released the third iteration of the Top Threats to Cloud Computing report. The following security issues from the previous iteration (“The Treacherous Twelve”) appeared again in the latest report. Data Breaches Account Hijacking Insider Threats Insecure Interfaces and APIs […]

Read more...

Uncovering the CSA Top Threats to Cloud Computing with Jim Reavis

By Greg Jensen, Sr. Principal Director – Security Cloud Business Group, Oracle For the few that attend this year’s BlackHat conference kicking off this week in Las Vegas, many will walk away with an in depth understanding and knowledge on risk as well as actionable understandings on how they can work to implement new strategies to defend against […]

Read more...

The Cloud in the Fight Against Cyber-Bullying

By the Cybersecurity International Institute (CSI) Learn about the upcoming innovative social project on Cyber-bullying using a cloud platform. The CSI Institute (Cybersecurity International Institute) is a non-governmental and not-for-profit organization. Our goal is to contribute to the information, education, and, overall practical awareness of citizens in new technologies, online safety, and cybersecurity issues.  In […]

Read more...

CCM v3.0.1. Update for AICPA, NIST and FedRAMP Mappings

Victor Chin and Lefteris Skoutaris, Research Analysts, CSA The CSA Cloud Controls Matrix (CCM) Working Group is glad to announce the new update to the CCM v3.0.1. This minor update will incorporate the following mappings: Association of International Certified Professional Accountants (AICPA) Trust Services Criteria (TSC) 2017 National Institute of Standards and Technology (NIST) 800-53 […]

Read more...

Quantum Technology Captures Headlines in the Wall Street Journal

By the Quantum-Safe Security Working Group Last month, we celebrated the 50th anniversary of the Apollo 11 moon landing. Apollo, which captured the imagination of the whole world, epitomizes the necessity for government involvement in long term, big science projects. What started as a fierce race between the USA and the USSR at the apex of […]

Read more...

Use Cases for Blockchain Beyond Cryptocurrency

CSA’s newest white paper, Documentation of Relevant Distributed Ledger Technology and Blockchain Use Cases v2 is a continuation of the efforts made in v1. The purpose of this publication is to describe relevant use cases beyond cryptocurrency for the application of these technologies. In the process of outlining several use cases across discrete economic application sectors, […]

Read more...

Organizations Must Realign to Face New Cloud Realities

Jim Reavis, Co-founder and Chief Executive Officer, CSA While cloud adoption is moving fast, many enterprises still underestimate the scale and complexity of cloud threats Technology advancements often present benefits to humanity while simultaneously opening up new fronts in the on-going and increasingly complex cyber security battle. We are now at that critical juncture when […]

Read more...

FedSTAR Pilot Program Status

As the use of cloud technology has become more widespread, the concern about cloud security has increased. Government agencies and private sector users are concerned with protecting data and ensuring service availability.  Many countries and private entities have designed and implemented security programs to increase the level of assurance and trust of cloud services. As a […]

Read more...

4 Reasons Why IT Supervision is a Must in Content Collaboration

By István Molnár, Compliance Specialist, Tresorit For many organizations, workflow supervision is one of the biggest challenges to solve. Ideally users should be properly managed and monitored but sadly, countless organizations suffer from a lack of IT supervision. As a result, there is no telling what users are capable of doing. One of the main […]

Read more...

Signal vs. Noise: Banker Cloud Stories by Craig Balding

A good question to ask any professional in any line of business is: which “industry events” do you attend and why?  Over a few decades of attending a wide variety of events – and skipping many more – my primary driver is “signal to noise” ratio.  In other words, I look for events attended by people that are shaping our industry […]

Read more...

“Shift Left” to Harden Your Cloud Security Posture

This article was originally published on Fugue’s blog here. By Josh Stella, Co-founder & Chief Technology Officer, Fugue After a decade-long uneasy courtship with cloud computing, enterprises are migrating their IT systems to platforms like AWS and Azure as fast as they can. This means the key question for the security team is no longer […]

Read more...

How Traffic Mirroring in the Cloud Works

By Tyson Supasatit, Sr. Product Marketing Manage, ExtraHop Learn how Amazon traffic mirroring and the Azure vTAP fulfill the SOC visibility triad After years of traffic mirroring not being available in the cloud, between Amazon VPC traffic mirroring and the Azure vTAP, it’s finally here! In this lightboard video, we’ll explain what traffic mirroring is […]

Read more...

Highlights from the CSA Summit at Cyberweek

By Moshe Ferber, Chairman, Cloud Security Alliance, Israel and Damir Savanovic, Senior Innovation Analyst, Cloud Security Alliance The city of Tel Aviv is crowded throughout the year with a buzzing cybersecurity ecosystem, but in the last week of June, this ecosystem comes to boil when Tel Aviv University hosts their annual Cyberweek conference – one […]

Read more...

The State of SDP Survey: A Summary

The CSA recently completed its first annual “State of Software-Defined Perimeter” Survey, gauging market awareness and adoption of this modern security architecture – summarized in this infographic. The survey indicates it is still early for SDP market adoption and awareness, with only 24% of respondents claiming that they are very familiar or have fairly in-depth […]

Read more...

Using The CAIQ-Lite to Assess Third Party Vendors

By Dave Christiansen, Marketing Director, Whistic The mere mention of “security questionnaires” can evoke thoughts of hundreds of questions aimed at auditing internal processes in order to mitigate third party risk. This typically means a lengthy process prime to be optimized. While we don’t disagree with being thorough when evaluating third party vendors, in order […]

Read more...