CSA Blog

  • Originally published by Contino. Written by Marcus Maxwell, Security Practice Lead, Contino. Comparison might be the thief of joy, but it can also be a vital sign that you’re on the right (or wrong) track. Our customers often ask us how their security postures compare to those of...
  • Originally published by Tigera. Written by Senthil Nithiyananthan, Tigera. As organizations transition from monolithic services in traditional data centers to microservices architecture in a public cloud, security becomes a bottleneck and causes delays in achieving business goals...
  • Originally published by Mitiga. Written by Doron Karmi, Deror Czudnowski, Ariel Szarf, and Or Aspir, Mitiga. On January 4, CircleCI published a statement announcing the investigation of a security incident. In this technical blog, we will share how to hunt for malicious behavior...
  • Originally published by Ermetic. As user credentials become a coveted target for attackers, IAM (Identity Access Management) technologies are gaining popularity among enterprises. IAM tools are used in part to implement identity-based access security practices in the cloud. But is...
  • Originally published by A-LIGN. With bad actors targeting sensitive data, many organizations are looking for new ways to monitor and improve their data security. Enter: ISO/IEC 27001:2013. A useful way to establish credibility with stakeholders, customers, and partners, ISO 27001...
  • Written by Jesse Butts, Head of Content & Communications, AppOmni. While our colleagues were winding down for the holidays, cybersecurity professionals spent the tail-end of 2022, and first week of 2023, responding to major SaaS breaches. Late December ushered in disclosures...
  • Originally published by Schellman. Written by Jon Coffelt, Schellman. When you compare the two tallest mountains in the world—K2 and Everest—some of the facts might surprise you. For instance, did you know that K2’s climbing route is more technical than that of the tallest mountain...
  • Originally published by Dazz. Written by Eyal Golombek, Director of Product Management, Dazz. Risk can go undetected when full context of the SDLC is missing Risk to cloud environments originates from multiple possible sources. Managing cloud risk requires a deep understanding of...
  • Originally published by Valtix. Written by Vijay Chander, Valtix. As we work with enterprise cloud security architects daily, it’s abundantly clear that one of the top priorities in 2023 is how to standardize security policy enforcement through improved network architecture across...
  • Originally published by Mitiga on November 16, 2022. Written by Ariel Szarf, Doron Karmi, and Lionel Saposnik. TL; DR: The Mitiga Research Team recently discovered hundreds of databases being exposed monthly, with extensive Personally Identifiable Information (PII) leakage. Leaking...
  • Originally published by Nasuni. Written by Joel Reich, Nasuni. The menace of ransomware is driving increased security spending as organizations try to harden their systems against potential attacks, but ransomware is a new kind of threat. You can’t simply deploy tools to defend against...
  • Originally published by Netography. Written by Martin Roesch, CEO, Netography. You don’t bring a knife to a gunfight. Yet, that’s exactly what we’re doing when we try to secure today’s atomized networks with piecemeal approaches and network security architectures designed decades...
  • Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. Migration to the cloud ecosystem has had a profound impact on all aspects of business, as the cloud provides many benefits and gives an enterprise a strategic advantage. The...
  • Originally published by CAS Assurance. What is the CSA STAR Registry? The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry maintained by CSA and it documents the security, privacy and compliance postures of the cloud...
  • Written by the Cloud Incident Response Working Group. In today’s connected era, a comprehensive incident response strategy is an integral aspect of any organization aiming to manage and lower its risk profile. Many organizations and enterprises without a solid incident response plan...