Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Download Presentations from the CSA AI Summit at RSAC Now

All Articles

Home
All Articles
Building a SOC for Compliance

Blog Published: 04/11/2024

Originally published by RegScale.There are not many things I have hated in my professional life more than getting surprised in an audit. It is embarrassing, damages your credibility, and makes it harder to accomplish your strategic goals as you get distracted by fighting the small forest fires th...

Ensuring Trust and Compliance: The Importance of Accredited Auditors for ISO 27001

Blog Published: 04/11/2024

Originally published by BARR Advisory.Written by Cameron Kline, Director, Attest Services, BARR Advisory.As an internationally recognized certification, ISO 27001 is one of the most highly regarded and thorough cybersecurity assessments an organization can undergo. Achieving and maintaining an IS...

The Secret to Supercharging LLMs: It's Not Answers, It's Questions

Blog Published: 04/10/2024

Written by Dr. Chantal Spleiss, Co-Chair of the CSA AI Governance & Compliance Working Group.Stop talking to your AI, start collaborating with it. Prompt engineering is the key to unlocking the full potential of LLMs. This mastery of questioning is so valuable that a prompt engineer may earn ...

Securing Non-Human Identities: Lessons from the Cloudflare Breach

Blog Published: 04/10/2024

Originally published by Oasis Security. Written by Roey Rozi, Director of Solutions Architecture, Oasis Security. Cloudflare disclosed on February 2nd that it had been breached by a suspected nation-state attacker. This breach exploited multiple unrotated and exposed secrets. The chain of events ...

Why Cyber Defenders Should Embrace a Hacker Mindset

Blog Published: 04/10/2024

Originally published by Pentera. Written by Nelson Santos. Today’s security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introduci...

Powerful Cloud Permissions You Should Know: Part 2

Blog Published: 04/09/2024

Originally published by Sonrai Security.Written by Tally Shea and Deirdre Hennigar.MITRE ATT&CK Framework: PersistenceThis blog is the second publication in a series exploring the most powerful cloud permissions and how they map to the MITRE ATT&CK Framework. If you have not yet read the ...

Mapping the Impact of Cloud Remediation

Blog Published: 04/09/2024

Originally published by Tamnoon. Written by Michael St.Onge, Principal Security Architect, Tamnoon. What is impact analysis?Performing an impact analysis is a critical step in the cloud remediation process that employs methodical techniques to answer the questions: “What might go wrong if we impl...

Threats to Water: The Achilles’ Heel of Critical Infrastructure

Blog Published: 04/08/2024

Originally published by CXO REvolutionaries.Written by David Cagigal, Former CIO of the State of Wisconsin.Recent cyberattacks on the water industry raise the prospect of more frequent, widespread, damaging incidents that threaten disruption to lives and livelihoods. I know the chaos that stems f...

Why Do SOC Reports Have to Be Issued By a CPA Firm?

Blog Published: 04/08/2024

Originally published by MJD.Written by Chris Giles, CPA, Senior Manager, MJD.Q: Why do SOC reports have to be issued by a CPA firm?A: MJD AnswerThe simple answer is that SOC engagements are performed in accordance with standards set by the American Institute of Professional Accountants (AICPA). T...

Insider Data Breach at US Telecom Provider is a Wake-Up Call for HR Information Systems Security

Blog Published: 04/08/2024

Originally published by Adaptive Shield.Written by Hananel Livneh. A major player in the US telecommunications industry, with over 117,000 employees, recently experienced an insider data breach that has impacted nearly half of its workforce. The breach, discovered on December 12, 2023, occurred o...

Navigating Your Cloud Journey in 2024: Key Resources from the Cloud Security Alliance

Blog Published: 04/05/2024

Written by Nicole Krenz, Web Marketing Specialist, CSA.The cloud security landscape is ever-evolving, presenting new opportunities and challenges, especially in the realms of AI, compliance and governance, and continuous security education and advancement. The Cloud Security Alliance (CSA) is at ...

The Modern Data Stack Has Changed the Security Landscape

Blog Published: 04/05/2024

Written by Uday Srinivasan, CTO, Acante.The way businesses analyze, transform and share data has radically changed over the past few years. We are in the post-Hadoop era with the Apache Software Foundation retiring over 10 Hadoop-related projects over the last three years. The shift of enterprise...

How the Sys:All Loophole Allowed Us to Penetrate GKE Clusters in Production

Blog Published: 04/05/2024

Originally published by Orca Security. Written by Ofir Yakobi. Following our discovery of a critical loophole in Google Kubernetes Engine (GKE) dubbed Sys:All, we decided to conduct research into the real-world impacts of this issue. Our initial probe already revealed over a thousand vulnerable G...

CSA Turns 15: Kicking Off the Next 85 Years of Cloud Security Excellence

Blog Published: 04/04/2024

As we celebrate the 15th anniversary of the Cloud Security Alliance (CSA), I'm compelled to marvel at our journey from ambitious upstarts to a critical global stakeholder for cybersecurity. Our goal, audacious as it may sound, is not just to leave a mark on the cloud security landscape, but to et...

Runtime is the Way

Blog Published: 04/04/2024

Originally published by Sysdig. Written by James Berthoty. The cloud security market has been totally bizarre ever since it started. Why are we being given a python script to count our workloads? How do we handle sending alerts like “new unencrypted database” to a SOC? What’s the difference betwe...

Detecting Compromised Accounts in Microsoft 365

Blog Published: 04/04/2024

Originally published by InsiderSecurity.IntroductionIn today's digital age, cybersecurity is of paramount importance, with organizations facing an ever-evolving landscape of cyber threats and attacks. InsiderLab (our dedicated team of cybersecurity experts) conducts in-depth research and analysis...

CSA Community Spotlight: Establishing Cloud Security Standards with Dr. Ricci Ieong

Blog Published: 04/03/2024

CSA began establishing standards for cloud security assurance and compliance back in 2009, when the company was officially incorporated and we released the first version of our cloud security best practices. The following year, we developed the Cloud Controls Matrix (CCM), and in 2012, the CSA Se...

Designed to Deceive: 6 Common Look-alike Domain Tactics

Blog Published: 04/03/2024

Originally published by Abnormal Security.Written by Mick Leach.With threat actors lurking around every digital corner, it can sometimes make scrolling through an inbox feel like traversing a minefield. Employing various strategies to deceive their targets, attackers count on end-user oversight t...

More Than Half of Organizations Plan to Adopt Artificial Intelligence (AI) Solutions in Coming Year, According to Report from Cloud Security Alliance and Google Cloud

Press Release Published: 04/03/2024

Significant Generative AI (GenAI) adoption expected in 2024, driven by C-suite prioritizationSEATTLE – April 3, 2024 – A new survey from the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure ...

Key Findings from the 2024 State of Application Security Report

Blog Published: 04/03/2024

Originally published by CrowdStrike. As organizations shift their applications and operations to the cloud and increasingly drive revenues through software, cloud-native applications and APIs have emerged among the greatest areas of modern security risk. According to publicly available data, eigh...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
1
2
4
6
7
8
Last »