CCM Addenda Updates for Two Additional Standards

By the CSA CCM Working Group Dear Colleagues, We’re happy to announce the publication of the updated Cloud Controls Matrix (CCM) Addenda for the following standards: — German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5) — ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018 These CCM addenda aim to help organizations assess […]

Addressing the Skills Gap in Cloud Security Professionals

By Ryan Bergsma, Training Program Director, CSA One of the math lessons that has always stuck with me from childhood is that if you took a penny and doubled it every day for a month,  it would make you a millionaire. In fact, it wouldn’t even take the whole month, you would be a millionaire on […]

Keeping Your Boat Afloat with a Cloud Access Security Broker

By Prasidh Srikanth, Senior Product Manager, Bitglass If you were on a sinking ship that was full of holes of various sizes, which ones would you patch first? Probably the big ones. Now, consider this: As an enterprise, you’ve been successfully sailing and securing your corporate data on premises for some time. However, now you’re migrating […]

Development of Cloud Security Guidance, with Mapping MY PDPA Standard to CCM Control Domains, Jointly Developed by MDEC and CSA

By Ekta Mishra, Research Analyst/APAC, Cloud Security Alliance The Cloud Security Alliance Cloud Controls Matrix (CCM) provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the CSA CCM rest on its customized relationship to other industry-accepted […]

OneTrust and Cloud Security Alliance Partner to Launch Free Vendor Risk Tool for CSA Members

By Gabrielle Ferree, Public Relations and Marketing Manager, OneTrust OneTrust is excited to announce that we have partnered with Cloud Security Alliance to launch a free Vendor Risk Management (VRM) tool. The tool, available to CSA members today, automates the vendor risk lifecycle for compliance with the GDPR, CCPA and other global privacy frameworks. Get started […]

Typical Challenges in Understanding CCSK and CCSP: Technology Architecture

By Peter HJ van Eijk, Head Coach and Cloud Architect, ClubCloudComputing.com As cloud computing is becoming increasingly mainstream, more people are seeking cloud computing security certification. Because I teach prep courses for the two most popular certifications—the Certificate of Cloud Security Knowledge (CCSK), organized by the Cloud Security Alliance (CSA), and the Certified Cloud Security […]

Bitglass Security Spotlight: US Government Breaches Abound

By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity headlines of recent weeks: —Healthcare.gov breached —US weapons systems contain cybersecurity gaps —Over 35 million US voter records for sale —National Guard faces ransomware attack Healthcare.gov breached 75,000 people had their personal details stolen when hackers breached a government system that is frequently used […]

Cloud Threat Report: Emotet, Dridex, Mylobot Malware Activity – Week of 11/26

By Curtis Jordan, Lead Security Engineer, TruSTAR In TruSTAR, we see that Emotet has been on the rise, particularly over the last two weeks. Also, because of crossover with Dridex C&C servers, we’re seeing an increase in Dridex activity as well. Another piece of malware to be on the lookout for is Mylobot. Mylobot is a highly sophisticated […]

Documentation of Distributed Ledger Technology and Blockchain Use

By Ashish Mehta, Co-chair, CSA Blockchain/Distributed Ledger Working Group CSA’s newest white paper, Beyond Cryptocurrency: Nine Relevant Blockchain and Distributed Ledger Technology (DLT) Use Cases, aims to identify wider use cases for both technologies beyond just cryptocurrency, an area with which both technologies currently have the widest association. In the process of outlining several use […]

How to Do the Impossible and Secure BYOD

By Will Houcheime, Product Marketing Manager, Bitglass The use of cloud tools in the enterprise is becoming increasingly common, enabling employees to collaborate and work incredibly efficiently. On top of this, when employees are allowed to work from their personal devices (known as bring your own device or BYOD), it makes it even easier for them to […]