Cloud 101CircleEventsBlog
The CCSK v5 and Security Guidance v5 are now available!

All Articles

All Articles
Enhancing AI Reliability: Introducing the LLM Observability & Trust API

Blog Published: 07/19/2024

Written by CSA Research Analysts Marina Bregkou and Josh Buker.Based on the idea presented by Nico Popp in ‘A trust API to enable large language models observability & security (LLMs)’.IntroductionLarge Language Models (LLMs) are becoming integral to numerous applications, from chatbots to c...

NHL Attacks Making Waves: Insights on Latest 5 Incidents

Blog Published: 07/19/2024

Originally published by Astrix.Non-human identity (NHI) attacks are making waves in the cybersecurity landscape, with five high-profile incidents reported in the past few weeks alone. To help you stay on top of this threat vector, our research team provides insights on the latest incidents in thi...

Assessment, Remediation, and Certification Framework for Anything as a Service (XaaS) Products

Blog Published: 07/19/2024

Written by the CSA Enterprise Authority to Operate (EATO) Working Group.Introduction by Jim Reavis, CEO of the Cloud Security AllianceI would say that a lesson learned from spending many years in the cybersecurity industry is that one-size-fits-all solutions are rarely the approach we need to tak...

10 Important Questions to Add to Your Security Questionnaire

Blog Published: 07/18/2024

Originally published by Vanta.The technology your organization uses is integral to its success. When selecting vendors, security should be at the forefront of your decision. A strong vendor review process is crucial for selecting partners that align with your company's security goals, and securit...

Breach Debrief: Twilio’s Authy Breach is a MFA Wakeup Call

Blog Published: 07/18/2024

Originally published by Adaptive Shield.Inside the HackEarlier this week, Twilio issued a security alert informing customers that hackers had exploited a security lapse in the Authy API to verify Authy MFA phone numbers. Hackers were able to check if a phone number was registered with Authy by fe...

New Cloud Security Guidance from CSA

Blog Published: 07/17/2024

In the last seven years, several revolutionary developments have occurred in the cloud computing industry. Considering the impact of these changes, CSA has released a new version of our Security Guidance for Critical Areas of Focus in Cloud Computing. We have completely revamped this updated 5th ...

3 Reasons Data Access & Data Classification Are Crucial

Blog Published: 07/17/2024

Originally published by Cyera. Written by Jaye Tillson.The digital revolution has irrevocably transformed our world. From the constant stream of social media updates to the ever-growing network of internet-connected devices, we generate a staggering amount of data every single day. Experts at IDC...

The Leadership Tightrope: Why Leading in Today's Workforce is a Balancing Act

Blog Published: 07/17/2024

Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.Leadership. It's a word that's often tossed around (as if we all understand what it is and how it’s performed). Yet, truly effective leaders are very hard to find. Some might see leadership as a natural p...

CCSK v5: Updated Cloud Security Knowledge with a Unique Pedigree

Blog Published: 07/16/2024

Written by Martin Hall.Cloud computing continues to become even more pivotal to business and consumer lives. AI has added a disruptive new dimension and set of opportunities to add further cloud power and complexity. And Zero Trust has emerged as a central principle for securing cloud assets. As ...

Streamlining Compliance: Leveraging OSCAL Automation for Effective Risk Management

Blog Published: 07/16/2024

Originally published by RegScale.Written by Esty Peskowitz.Navigating FedRAMP compliance complexities is growing more challenging by the day. The use of automation in everyday activities has become a necessity for security professionals. During a fireside chat at Coalfire’s RAMPCon event on June ...

Cloud Security Alliance Sets New Standard in Cloud Security Expertise with the Certificate of Cloud Security Knowledge (CCSK) v5

Press Release Published: 07/16/2024

Latest version of CSA’s vendor-neutral, cloud security training and certificate provides a comprehensive catalog of the essential knowledge cybersecurity professionals need to masterSEATTLE – July 16, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining...

Data Breach Accountability: Who’s to Blame?

Blog Published: 07/16/2024

Written by Chad Walter, CRO, Paperclip. Data breaches have surged in frequency and cost—to the tune of $8 trillion dollars globally in 2023. And this isn’t just impacting the companies who are breached; these costs impact customer trust and contribute to global inflation. We are also seeing a m...

Buckle Up: BEC and VEC Attacks Target Automotive Industry

Blog Published: 07/15/2024

Originally published by Abnormal Security.Written by Mick Leach.While every organization across every vertical is at risk of experiencing advanced email attacks, there are certain industries that, for various reasons, periodically become the go-to target for threat actors. Our research revealed t...

Non-Human Identity Management

Blog Published: 07/15/2024

Originally published by Oasis.Non-human identities, or NHIs, serve as digital gatekeepers, enabling secure machine-to-machine and human-to-machine access and authentication within modern enterprise systems. The push for innovation has led to the adoption of microservices, third-party solutions, a...

The Importance of STAR Level 1 for Achieving STAR Level 2: A Comprehensive Overview

Blog Published: 07/12/2024

As organizations strive to enhance their security posture and demonstrate compliance with industry standards, the Cloud Security Alliance (CSA) STAR certification program offers a robust framework for cloud security assurance. However, the journey from STAR Level 1 to STAR Level 2 involves more t...

Analysis of the 2024 Verizon Data Breach Investigations Report

Blog Published: 07/12/2024

Originally published by BARR Advisory.The 2024 Verizon Data Breach Investigations Report (DBIR)—an annual report examining dominant trends in data breaches and cyberattacks throughout the world—is now out for review. Verizon began releasing this report in 2008, and throughout its tenure it has se...

The Cybersecurity Tower of Babel Requires Focus on Business Fundamentals: Part 1

Blog Published: 07/11/2024

Written by Elad Yoran & Patricia Schouker. The adage "the only constant is change" was relevant at this year’s RSA Conference when it comes to enterprise cybersecurity. While much attention was appropriately focused on the possible implications of AI on security, conversations with CISOs indi...

Hacking Paris 2024: Olympic Cyber Threats

Blog Published: 07/11/2024

Originally published by CXO REvolutionaries. Written by Rob Sloan, VP, Cybersecurity Advocacy, Zscaler.Despite repeated predictions of cyber-fueled chaos at the Olympic and Paralympic Games since at least 2004, to date, no Olympics has ever been significantly disrupted. There is reason to believe...

Cloud Security Alliance Announces 2024 Chapter Ambassadors List

Press Release Published: 07/11/2024

Annul program recognizes individuals who best exemplify CSA valuesSEATTLE – July 11, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, is pleased to an...

Combatting Data Security Cluelessness

Blog Published: 07/11/2024

Written by Nikhil Girdhar, Sr. Director of Data Security, Securiti AI.In cybersecurity, the old adage you 'can’t protect what you can’t see' rings especially true. While the initial step of discovering and classifying sensitive data is critical, it's just the beginning. Many security teams find t...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.