Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Get 50% off the Cloud Infrastructure Security training bundle with code 'unlock50advantage'

All Articles

Home
All Articles
Modern Day Vendor Security Compliance Begins with the STAR Registry

Blog Published: 12/20/2024

We require a modern approach to accurately assess our use of current technology.This month marks 25 years since I managed my first cybersecurity attack. At the time, I was CTO for an internet service provider that suffered the compromise, which in those days was mostly script kiddies defacing we...

Texas Attorney General’s Landmark Victory Against Google

Blog Published: 12/20/2024

Originally published by Truyo.Texas Attorney General Ken Paxton has successfully challenged Google’s monopolistic practices, with the U.S. District Court for the District of Columbia ruling in favor of Paxton’s allegations. The court found that Google’s business conduct violated the Sherman Act, ...

10 Fast Facts About Cybersecurity for Financial Services—And How ASPM Can Help

Blog Published: 12/20/2024

Originally published by Dazz.Written by Jordan McMahon.It should shock no one that financial services organizations are a major target for cybercrime. In fact, according to the World Economic Forum, financial organizations are the number 2 target, “accounting for 8.3% of attacks on critical infra...

How to Demystify Zero Trust for Non-Security Stakeholders

Blog Published: 12/19/2024

Written by Erick Tauil, Presales Engineer.Alright, let’s dive into a topic that often feels like a riddle wrapped in an enigma: Zero Trust. Communicating its concepts to non-security stakeholders can be quite frustrating and often met with a blank stare. After 15 years in cybersecurity, I’ve seen...

Winning at Regulatory Roulette: Innovations Shaping the Future of GRC

Blog Published: 12/19/2024

Originally published by RegScale.Written by Esty Peskowitz.Governance, Risk, and Compliance (GRC) demands continuous adaptation and vigilance, transcending its role as a mere business necessity. In the ever-changing world of compliance, companies are often caught in a high-stakes game we call re...

Why Digital Pioneers are Adopting Zero Trust SD-WAN to Drive Modernization

Blog Published: 12/19/2024

Originally published by CXO REvolutionaries.Written by Mike Gemza, CTO, Cornerstone Building Brands.At a time when cyberthreats are becoming more advanced and network infrastructure needs are increasing, it's not just important to use a zero trust approach to software-defined wide-area networks (...

The EU AI Act and SMB Compliance

Blog Published: 12/18/2024

Originally published by Scrut Automation.Written by Nicholas Muy, Chief Information Security Officer, Scrut Automation.On July 12, 2024, the European Union (EU) Official Journal published the full text of the AI Act. This set into motion the final chapter of the most impactful security and privac...

Managed Security Service Provider (MSSP): Everything You Need to Know

Blog Published: 12/18/2024

Originally published by Vanta.The security and compliance landscape is ever-evolving, meaning the demands organizations need to meet today can change rapidly. While most IT teams have defined processes to handle these requirements, they may not have the capacity to address all the tasks necessary...

Decoding the Volt Typhoon Attacks: In-Depth Analysis and Defense Strategies

Blog Published: 12/17/2024

Originally published by InsiderSecurity.The Volt Typhoon campaign has raised alarms across cybersecurity circles, targeting critical infrastructure with stealthy and sophisticated techniques. This analysis breaks down the methods, exploitation tactics, and practical defenses organizations can emp...

Threats in Transit: Cyberattacks Disrupting the Transportation Industry

Blog Published: 12/17/2024

Originally published by Abnormal Security.Written by Mike Britton.The transportation industry is the lifeblood of the global economy—moving goods, people, and essential services across borders and cities. However, as the world becomes increasingly interconnected, so too does the vulnerability of ...

Top Threat #7 - Data Disclosure Disasters and How to Dodge Them

Blog Published: 12/16/2024

Written by CSA’s Top Threats Working Group.In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whethe...

Zero-Code Cloud: Building Secure, Automated Infrastructure Without Writing a Line

Blog Published: 12/16/2024

Written by Rahul Kalva.Abstract In today’s fast-paced DevOps environment, the demand for agile infrastructure deployment is driving innovation beyond traditional Infrastructure-as-Code (IaC). Code-less deployment solutions represent a breakthrough, enabling teams to automate infrastructure setup...

Break Glass Account Management Best Practices

Blog Published: 12/16/2024

Originally published by Britive.In today’s multi-cloud environments, organizations face growing challenges in managing privileged access securely. Break glass accounts are crucial for administrative access, but if mishandled, they can introduce significant security risks to your organization. In ...

Test Time Compute

Blog Published: 12/13/2024

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR.Everyone seems to talk about Test-Time Computation or Test Time Compute (TTC) as a way to scale the reasoning capability of large language models (LLMs). What is it about and why is it important now? This blog post is a...

Achieving Cyber Resilience with Managed Detection and Response

Blog Published: 12/13/2024

Originally published by HCLTech.Written by B. Mani Shankar, Global Manager – MDR, Cyber Threat Intel & Incident Response Services, Cybersecurity, HCLTech. In today’s hyper-connected digital landscape, cyber threats have become more sophisticated, pervasive and difficult to detect. With bus...

Vulnerability Management Isn't About Finding Issues — It's About Fixing Them in Context

Blog Published: 12/13/2024

Originally published by Dazz.Written by Daniel Miessler.I think a lot about Vulnerability Management because I think it's a proxy for a lot that's wrong with Cybersecurity. Plus I've spent a long time doing it in various forms, culminating in building and running the VM program for Robinhood a wh...

CSA Community Spotlight: Auditing Cloud Security with CEO David Forman

Blog Published: 12/12/2024

As we celebrate 15 years of advancing cloud security, the Cloud Security Alliance (CSA) reflects on our role as the world’s leading organization dedicated to establishing and promoting best practices in cloud computing. Among our many initiatives, our auditing and compliance efforts stand out as ...

It’s Time for Ushered Access to Replace Free Reign for Third-Party Partners

Blog Published: 12/12/2024

Originally published by CXO REvolutionaries.Written by Maneesh Sahu, Contributor, Zscaler.Consider a familiar scene for office goers. Upon entering the building, employees, long-term contractors, and building staff typically swipe a key fob or a mobile key to gain access to the company office spa...

Level Up Your Cloud Security Skills With This Jam-Packed Training Bundle

Blog Published: 12/11/2024

Written by Kayla Mauriello.Seasoned cybersecurity professionals from CTOs to developers are facing a challenging situation: organizations transitioning to new cloud architecture are invariably exposed to new vulnerabilities that traditional security measures don’t address. Keeping pace with the e...

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

Blog Published: 12/11/2024

Written by Ella Siman, Wing Security.Originally published by The Hacker News.With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are a...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
1
3
4
5
Last »