Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

All Articles

All Articles
It’s Time to Throw Away the Manual with Evidence Collection

Blog Published: 05/20/2024

Originally published by RegScale.Written by Larry Whiteside Jr.In today’s complex and ever-changing regulatory environment, it is more important than ever for organizations to have a strong compliance program in place. However, manually gathering compliance data can be a time-consuming and ineffi...

Exploring Syscall Evasion – Linux Shell Built-ins

Blog Published: 05/20/2024

Originally published by Sysdig.Written by Jason Andress.This is the first article in a series focusing on syscall evasion as a means to work around detection by security tools and what we can do to combat such efforts. We’ll be starting out the series discussing how this applies to Linux operatin...

Two Effective Strategies to Reduce Critical Vulnerabilities in Applications

Blog Published: 05/20/2024

Originally published by CrowdStrike.Securing custom applications in a sea of vulnerabilities is daunting. To make the task even more challenging, the threat to applications continues to grow: 8 out of the top 10 data breaches last year were related to application attack surfaces.This blog details...

Apple's New iMessage, Signal, and Post-Quantum Cryptography

Blog Published: 05/17/2024

Written by Denis Mandich, Member of the CSA Quantum-Safe Security Working Group and CTO of Qrypt.Apple recently updated their iMessage application with stronger security features, adopting cryptography believed to be secure against attack by quantum computers. They use common end-to-end encryptio...

The Risk and Impact of Unauthorized Access to Enterprise Environments

Blog Published: 05/17/2024

Originally published by StrongDM.Unauthorized access poses serious threats to businesses, compromising sensitive information and disrupting operations. Cybercriminals leverage vulnerabilities through advanced phishing attacks and API security breaches, underscoring the necessity for companies to ...

Automated Cloud Remediation – Empty Hype, Viable Strategy, or Something in Between?

Blog Published: 05/17/2024

Originally published by Tamnoon.Written by Idan Perez, CTO, Tamnoon.What role does automation play in cloud remediation? Will it replace or simply augment the role of security and R&D teams?Over 60% of the world’s corporate data now resides in the cloud, and securing this environment has beco...

Securing Generative AI with Non-Human Identity Management and Governance

Blog Published: 05/16/2024

Originally published by Oasis Security.Written by Joel McKown, Solutions Engineer, Oasis Security.There are many inevitabilities in technology, among them is that rapid innovation will introduce unique risks and 3 letter acronyms will abide. Generative AI conversations have become top of mind, as...

2024 State of SaaS Security Report Shows A Gap Between Security Team Confidence And Complexity of SaaS Risks

Blog Published: 05/16/2024

Originally published by Valence.Written by Jason Silberman.Valence Security has released the 2024 State of SaaS Security Report. Among the primary themes we saw in the report—which combines an industry survey with data collected by Valence from hundreds of real enterprise SaaS applications—is a c...

Navigating Cloud Security Best Practices: A Strategic Guide

Blog Published: 05/15/2024

As cloud computing continues to be a pivotal force in IT infrastructure, it’s crucial for organizations to understand and use effective cloud security strategies to protect their data. This blog provides a short guide based on CSA’s Security Guidance, showing key ways to secure cloud environments...

How to Design an IT Service Model for End User Happiness

Blog Published: 05/15/2024

Originally published by Automox.Episode SummaryThis episode of Automate IT with David van Heerden explores the topic of end user happiness and how it relates to automation in IT. David discusses two different approaches taken by ISPs to improve customer satisfaction: a tech-driven automation solu...

Cloud Security Alliance and SAFECode Release Sixth and Final White Paper in Its Six Pillars of DevSecOps Series

Press Release Published: 05/15/2024

Document promotes and demonstrates the importance of clear measurements for security performance in DevSecOpsSEATTLE – May 15, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure clo...

Building Trust Through Vendor Risk Management

Blog Published: 05/15/2024

Originally published by BARR Advisory.Written by Brett Davis.In today’s business landscape, relationships are paramount. But while the focus often lies on customer relationships, relationships with vendors are equally crucial. Establishing trust with vendors facilitates smooth operations and stre...

Unveiling the Dark Arts of Exploiting Trust

Blog Published: 05/14/2024

Originally published by CXO REvolutionaries. Written by Tony Fergusson, CISO in Residence, Zscaler.Trust is a fundamental aspect of human interaction, forming the foundation of relationships and societal harmony. However, trust can be deceptive, concealing hidden vulnerabilities that emerge when ...

The Importance of Securing Your Organization Against Insider and Offboarding Risks

Blog Published: 05/14/2024

Written by Wing Security.Offboarding employees may seem like a routine administrative task, but the security risks it poses are anything but ordinary. In today's interconnected digital landscape, failing to properly revoke access for departing employees can lead to catastrophic data breaches, com...

What is Management Plane (Metastructure) Security

Blog Published: 05/13/2024

Written by Ashwin Chaudhary, CEO, Accedere.Metastructure refers to the protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration as per Cloud Security Alliance's Security ...

New SEC Rules: Material Incident Reporting Through Cybersecurity Disclosures

Blog Published: 05/13/2024

Originally published by Cyera.Written by Jonathan Sharabi.The Securities and Exchange Commission (SEC) rules set forth on July 26th, 2023, require that nearly all companies that file documents with the SEC (“registrants”) must describe the processes and management procedures they use to assess, i...

5 Best Practices to Secure Your Azure Resources

Blog Published: 05/13/2024

Originally published by CrowdStrike.Cloud computing has become the backbone for modern businesses due to its scalability, flexibility and cost-efficiency. As organizations choose cloud service providers to power their technological transformations, they must also properly secure their cloud envir...

Zero Trust & Identity and Access Management: Mitigating Shadow Access

Blog Published: 05/10/2024

Written by the CSA Identity and Access Management Working Group.In today's digitally interconnected landscape, understanding the intricacies of Identity and Access Management (IAM) is imperative for safeguarding organizational assets. A looming threat to IAM is Shadow Access. This insidious menac...

How Continuous Controls Monitoring Brings IT Unity & Agility

Blog Published: 05/10/2024

Originally published by RegScale.Written by Larry Whiteside Jr.Throughout my tenure as an operational CISO, there were countless moments when I yearned for things to unfold in a more streamlined manner. I had a clear vision for my team, which frequently grappled with being overburdened, understaf...

A Risk-Based Approach to Vulnerability Management

Blog Published: 05/10/2024

Written by Devin Maguire, ArmorCode.Security and risk are related but not synonymous. Security prevents, detects, and responds to attacks and is a key variable in the broader category of risk management. Risk management weighs the probability and impact of adverse events across the organization t...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.