Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog

All Articles

Home
All Articles
Minimizing your Data Attack Surface in the Cloud

Blog Published: 12/27/2022

Originally published by Sentra. Written by Ron Reiter, CTO, Sentra. The cloud is one of the most important developments in the history of information technology. It drives innovation and speed for companies, giving engineers instant access to virtually any type of workload with unlimited sca...

Sealing Off Your Cloud’s Blast Radius

Blog Published: 12/28/2022

Originally published by Ermetic. Migrating to the cloud? Cloud security requires a shift in mindset from traditional on-premises security. Implementing relevant principles and practices, like for permissions management, can mitigate vulnerabilities and significantly reduce the blast radius of ...

News of Note: Accounting for Those Good Days

Blog Published: 12/23/2022

Recently, on one of my social media feeds, someone posted a supposed quote by Charles Darwin that left me gobsmacked, yet also piqued my curiosity because of its self-deprecating, negative, and also quite relatable nature. I was compelled to do some digging to see if it was really true – that ...

5 Key Takeaways from the 2022 Compliance Benchmark Report

Blog Published: 12/28/2022

Originally published by A-LIGN. Written by Patrick Sullivan, A-LIGN. Our 2022 Compliance Benchmark Report detailed how organizations are navigating the current compliance landscape, as well as how they are preparing for the future. By surveying more than 200 cybersecurity, IT, quality assuranc...

How to Prevent Account Takeover Fraud

Blog Published: 12/29/2022

Originally published by TokenEx. Written by Anni Burchfiel, TokenEx. Quick Hits:Account takeover fraud is the most popular kind of cyberattack for hackers looking to make a large sum of money quickly.Businesses affected by account takeover attacks (ATOs) often lose large numbers of customers d...

5 Tips for Successfully Navigating C-Suite and Board Communication as a CISO

Blog Published: 12/29/2022

Originally published by Blue Lava. Written by the Beacon Digital Team. Even the most experienced CISOs can struggle to communicate effectively with their Board of Directors and Executive team. This is not a surprise given the challenges CISOs are commonly up against, which include:Having very ...

How to Improve Your Kubernetes Security Posture

Blog Published: 01/03/2023

Originally published by Sysdig. Written by Alba Ferri, Sysdig. KSPM or Kubernetes Security Posture Management refers to the security state and capabilities in place to manage the defense of the Kubernetes clusters and the workloads running on top of it. It also includes how well it can predict...

CSA STAR Certification – Supporting Cloud Trust

Blog Published: 01/04/2023

Originally published by MSECB. Written by Mark Lundin, MSECB. Value of CSA STAR Certification for CSPs Cloud Security Alliance (CSA) STAR Certification is a strong tool to help cloud service providers evaluate and improve their cybersecurity controls while certifying against a well-respe...

How To Understand Impact Through Asset Management and Threat Intelligence, Part 3

Blog Published: 01/03/2023

Originally published by Axonius. Written by Katie Teitler, Axonius. In part one and part two of this series, we defined what cyber asset intelligence is, how — combined with threat intelligence — it informs cyber asset management as a way to decrease risk, and how organizations can start to bu...

How to Control (Maneuver) the Post-IdP Wasteland

Blog Published: 01/04/2023

Originally published by DoControl. Written by Tony Klor, DoControl. In a world where digital transformation is the new normal and employees are more mobile than ever, organizations are inundated with managing often highly sensitive Software as a Service (SaaS) application data. To meet these d...

Combat Attacks Where They Most Often Start: Applications

Blog Published: 01/04/2023

Originally published by TrueFort. Written by Mike Powers, TrueFort. The application environment is one of the most targeted among cyber criminals and has reached a point where organizations can no longer pose the question of “if” there will be an attack on, but “when” there is an attack. The a...

Definitive Guide to Hybrid Clouds, Chapter 3: Understanding Network Visibility in the Hybrid Cloud

Blog Published: 01/05/2023

Originally published by Gigamon. Written by Stephen Goudreault, Gigamon. Editor’s note: This post explores Chapter 3 of the “Definitive Guide™ to Network Visibility and Analytics in the Hybrid Cloud.” Read Chapter 1 and Chapter 2, and check back for future posts covering Chapters 4–7.Migrating...

Could Double Extortion Prompt a Public Health Crisis?

Blog Published: 01/05/2023

Originally published by CXO REvolutionaries on November 15, 2022. Written by Kyle Fiehler, Senior Transformation Analyst, Zscaler. Ransomware actors targeting Australia’s most prominent healthcare insurer have taken the gloves off. After Medibank refused to pay a ransom for the return of data ...

From Access-Centric Security to Data-Centric Security

Blog Published: 01/05/2023

Originally published by Lookout. Written by Maria Teigeiro, Lookout. In the early days of internet security, an access-centric security model made sense. Access lists on routers were complemented by firewalls and, later, intrusion detection systems. Given the processing capacity available ...

Fake MSI Afterburner Sites Delivering Coin-Miner

Blog Published: 01/06/2023

Originally published by Cyble on November 23, 2022. Stealthy Miner Bypasses Detection Using Shellcode And Process Injection Gamers and other high-performance computing users use various utility software tools such as MSI Afterburner, which monitors system performance and allows users to modify...

Threat Detection for Your Multi-Cloud Environment

Blog Published: 01/06/2023

Originally published by Netography. Written by Dan Ramaswami, VP Field Engineering, Netography. We’re at a tipping point with respect to how we think about the cloud and security. Now, 89% of organizations report having a multi-cloud strategy, and 80% are using both public and private clouds. ...

CCSK Success Story: From a Cybersecurity and Privacy Officer

Blog Published: 01/06/2023

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverag...

Managing Cloud Security in a Multicloud Environment (Part 2)

Blog Published: 01/09/2023

Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. As discussed in my last article, to date, most known security incidents in the cloud have been the fault of the customer rather than that of the cloud security provider (CSP). And yet, ...

How Well Will Cyberinsurance Protect You When You Really Need It?

Blog Published: 01/09/2023

Originally published by Ericom Software. Written by Stewart Edelman, Chief Financial Officer, Ericom Software. According to a report from Hiscox, a UK-based insurer with over 3,000 employees across 14 countries, 20% of the more than 5,000 businesses surveyed responded that a cyberattack had ne...

Cloud Security and Compliance Best Practices: Highlights from the CSA Cloud Controls Matrix

Blog Published: 01/09/2023

Written by James Alaniz, Rapid7. Depending on what report you read, the percentage of organizations that have adopted multiple cloud platforms has soared and continues to rise exponentially. According to Gartner, by 2026 more than 90% of enterprises will extend their capabilities to multi-clou...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
121
122
123
125
127
128
129
Last »