ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

All Articles
3 Aspects of the FedRAMP Assessment Process: What Do You Need to Provide?

Blog Published: 01/12/2023

Originally published by Schellman. Written by Andy Rogers, Schellman. Ever watched a personal trainer conduct a workout on social media? Throwing up weights like they’re nothing or repping for what seems like hours before a water break—they make it look so easy. So much so that many people wat...

Everything You Need to Know About HITRUST Certification

Blog Published: 01/13/2023

Originally published by A-LIGN. Written by Blaise Wabo, A-LIGN. HITRUST is a standards organization focused on security, privacy and risk management. The organization developed the HITRUST CSF to provide healthcare organizations with a comprehensive security and privacy program. This program w...

Five Steps Towards Building a Better Data Security Strategy

Blog Published: 01/17/2023

Originally published by Lookout. Written by Sundaram Lakshmanan, CTO of SASE Products, Lookout. In the past when organizations had a new security need, they would meet that need by purchasing a new security product. But that approach is how we ended up with an average of 76 security tools ...

Mitigating Controls for Cloud-Native Applications: Why You Need Them

Blog Published: 01/17/2023

Originally published by Tigera. Written by Phil DiCorpo, Tigera. Fixing vulnerabilities can be hard—especially so for cloud-native applications. Let’s take a deeper look at why this is, and how mitigating controls can help secure your cloud-native applications.Vulnerabilities are like earthqua...

The Discovery of a Massive Cryptomining Operation Leveraging GitHub Actions

Blog Published: 01/18/2023

Originally published by Sysdig on October 25, 2022. Written by Crystal Morin, Sysdig. The Sysdig Threat Research Team (Sysdig TRT) recently uncovered an extensive and sophisticated active cryptomining operation in which a threat actor is using some of the largest cloud and continuous integrati...

5 Steps to Managing Third-Party Risk in the Healthcare Industry

Blog Published: 01/21/2023

Written by the Health Information Management Working Group. Healthcare organizations are struggling to identify, protect, detect, respond, and recover from third-party or vendor-related data breaches, vulnerabilities, and threat events. The number of third-party vendors that handle sensitive d...

What is a Cloud Incident Response Plan?

Blog Published: 01/28/2023

Written by the Cloud Incident Response Working Group. In today’s connected era, a comprehensive incident response strategy is an integral aspect of any organization aiming to manage and lower its risk profile. Many organizations and enterprises without a solid incident response plan have been ...

Protect Your Organization from BlackCat Ransomware Attacks

Blog Published: 01/18/2023

Originally published by Titaniam. Where there is value for organizations online, there will be a cybercriminal ready with a ransomware attack to exploit it. Since they first emerged in December of 2021, BlackCat Ransomware has become another example of a ring of cybercriminals who practice the...

Enabling Secure Cloud Migration to Enterprise Cloud Environments

Blog Published: 01/20/2023

Written by Andy Packham, Chief Architect and Senior Vice President, Microsoft Business Unit, and Syam Thommandru, Global Alliances and Product Management, Cybersecurity & GRC Services, HCLTech. Global enterprises are at an exciting new threshold of possibilities in the new normal. As remot...

Double Trouble for Cyberinsurers

Blog Published: 01/20/2023

Originally published by Ericom Software. Written by Stewart Edelman, Ericom Software. Read Part 1 of this blog, "How Well Will Cyberinsurance Protect You When You Really Need It?," here. Times are tough for insurers, who face two distinct types of cybersecurity challenges: profiting from the...

Why Your Cloud Services Need the CSA STAR Registry Listing

Blog Published: 01/20/2023

Originally published by CAS Assurance. What is the CSA STAR Registry? The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry maintained by CSA and it documents the security, privacy and compliance postures of the cloud services ...

Cloud Economics: A Federal Perspective

Blog Published: 01/24/2023

Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. Migration to the cloud ecosystem has had a profound impact on all aspects of business, as the cloud provides many benefits and gives an enterprise a strategic advantage. The application...

New Study Examines Application Connectivity Security in the Cloud

Press Release Published: 01/18/2023

Companies encountering numerous pain points as they seek to manage application connectivity security and riskSEATTLE – Jan. 18, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure ...

To Secure the Atomized Network, Don’t Bring a Knife to a Gunfight

Blog Published: 01/23/2023

Originally published by Netography. Written by Martin Roesch, CEO, Netography. You don’t bring a knife to a gunfight. Yet, that’s exactly what we’re doing when we try to secure today’s atomized networks with piecemeal approaches and network security architectures designed decades ago. To fully...

Designing for Recovery: Infrastructure in the Age of Ransomware

Blog Published: 01/23/2023

Originally published by Nasuni. Written by Joel Reich, Nasuni. The menace of ransomware is driving increased security spending as organizations try to harden their systems against potential attacks, but ransomware is a new kind of threat. You can’t simply deploy tools to defend against the mal...

Oops, I Leaked It Again — PII in Exposed Amazon RDS Snapshots

Blog Published: 01/24/2023

Originally published by Mitiga on November 16, 2022. Written by Ariel Szarf, Doron Karmi, and Lionel Saposnik. TL; DR: The Mitiga Research Team recently discovered hundreds of databases being exposed monthly, with extensive Personally Identifiable Information (PII) leakage. Leaking PII in th...

Egress URL Filtering: The Most Important Cloud Security Control You’re Probably Missing

Blog Published: 01/25/2023

Originally published by Valtix. Written by Vijay Chander, Valtix. As we work with enterprise cloud security architects daily, it’s abundantly clear that one of the top priorities in 2023 is how to standardize security policy enforcement through improved network architecture across project team...

On the Criticality of SDLC Context for Vulnerability Remediation

Blog Published: 01/25/2023

Originally published by Dazz. Written by Eyal Golombek, Director of Product Management, Dazz. Risk can go undetected when full context of the SDLC is missing Risk to cloud environments originates from multiple possible sources. Managing cloud risk requires a deep understanding of how that risk...

What Are the DoD Cloud Computing Security Assessment Requirements?

Blog Published: 01/26/2023

Originally published by Schellman. Written by Jon Coffelt, Schellman. When you compare the two tallest mountains in the world—K2 and Everest—some of the facts might surprise you. For instance, did you know that K2’s climbing route is more technical than that of the tallest mountain in the worl...

5 Timely SaaS Security Recommendations for 2023

Blog Published: 01/27/2023

Written by Jesse Butts, Head of Content & Communications, AppOmni. While our colleagues were winding down for the holidays, cybersecurity professionals spent the tail-end of 2022, and first week of 2023, responding to major SaaS breaches. Late December ushered in disclosures of Okt...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.