Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
Overview of Digital Transformation Security: What, How, and Why?

Blog Published: 02/06/2023

A version of this blog was originally published by ScaleSec. By Justin Travis, ScaleSec. Cloud Security Alliance and ScaleSec are pleased to co-publish this security deep dive into Digital Transformation as part of promoting the upcoming Virtual CSA FinCloud Security Summit. Cloud Security A...

Data Privacy Week - A Commitment for the Entire Year

Blog Published: 02/07/2023

Originally published by Skyhigh Security on January 23, 2023. Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. Nowadays, when you download a new app, open a new online account, join a new social media platform or use a majority of online services—you will typically be ...

Maximizing the Benefits of Your SOC 2 Audit

Blog Published: 02/08/2023

Originally published by CAS Assurance. What is the purpose of SOC 2 audit? System and Organization Controls (SOC 2) audit focuses on the controls at a Service Organization relevant to the Security, Availability, Processing Integrity, Confidentiality, and Privacy of both the system and informat...

Using Automated Just-in-Time (JIT) to Reach Least Privilege – A Guide

Blog Published: 02/09/2023

Originally published by Ermetic. Privileged access and elevated permissions expose organizations to vulnerabilities that could be exploited. On-premises, security teams often use PAM tools for managing these types of risks. But for cloud operations, PAM tools are insufficient as they are built...

What’s the Difference Between ISO 27001:2013 and ISO 27001:2022?

Blog Published: 02/10/2023

Originally published by A-LIGN. Written by Adam Lubbert, A-LIGN. At the end of October 2022, the International Organization for Standardization (ISO) published a new version of ISO/IEC 27001:2022. ISO 27001 is the world’s leading information security standard, providing control requirements to...

Access Control Review: Addressing Challenges and Ensuring Compliance in Cloud Service Consumers

Blog Published: 02/10/2023

Written by members of the CSA IAM Working Group and the Zero Trust Working Group's Identity Subgroup. An access control review is a process of evaluating and analyzing an organization's access control system to ensure that it is functioning properly and effectively. Access control systems are ...

Paying Ransom: Why Manufacturers Shell Out to Cybercriminals

Blog Published: 02/13/2023

Originally published by Dark Reading and CXO REvolutionaries. Written by Ben Corll, CISO - Americas, Zscaler. Everyone in information security knows ransomware actors target different industries for different reasons. Some are seen as flush with cash. Some have obvious reasons for needing to r...

Why You Need Active Cloud-Native Application Security

Blog Published: 02/14/2023

Originally published by Tigera. Written by Ratan Tipirneni, Tigera. First-generation security solutions for cloud-native applications have been failing because they apply a legacy mindset where the focus is on vulnerability scanning instead of a holistic approach to threat detection, threat pr...

What is the Timeline for the FedRAMP Process?

Blog Published: 02/15/2023

Originally published by Schellman. Written by Andy Rogers, Schellman. Ever watched Jeopardy? Even if you haven’t, you’re likely familiar with the iconic theme music that plays every time contestants deliberate over their answers—it’s such an iconic tune that it’s become synonymous with waiting...

Protecting Source Code in the Cloud with DSPM

Blog Published: 02/23/2023

Originally published by Sentra. Written by Daniel Suissa, Software Engineer, Sentra. Source code lies at the heart of every technology company’s business. Aside from being the very blueprint upon which the organization relies upon to sell its products, source code can reveal how the business...

Protecting Data and Promoting Collaboration During Times of Change

Blog Published: 03/01/2023

Originally published by Lookout. Written by Hank Schless, Senior Manager, Security Solutions, Lookout. When it comes to the way we work, change is now the status quo — and it often happens so quickly that security teams have a tough time keeping up. Organizations that try to keep using the...

Cloud First to Cloud Smart: A Strategic Shift

Blog Published: 02/13/2023

Originally published by Tata Communications. Written by Rajesh Awasthi, Vice President & Global Head of Managed Hosting and Cloud Services, Tata Communications. The term ‘digital transformation’ has evolved for businesses, particularly in the last decade. What once meant a simple shift to ...

What You Need to Know About the Daixin Team Ransomware Group

Blog Published: 02/15/2023

Originally published by Titaniam. Ransomware attacks are common and becoming more creative. However, as attackers evolve, so do their decisions of targets and methodology. As of October 2022, the FBI’s Internet Crime Complaint Center (IC3) holds victim reports across all 16 critical infrastru...

5 Reasons Your NDR Project Missed The Mark

Blog Published: 02/16/2023

Originally published by Netography. Written by Mal Fitzgerald, Sales Engineer, Netography. I’ve seen it time and again. You read about the SOC Visibility Triad, with its corner for Network Detection and Response (NDR) and thought, “That makes complete sense” and, truth be told, I completely ag...

How Global Conflicts Influenced Cyber Attack Behaviors

Blog Published: 02/16/2023

Originally published by Sysdig. Written by Michael Clark, Sysdig. The conflict between Russia and Ukraine includes a cyberwarfare component with government-supported threat actors and civilian hacktivists taking sides.The goals of disrupting IT infrastructure and utilities have led to a 4-fold...

Five Easy Cybersecurity Predictions for 2023

Blog Published: 02/16/2023

Originally published by TrueFort. Written by Nik Hewitt, TrueFort. It’s that time of year again when cybersecurity professionals consult our tea leaves and are obliged to play augury for the year to come. This year, however, it feels like the writing is already on the wall, and several glaring...

The Advantages of eBPF for CWPP Applications

Blog Published: 02/23/2023

Originally published by SentinelOne. Written by Rick Bosworth, SentinelOne. Extended Berkeley Packet Filter (eBPF) is a framework for loading and running user-defined programs within the Linux OS kernel, to observe, change, and respond to kernel behavior without the destabilizing impact of...

5 Data Security Trends You Might Be Missing

Blog Published: 02/21/2023

Originally published by Rubrik. Written by Atul Ashok, Rubrik. Malware is becoming more sophisticated, and it would be impossible to prevent and defend from every single cyber threat out there. As the digital dependence of enterprises grows in tandem with the enterprise’s growth, we are seeing...

CISO Survival Guide: Vital Questions to Help Guide Transformation Success

Blog Published: 02/22/2023

Originally published by Google Cloud. Written by Anton Chuvakin, Security Solution Strategy, and David Stone, Office of the CISO, Google Cloud. Part of being a security leader whose organization is taking on a digital transformation is preparing for hard questions – and complex answers – on ho...

Zero Trust Security: The Guide to Zero Trust Strategies

Blog Published: 02/27/2023

Originally published by Titaniam. Companies today face more and more security risks. Ransomware is on the rise, and cybercriminals are beginning to breach critical infrastructure with new techniques. In an effort to reduce the frequency and severity of these attacks, the United States governme...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
125
126
127
129
131
132
133
Last »