Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
Save Your Data and Your Sanity

Blog Published: 02/28/2023

Originally published by Rubrik. Written by Jeff Inouye, Rubrik. I recently read a technology forum post where a system administrator described symptoms of post-traumatic stress disorder after their company was attacked by ransomware. The recent State of Data Security report from Rubrik Zero La...

How to Combat Corporate Fraud and Corruption: A Hands-On Approach

Blog Published: 02/17/2023

Written by Alex Vakulov. Businesses are facing significant challenges from fraud and corruption. These issues result in financial losses and harm the company's reputation. Furthermore, it creates a hostile environment within the organization. Let's see how to prevent fraud and corruption in yo...

Is Breach Fatigue the New Norm?

Blog Published: 02/21/2023

Originally published by CXO REvolutionaries. Written by Erik Hart, Global CISO, Cushman & Wakefield. How numb is the public to security failures? One of the trickiest security topics involves the shifting relationship between security and privacy. Twenty years ago, people saw these areas a...

CSA ZTAC: Addressing the Challenges of Implementing Zero Trust

Blog Published: 02/16/2023

Catching up with industry friends and other professional contacts about the developments of our Zero Trust Advancement Center (ZTAC) and the various activities underpinning it during industry events has proven pretty enlightening. Establishment or even implementation of zero trust (ZT) strateg...

10 SaaS Governance Best Practices to Protect Your Data

Blog Published: 02/17/2023

Written by the SaaS Governance Working Group. In the context of cloud security, the focus is almost always on securing Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) environments. This is despite the reality that while organizations tend to consume 2-3 IaaS providers, they...

How to Implement CIEM – A Checklist

Blog Published: 02/22/2023

Originally published by Ermetic. CIEM solutions provide visibility into cloud identities to secure access management. With cloud adoption growing and entitlements taking center stage as the security boundary in the cloud, more organizations are looking for the right security solution for their...

Not All Sandboxes Are for Children: How to Secure Your SaaS Sandbox

Blog Published: 02/22/2023

Originally published by Adaptive Shield. Written by Hananel Livneh, Adaptive Shield. When creating a Sandbox, the mindset tends to be that the Sandbox is considered a place to play around, test things, and there will be no effect on the production or operational system. Therefore, people don’t...

The Changing Role of the CISO in 2023

Blog Published: 02/24/2023

Originally published by TrueFort. Written by Nik Hewitt, TrueFort. It’s the year of the water rabbit. It’s also the year of the nation-state ransomware attack. The role of the Chief Information Security Officer (CISO) has gone through a significant evolution in recent years. As technology and ...

5 Ways Compliance Technology Improves Audit Processes

Blog Published: 02/24/2023

Originally published by A-LIGN. Compliance is alluring to clients, as they are often drawn to organizations that show a dedication to established security frameworks. However, the process of becoming (and remaining) compliant can be time-consuming and expensive. With limited resources restrict...

Key Facts and Benefits of ISO 27018

Blog Published: 02/27/2023

Originally published by Schellman & Co. Written by Jordan Hicks. "Even when clouds grow thick, the sun still pours its light earthward." The poet Mark Nepo wasn’t speaking about cloud security when he wrote that, but it makes for a lyrical way to consider the landscape. As a cloud provider...

Cloud CISO Perspectives: January 2023

Blog Published: 02/27/2023

Originally published by Google Cloud. Written by Phil Venables, VP and Chief Information Security Officer, Google Cloud. Welcome to January’s Cloud CISO Perspectives. This month, we’re going to catch up with a few of the cloud security megatrends that I described a year ago, and see how they a...

Modernizing Assurance for Cloud and Beyond

Blog Published: 02/28/2023

Since we launched in 2009, organizations around the world have looked to the Cloud Security Alliance to see what we might be able to offer to assist them in addressing assurance issues with the cloud services they were beginning to use. Fast forward to 2023, this has grown into a critical aspe...

OWASSRF: New Exploit Method Identified for Exchange Bypassing ProxyNotShell Mitigations

Blog Published: 03/01/2023

Originally published by CrowdStrike. CrowdStrike recently discovered a new exploit method (called OWASSRF) consisting of CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access (OWA). The new exploit method bypasses URL rewrite mitigations for the Au...

The Real Cost of Cryptomining: Adversarial Analysis of TeamTNT

Blog Published: 03/06/2023

Originally published by Sysdig on November 16, 2022. Written by Nicholas Lang, Sysdig. TeamTNT is a notorious cloud-targeting threat actor, who generates the majority of their criminal profits through cryptojacking. Sysdig TRT attributed more than $8,100 worth of cryptocurrency to TeamTNT, whi...

Why Making Ransomware Payments Illegal Could Backfire

Blog Published: 02/28/2023

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO - Americas, Zscaler. A debate swirling since at least last summer – about the wisdom of banning compromised companies from making payments to ransomware actors – was sparked again recently when Australia broached the possi...

Zoom Users At Risk In Latest Malware Campaign

Blog Published: 03/07/2023

Originally published by Cyble on January 5, 2023. Modified Zoom App Employed In Phishing Attack To Deliver IcedID Malware Zoom is a video conferencing and online meeting platform that allows users to host virtual meetings, webinars, and video conference calls. It is available on various device...

Not a SIMulation: Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies

Blog Published: 03/09/2023

Originally published by CrowdStrike. CrowdStrike Services reviews a recent, extremely persistent intrusion campaign targeting telecommunications and business process outsourcing (BPO) companies and outlines how organizations can defend and secure their environments. CrowdStrike Services has pe...

Ransomware Recovery: RTO and Optimizing the Recovery Process

Blog Published: 03/13/2023

Originally published by Rubrik. Written by James Knott and Steve Stone. Recovery Time Objectives (RTOs) are on everyone’s mind. It bears repeating, one of the most fundamental ways to reduce recovery time from a ransomware or cybersecurity attack is being well prepared and ready to take action...

Definitive Guide to Hybrid Clouds, Chapter 5: Threat Detection and Response in the Hybrid Cloud

Blog Published: 03/02/2023

Originally published by Gigamon. Written by Stephen Goudreault, Gigamon.Editor’s note: This post explores Chapter 3 of the “Definitive Guide™ to Network Visibility and Analytics in the Hybrid Cloud.” Read Chapter 1, Chapter 2, Chapter 3, and check back for future posts covering Chapters 6 and ...

5 Key Findings for Cloud Data Security Professionals from ESG's Survey

Blog Published: 03/02/2023

Originally published by Sentra. Securing sensitive cloud data is a key challenge and priority for 2023 and there's increasing evidence that traditional data security approaches are not sufficient. Recently, Enterprise Strategy Group surveyed hundreds of IT, Cloud Security, and DevOps professio...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
126
127
128
130
132
133
134
Last »