Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
Too Much Trust in the Cuckoo’s Nest

Blog Published: 03/22/2023

Originally published by CXO REvolutionaries. Written by Kyle Fiehler, Senior Transformation Analyst, Zscaler. Editor’s note: The world’s first cyber thriller anticipated zero trust more than three decades before it was born. And yes, this article could be a spoiler for some readers.I didn’t re...

Becoming Cyber Resilient—Cybersecurity Trends to Watch in 2023

Blog Published: 03/23/2023

Originally published by BARR Advisory. Written by Kyle Cohlmia. According to the 2022 IBM Cost of Data Breach report, 83% of organizations surveyed experienced more than one data breach with an average total cost of $4.35 million. This cost was an all-time high for 2022 and a 2.6% increase fro...

Cascading and Concentration Risk: How do They Impact Your Digital Supply Chain?

Blog Published: 03/24/2023

Originally published by Black Kite. Written in part by Jeffrey Wheatman, Cyber Risk Evangelist. Within the world of third party risk, cascading and concentration risk have been the buzz of conversation as large events are frequently tied back to this explanation of risk. It is becoming increas...

What Does the M-21-31 Requirement Mean for Federal Agencies?

Blog Published: 03/28/2023

Originally published by Axonius. Written by Tom Kennedy. The cybersecurity memorandum M-21-31, from the Office of Management and Budget, provides guidance on how to stop this type of leapfrogging before it can begin. M-21-31 focuses on visibility and incident response, and establishes a fo...

Survey Says: Leaders are Doubling Down on Cloud for Stability and Financial Resilience

Blog Published: 03/28/2023

Originally published by Google Cloud. Written by Blair Franklin, Contributing Writer, Google Cloud. While the future is uncertain, one thing is clear: decision makers are looking to the cloud to help prepare for whatever lies ahead. Cloud computing has come a long way since 2012, when one i...

How To Achieve InfoSec When Your Tools Do InfraSec

Blog Published: 03/27/2023

Written by Ravi Ithal, Cofounder and Chief Technology Officer, Normalyze. Originally published by Forbes. “Brings a knife to a gunfight,” sneers Sean Connery while aiming a sawed-off shotgun at the knife-wielding intruder. Since that line in the 1987 movie The Untouchables, we’ve heard the sam...

What is Microsegmentation?

Blog Published: 03/27/2023

Originally published by TrueFort. Written by Nik Hewitt. Microsegmentation: The Zero Trust “best practice” becoming “standard practice.” Often described by the broader term ‘Zero Trust,’ which is the name given to the overall security model, microsegmentation is the industry-recognized best pr...

Your Cloud SDLC is a Goat Rodeo. Here are 6 Steps to Wrangle It.

Blog Published: 03/27/2023

Originally published by Dazz. Written by Julie O’Brien, CMO and Matt Brown, Solutions Engineer, Dazz. Companies are developing software in the cloud in a big way. The cloud has opened up a world of possibilities for application makers, enabling flexible architectures and ever more efficient wa...

The 5 Stages to DevSecOps

Blog Published: 03/25/2023

Written by the DevSecOps Working Group. Organizations have a wide array of tools and solutions to choose from when implementing security into their Software Development Lifecycle (SDLC). Since every SDLC is different in terms of structure, processes, tooling, and overall maturity, there is no ...

MITRE ATT&CK® Mitigations: Thwarting Cloud Threats With Preventative Policies and Controls

Blog Published: 03/28/2023

Originally published by Rapid7. Written by James Alaniz. As IT infrastructure has become more and more sophisticated, so too have the techniques and tactics used by bad actors to gain access to your environment and sensitive information. That’s why it's essential to implement robust security m...

Focusing on Endpoints Distracts from Effective Security

Blog Published: 03/29/2023

Originally published by CXO Revolutionaries. Written by Gary Parker, Field CTO - AMS, Zscaler. Endpoint security is a pivotal aspect of cybersecurity, but should it be a primary focus for CISOs? During the early days of networking (and through the early 2010s), focusing security efforts on end...

EmojiDeploy: Smile! Your Azure Web Service Just Got RCE’d ._.

Blog Published: 03/29/2023

Originally published by Ermetic. Written by Liv Matan. The EmojiDeploy vulnerability is achieved through CSRF (Cross-site request forgery) on the ubiquitous SCM service Kudu. By abusing the vulnerability, attackers can deploy malicious zip files containing a payload to the victim's Azure appli...

International Women’s Day: The Power of Diversity to Build Stronger Cybersecurity Teams

Blog Published: 04/05/2023

Originally published by Microsoft Security. Written by Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management, Microsoft. Women’s History Month is a special time for me as I reflect on all the great innovations women have made over the years. Women have drive...

News of Note: Building Bridges for Business and Beyond

Blog Published: 03/29/2023

One of my CISO friends and I met recently to catch up and discuss the current cybersecurity challenges and priorities at the organization he moved to six to eight months ago. His company is fully embracing cloud services and trying to wed these with some existing on-prem operations. However, t...

Assessing The Maturity of Your SaaS Security Program

Blog Published: 03/30/2023

Originally published by Grip Security. Written by Lior Yaari, CEO, Grip Security. Buying something as a service has clear benefits over the traditional method of purchasing software that are undeniable: no setup, lower costs, faster ROI, scalability, fast upgrades and universal accessibility. ...

Compliance in Italy: Navigating the New Cloud Italy Strategy

Blog Published: 03/30/2023

Originally published by Schellman. As the world becomes increasingly digital, governments around the world are taking measures to ensure the safety and security of their citizens' data. One such example is the recent Cloud Italy Strategy, initiated by the Italian Agency for National Cybersecur...

Understanding Identity and Access Management (IAM) and Authorization Management

Blog Published: 03/30/2023

Written by Alon Nachmany and Shruti Kulkarni of the CSA IAM Working Group. Introduction Identity and Access Management (IAM) is a crucial aspect of cybersecurity that ensures that only authorized individuals have access to sensitive information and resources. Within IAM, authorization manageme...

The Big Guide to Data Security Posture Management (DSPM)

Blog Published: 03/31/2023

Originally published by Dig Security. Written by Sharon Farber. DSPM is a crucial piece of your cloud security puzzle. Learn what it is, why it matters, and how to choose the best solution to protect your sensitive data while growing your business. What is DSPM? Data security posture managemen...

How to Avoid a Costly Data Breach in AWS with Automated Privileges

Blog Published: 03/31/2023

Originally published by Britive. An AWS data breach can have significant consequences, damaging an organization’s reputation and triggering an unpredictable and costly chain of events. Although AWS offers a highly secure cloud infrastructure, it operates on a shared responsibility model. For m...

Best Practices in Data Tokenization

Blog Published: 03/31/2023

Originally published by Titaniam. Tokenization is the process of replacing sensitive data with unique identifiers (tokens) that do not inherently have any meaning. Doing this helps secure the original underlying data against unauthorized access or usage.Tokenization was invented in 2001 to sec...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
129
130
131
133
135
136
137
Last »