Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
Cyber Tetris: Making Security Fall Into Place

Blog Published: 05/18/2023

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO - Americas, Zscaler. Security is often a thankless job. The only time it makes headlines is when it fails, or things go wrong. No one opens a web browser and pulls up a news feed about companies that have not been breached...

Understanding the Two Maturity Models of Zero Trust

Blog Published: 05/17/2023

Written by John Kindervag, Senior Vice President, Cybersecurity Strategy, ON2IT Cybersecurity. The top mistake in the Zero Trust world is monolithic thinking. There has become the belief that eating the entire elephant in one bite is possible. Organizations' top mistake is trying to deploy all...

CSA’s Enterprise Architecture: Information Technology Operation & Support

Blog Published: 05/19/2023

Written by CSA’s Enterprise Architecture Working Group. The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects, and risk management professionals to leverage a common set of solutions and controls. It can be used to assess op...

Why Lateral Movement Protection is Critical for Best Cybersecurity Practices

Blog Published: 05/22/2023

Originally published by TrueFort. A fortress of protection A castle has many layers of protection. A moat, a vallum, drawbridges, portcullises, gatehouses, barbicans, gates, towers, baileys, and layers of inner and outer walls. All designed to impede the progress of invaders and to prevent the...

5 Essential Components of a Cloud DLP Solution

Blog Published: 05/23/2023

Originally published by Dig Security. Written by Yotam Ben-Ezra. The DLP landscape has taken a long time to catch up with the realities of the public cloud. Below we’ll explain why we think DLP tooling developed in the on-premise era is no longer fit for purpose. We’ll then suggest an alternat...

Minimizing Cloud-Based Shadow IT Risks

Blog Published: 05/24/2023

Originally published by Skyhigh Security. Written by Shawn Dappen - Director, Systems Engineering, Skyhigh Security. One result of the recent pandemic is that many enterprises are moving to leverage the benefits of cloud-based applications and data. Over the past three years, the average nu...

The Top Five Challenges of Zero Trust Security

Blog Published: 05/24/2023

Written by Lior Yaari, CEO, Grip Security. Originally published by Forbes. Zero trust security is a model that has gained popularity as an effective solution to ensure that only authorized users can access critical information. With the rise of remote work and SaaS services, the traditional pe...

Hypervisor Jackpotting, Part 3: Lack of Antivirus Support Opens the Door to Adversary Attacks

Blog Published: 05/25/2023

Originally published by CrowdStrike. Since 2020, CrowdStrike has increasingly observed big game hunting (BGH) threat actors deploying Linux versions of ransomware tools specifically designed to affect VMWare’s ESXi vSphere hypervisor (read Part 1 and Part 2 of this series). In the first quarte...

News of Note: Promoting Independent Guidance, Expert Advice, and Frameworks for Cloud Security and Assurance

Blog Published: 05/25/2023

It seems ages ago, but this year’s RSA Conference proved robust and fruitful for many of us. On top of that, it gave us a chance to catch up with longtime industry friends we hadn’t seen in person for quite some time and furnished us with that treasured custom of sizing up trends as we walked ...

The Top 5 Cloud Security Risks of 2023 (So Far)

Blog Published: 05/30/2023

Originally published by Orca Security. Written by Bar Kaduri and Jason Silberman. As we approach the middle of 2023, we thought it an appropriate time to reflect on the cloud security risks and threats that we have seen so far this year. After careful analysis of aggregated scan resul...

What Are the 5 Key Areas of Cloud Security

Blog Published: 05/30/2023

Originally published by InsiderSecurity. Concerns of cloud data breaches are a key reason that cloud adoptions hit a roadblock in companies despite an eagerness to go “cloud first”. Despite the promise and flexibility that the cloud offers, security is something that companies cannot compromis...

Improving GuardDuty’s Data Exfiltration Protections

Blog Published: 05/31/2023

Originally published by Gem Security. Written by Itay Harel and Ran Amos. A few weeks ago, Gem’s threat research team discovered a technique that could have allowed an attacker to bypass AWS GuardDuty’s threat detection service. Using these methods, threat actors in possession of IAM activ...

Behind the Curtain: Hunting Leads Explained

Blog Published: 06/02/2023

Originally published by CrowdStrike. Most hunting enthusiasts agree that the thrill of hunting lies in the chase. Equipped with experience and tools of their trade, hunters skillfully search for signs of prey — a broken twig, a track in the mud. Threat hunters are no different. They search for...

What Might a Four-Day Work Week Mean for IT Security?

Blog Published: 05/26/2023

Originally published by CXO REvolutionaries. Written by Martyn Ditchburn, Director of Transformation Strategy, Zscaler. Now that the largest-ever pilot program for testing the feasibility of a four-day workweek has concluded in the U.K., it may be worth asking what the IT security implications...

Four Things You Need to Know Before Building a Secure SDLC

Blog Published: 05/26/2023

Originally published by Dazz. Written by Rotem Lebovich, Principal Product Manager, Dazz. The rapid evolution of cyber threats makes security a crucial element of your software development lifecycle (SDLC). When you build applications for employees or customers you need to make sure the final ...

Compromise Detection vs. Threat Detection: Why ‘Right of Boom’ Now

Blog Published: 05/30/2023

Originally published by Netography. Written by Matt Wilson, VP Product Management, Netography. In 2022, the average total cost of a data breach reached a record high of $4.35 million. And it took an average of 277 days – about 9 months – to identify and contain a breach. But when organizations...

Our Top 5 Cybersecurity Hacks

Blog Published: 05/31/2023

Originally published by Avanade. Written by Malcolm Barske and Jason Revill. On the 23rd of February, we gathered a panel of security experts to host a cybersecurity showcase at the exclusive RSA Vaults in London. The panel included our own security leads Malcolm Barske (UKI Security Lead), Ja...

Threat-Informed Defense: The Evolution of Red Teaming in Cybersecurity

Blog Published: 05/31/2023

Originally published by Coalfire. Written by Mark Carney, Executive Vice President, Coalfire. Continuous adaptation of defensive strategies is needed to mitigate, detect, and respond to modern threats. Ensuring that investments achieve the required level of agility should be a primary objectiv...

Communicating Cybersecurity ROI to Your CFO

Blog Published: 06/01/2023

Originally published by Abnormal Security. Written by Arun Singh. Over the past several months, organizations have felt the strain of tumultuous economic conditions. Budget reductions ranging in severity from technology spending cutbacks to throngs of employee layoffs have sent waves of uncert...

Solving the Identity Puzzle: How Interoperability Unlocks Cloud Security Potential

Blog Published: 06/01/2023

Originally published by Strata.Written by Steve Lay.With increased cloud migration and the adoption of cloud-based apps, Cloud Security Architects and IT Decision-Makers are in a race to achieve interoperability between diverse identity systems. This creates a monumental challenge, where the s...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
135
136
137
139
141
142
143
Last »