Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
Moving Past MOVEit

Blog Published: 10/10/2023

Originally published by Coalfire. Written by Priti Patel, Security Consultant, FedRAMP/NIST Advisory and Dr. Stephanie Carter, Principal, FedRAMP Advisory Services. The MOVEit hack resembles successful cyberattacks from the past, leading us to ask if federal agencies and contractors are using ...

Reducing IT Complexity with Cloud Options

Blog Published: 09/28/2023

Originally published by Sangfor. Written by Nicholas Tay Chee Seng, CTO, Sangfor Cloud. AbstractToday’s business landscape is constantly changing in response to digital transformation. Against this backdrop, efficient and cost-effective IT infrastructure, namely cloud computing, is critical to...

The Cloud Flaw Magnification Effect

Blog Published: 09/29/2023

Originally published by Dazz.Written by Barak Bercovitz, Director of Innovation, Dazz. Cloud Development is Becoming More AutomatedCompanies are developing software in the cloud in a big way. Cloud tools and continuous integration processes help developers write, compile, and test their code, ...

Cloud Controls Matrix (CCM) Now Mapped to OpenCRE, Cloud Security Alliance Announces

Press Release Published: 09/28/2023

Mapping serves to strengthen security landscape by cross-linking CCM to multiple other standards in one repositorySEATTLE – Sept. 28, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a ...

Empowering Financial Transformation: The Significance of GRC Solutions for BFSI and vCISOs

Blog Published: 10/02/2023

Written by Anand Srinivasan, AuditCue. In an era marked by rapid digital transformation and evolving cybersecurity threats, the financial sector faces unprecedented challenges. Banks, mortgage institutions, and virtual Chief Information Security Officers (vCISOs) play pivotal roles in safeguar...

Connected Third-Party Applications Widen Attack Surface Area

Blog Published: 10/02/2023

Originally published by Abnormal Security. Written by Jade Hill. Inbound email attacks are a mainstay for cybercrooks, but criminals are shifting tactics to exploit third-party applications as a new method for gaining entry into an organization’s email environment. This is getting easier due t...

Protect Data Security When Deploying LLMs

Blog Published: 10/03/2023

Originally published by Dig Security. Written by Sharon Farber. Large language models (LLMs) and generative AI are undoubtedly the biggest tech story of 2023. These technologies, which power OpenAI’s headline-dominating ChatGPT, are now broadly available to be used as building blocks for new s...

What is Zero Trust Security?

Blog Published: 09/29/2023

Written by the CSA Zero Trust Working Group. Zero Trust, as defined by NIST, is a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as comprom...

From Compliance to Confidence: SEC’s New Cybersecurity Rules

Blog Published: 10/04/2023

Originally published by BigID. Written by Neil Patel, Director of Product Marketing, BigID. SEC’s New Cybersecurity RegulationThe Securities and Exchange Commission (SEC) has adopted new rules that require companies to disclose material cybersecurity incidents and information about their cyber...

BEC and VEC Attacks on the Rise in 2023

Blog Published: 10/16/2023

Originally published by Abnormal Security. Written by Jade Hill. Despite advancements in legacy security and increased employee awareness, cybercriminals still see email as a primary channel for attacks. And it’s easy to understand why—employees continue to fall for social engineering and fina...

The Importance of the Shared Responsibility Model for Your Data Security Strategy

Blog Published: 10/17/2023

Originally published by Dig Security. Written by Sharon Farber. A shared responsibility model is a cloud security framework that outlines the distribution of security and compliance responsibilities between the cloud service provider (CSP) and the customer. There has been a long debate about w...

The Booming Demand for Cybersecurity & Cloud Professionals

Blog Published: 10/03/2023

Written by Ashwin Chaudhary, CEO, Accedere.IntroductionIn today's increasingly digital world, where almost every organization is transitioning to the cloud, the demand for cybersecurity and cloud security training has never been greater. With the rapid advancement of technology and the ever-pr...

The Impact of Blockchain on Cloud Security

Blog Published: 10/03/2023

Written by Sayali Paseband, Senior Security Consultant, Verisk. We live in an era where cloud computing has become the backbone of all our business operations. Ensuring the security of data and transactions in the cloud has become more important than ever. Cyberattacks and data breaches are pe...

Insider Risk Management and IP Security: If It Were Easy, Everyone Would Be Doing It (Well)

Blog Published: 10/04/2023

Originally published by Code42.Written by Eric Ewald, Insider Risk Lead, Cyber Technology Solutions Group, Booz Allen Hamilton. Current challenges & risksAt this point, we can all admit that Insider Risk Management and IP security programs are difficult for many organizations to operationa...

Security Advisory: Abusing the SSM Agent as a Remote Access Trojan

Blog Published: 10/13/2023

Originally Published by Mitiga. Written by Ariel Szarf and Or Aspir. OverviewMitiga has discovered a new potential post-exploitation technique in AWS (Amazon Web Services): running AWS’s Systems Manager (SSM) agent as a Remote Access Trojan (RAT) on both Linux and Windows machines, controlling...

The 5 SOC 2 Trust Services Criteria Explained

Blog Published: 10/05/2023

Originally published by BARR Advisory. Written by Christine Falk. So what goes into a SOC 2 report, anyway?There are five trust services criteria (TSC) that can be included in a SOC 2 report: security, availability, confidentiality, processing integrity, and privacy. Amanda Parnigoni, senior c...

Top 5 Cybersecurity Trends in the Era of Generative AI

Blog Published: 10/06/2023

The landscape of cybersecurity is undergoing a seismic shift in the era of Generative AI (GenAI), redefining the frameworks and paradigms that have traditionally been in place. With the increasing deployment of GenAI technologies, we're stepping into an age where security measures need to be a...

The State of Cybersecurity Compliance in 2023 – Part 1

Blog Published: 10/24/2023

Originally published by Coalfire. Written by Adam Shnider, EVP, Compliance Services, Coalfire. Key Takeaways: Costs are rising, and many industries, including retail, financial services, tech, and healthcare, report rising compliance costs. Evolving framework requirements and revisions are ...

Architecting Cloud Instrumentation

Blog Published: 10/05/2023

Originally published by Sysdig.Written by Daniel Simionato. Architecting cloud instrumentation to secure a complex and diverse enterprise infrastructure is no small feat. Picture this: you have hundreds of virtual machines, some with specialized purposes and tailor-made configurations, thousan...

Why the Implementation of CIRA is So Important for Incident Response

Blog Published: 10/30/2023

Originally published by Mitiga. Written by Tal Mozes. Incident response for cloud and SaaS (Software as a Service) requires new capabilities. Gartner® has released its recent report entitled “Emerging Tech: Security — Cloud Investigation and Response Automation Offers Transformation Opportunit...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
148
149
150
152
154
155
156
Last »