Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
3 Cybersecurity Threats Caused by Generative AI

Blog Published: 11/01/2023

Originally published by Abnormal Security. Written by Jade Hill. New technologies invite a spectrum of reactions. On the extreme ends are the people who, perhaps naively, think that novel tech will solve all humanity's problems or lead us to our collective doom. But reality is always more nuan...

What to Look for (And Avoid) with Zero Trust Solutions

Blog Published: 10/11/2023

Originally published by CXO REvolutionaries. Written by Sanjit Ganguli, VP & CTO in Residence; Nathan HoweVP, Emerging Technology & 5G; and Daniel Ballmer, Senior Transformation Analyst, Zscaler. Zero trust architecture is part of a transformation journey that involves both technology ...

The Common Cloud Misconfigurations That Lead to Cloud Data Breaches

Blog Published: 10/11/2023

Originally published by CrowdStrike. The cloud has become the new battleground for adversary activity: CrowdStrike observed a 95% increase in cloud exploitation from 2021 to 2022 and a 288% jump in cases involving threat actors directly targeting the cloud. Defending your cloud environment req...

Bad Zero Trust is Not Good Security

Blog Published: 11/08/2023

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler. As an advocate and veteran practitioner of zero trust, I was intrigued by a recent article decrying its "vulnerability.” In fact, seeing zero trust and vulnerability in the same headline had me wonde...

Fighting Against the Current is For Salmon, Not Cybersecurity

Blog Published: 10/24/2023

Originally published by CXO REvolutionaries Written by Daniel Ballmer, Senior Transformation Analyst, Zscaler. It’s easy to lose sight of the big picture when seeking truths in the tech sector. Pick any topic in our industry, and you will discover a rabbit hole that forks repeatedly into equal...

Crawl, Walk, and Run Your Way to More Effective Data Protection

Blog Published: 10/18/2023

Originally published by CXO REvolutionaries Written by Daan Huybregts, CTO in Residence, Zscaler. Leverage a CASB to minimize data leakageBy now, most security professionals recognize that, as data loss prevention (DLP) solutions go, you can’t do better than a cloud access security broker (CAS...

What You Need to Know About FedRAMP Continuous Monitoring

Blog Published: 10/12/2023

Originally published by Schellman.To become FedRAMP authorized, you must pass the initial, rigorous FedRAMP assessment. But in the following years, you’ll also need to complete Annual Assessments performed by a third-party assessment organization (3PAO) if you’re interested in maintaining that...

The Top Problems with Vulnerability Remediation Today

Blog Published: 10/12/2023

Originally published by Dazz.Written by Julie O’Brien, CMO, Dazz. As companies have transitioned development processes from building on-premises software to cloud applications, we’ve bled efficiencies—particularly at the intersection of development and security. When we design our cloud securi...

New Container Exploit: Rooting Non-Root Containers with CVE-2023-2640 and CVE-2023-32629, aka GameOver(lay)

Blog Published: 10/17/2023

Originally published by CrowdStrike. Two new privilege escalation CVEs, CVE-2023-2640 and CVE-2023-32629, have been discovered in the Ubuntu kernel OverlayFS module. The CVEs affect not only any Ubuntu hosts running with vulnerable kernel versions but also any containers running on those hosts...

Demystifying Secure Architecture Review of Generative AI-Based Products and Services

Blog Published: 10/16/2023

Written by Satish Govindappa. AbstractIn the era of transformative technologies, Generative AI (GenAI) has emerged as a powerful force, redefining how we interact with data and information. It has unlocked the potential for innovation across various domains, from content generation to problem-...

​Zero Trust Approach: Elevating Secure Identity and Access Management

Blog Published: 10/13/2023

In a digital landscape where the term “Zero Trust” (ZT) seems both everywhere and elusive, it can be difficult to separate the wheat from the chaff. CSA’s Zero Trust Training (ZTT) series provides clarity and gives you the knowledge and skills necessary to implement and execute a strategy for ...

Espionage Fuels Global Cyberattacks

Blog Published: 10/16/2023

Originally published by Microsoft. Written by Tom Burt, Corporate Vice President, Customer Security & Trust, Microsoft. In the past year, cyberattacks have touched 120 countries, fueled by government-sponsored spying and with influence operations (IO) also rising. At times, nearly half of ...

Cracking the Code: How to Protect Secrets in Dev Environments

Blog Published: 10/18/2023

Originally published by BigID. Written by Sarah Hospelhorn, Chief Marketing Officer, BigID. As the digital ecosystem continues to grow, so does the risk of data breaches and security vulnerabilities. One common and overlooked danger is the presence of “secrets” in code repositories.Secrets, wh...

How to Leverage ISO 27001 to Obtain a SOC 2 Report

Blog Published: 10/19/2023

Originally published by BARR Advisory. Written by Kyle Cohlmia. If your organization has scaled to work with clients in and outside of the U.S., you might be curious about the benefits of a compliance framework that meets both national and international requirements. Two compliance standards t...

Leveraging Metrics to Enhance Your Insider Risk Management Program

Blog Published: 10/18/2023

Originally published by Code42. Written by Wendy Overton.In today’s dynamic cybersecurity landscape, organizations must proactively manage and monitor their Insider Risk. Effectively measuring the performance of an Insider Risk program and communicating its effectiveness and needs to senior le...

Five Things CISOs in Financial Services Can Do to Make Containers Secure and Compliant

Blog Published: 10/19/2023

Originally published by Sysdig.Written by Eric Carter. As competition ramps up in the financial services sector, agile and efficient application development is critical to delivering the seamless digital experiences today’s customers want. Chances are, if you’re not already moving applications...

NIST SP 800-207A Acknowledges the Critical Role of Network Traffic in ZTA Success

Blog Published: 10/20/2023

Originally published by Gigamon.Written by Orlie Yaniv and Ian Farquha. With the September 2023 publication of NIST 800-207A, A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments, NIST has laid out its guidance for developing a Zero Trust...

Celebrate 20 Years of Cybersecurity Awareness Month and Let’s Secure Our World Together

Blog Published: 10/20/2023

Originally published by Microsoft Security.Written by Vasu Jackal, Corporate Vice President, Security, Compliance, Identity, and Management. This year marks the twentieth anniversary of Cybersecurity Awareness Month, when we partner with the National Cybersecurity Alliance, the United States C...

Birth Right Permissions: A Barrier to Zero Trust Security

Blog Published: 10/20/2023

Written by Jerry Chapman, CSA ZT Working Group Co-Chair. Identity is a pillar or workstream in Zero Trust Security models. It has also been stated that it is a signal to support multiple Zero Trust Security Models. I agree with these assertions. The standard Identity and Access Management (IAM...

Understanding New PCI DSS 4.0 Requirements

Blog Published: 10/23/2023

Originally published by TokenEx. Written by Anni Burchfiel. The Payment Card Industry Data Security Standard (PCI DSS) serves as a crucial framework for safeguarding cardholder data. Developed by major card brands like American Express, Discover, Mastercard, JCB, and Visa, it aims to reduce br...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
149
150
151
153
155
156
157
Last »