Register for CSA’s SECtember conference and trainings today


All Articles

All Articles
Cyber Considerations From the Conflict in Ukraine

Blog Published: 08/03/2022

Originally published by KPMG here.After months and weeks of tension, the Russian government’s invasion of Ukraine has elevated concerns for cyber security incidents and the resilience of critical business functions, amongst international organizations. Beyond protecting their employees and suppor...

Okta Customers Exposed to Risk of Password Theft and Impersonation in PassBleed Attacks

Blog Published: 08/02/2022

Originally published by Authomize here. Written by Gabriel Avner, Authomize. Authomize’s Security Research Lab has uncovered a set of inherent risks in the popular Identity Provider Okta that put users at risk of potential compromise and exploitation. According to Authomize’s CTO and Co-foun...

Draft Bill: American Data Privacy and Protection Act

Blog Published: 08/02/2022

Originally published by BigID here. Written by Jaclyn Wishnia, BigID. A draft of a bipartisan federal comprehensive privacy bill was published on Friday, June 3rd. The proposed bill — entitled the “American Data Privacy and Protection Act”— would “provide consumers with foundational privacy right...

Troy Leach, Data Security and Standards Advocate, Joins Cloud Security Alliance as Chief Strategy Officer

Press Release Published: 08/02/2022

Leach will bring his expertise to bear through on external engagements, corporate initiativesSEATTLE – Aug. 2, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing env...

The New Kubernetes Gateway API and Its Use Cases

Blog Published: 08/02/2022

Originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO. Despite being a large open-source and complex project, Kubernetes keeps on evolving at an impressive pace. Being at the center of various platforms and solutions, the biggest challenge for the Kubernetes ...

When to Engage a FedRAMP Consultant vs. When to Engage a 3PAO

Blog Published: 08/01/2022

Originally published by Schellman here. Written by Andy Rogers, Schellman. “I have a very particular set of skills. Skills I have acquired over a very long career. Skills that make me a very well-equipped advisor/assessor for your FedRAMP boundary.” If you’ve seen the film Taken, you’ll know that...

The State of Remote Work Offboarding Security

Blog Published: 08/01/2022

Written by Marie Prokopets, Co-founder and COO, Nira. As companies switch to remote, distributed, and hybrid workforces, security risks related to offboarding have grown. When employees leave or change roles, organizations must protect their sensitive data from accidental or malicious data ex...

Top Threat #2 to Cloud Computing: Insecure Interfaces and APIs

Blog Published: 07/30/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...

166 Cybersecurity Statistics and Trends

Blog Published: 07/29/2022

Originally published by Varonis here. Written by Rob Sobers, Varonis. Cybersecurity is a day-to-day operation for many businesses. A lack of data protection, side effects of a global pandemic, and an increase in exploit sophistication have led to a huge incline in hacked and breached data fr...

Using the CSA STAR Program for Procurement

Blog Published: 07/29/2022

This blog was originally published by PivotPoint Security here.Among cloud service categories, Software as a Service (SaaS) offerings are not only the most numerous—up to a million providers worldwide—but also arguably the weakest on security. While infrastructure and platform providers are more ...

Should You Outsource or Manage Security In-House?

Blog Published: 07/29/2022

This blog was originally published by LogicHub here.Written by Willy Leichter, Chief Marketing Officer, LogicHub.Cybersecurity professionals Colin Henderson and Ray Espinoza share their take on in-house versus outsourced threat detection and response.Your in-house team has the context necessary t...

Can You See Me Now? Time to Shine a Light on the Huge Security Risk Posed by Your Shadow Data.

Blog Published: 07/28/2022

Originally published by Laminar here. Written by Karen Sung, Laminar. Shadow data is the largest threat to your data security that you don’t even know about. There is nothing that is growing faster in the cloud than data.It only takes one developer to leave an S3 bucket with user data open or lea...

Why Penetration Testing Is the First Step to Better Prepare for Hacks

Blog Published: 07/28/2022

Originally published by A-LIGN here. Written by Joseph Cortese, Technical Knowledge Leader and Research and Development Director, A-LIGN. The threat landscape is in a constant state of evolution. What may have been a best practice a year ago to help protect your organization against cyber thr...

The 5 Faces of Development Risk

Blog Published: 07/28/2022

Written by Tony Karam, Strategic Marketing Leader, Concourse Labs.Which of these development risks do you recognize?Delivering cloud-native applications, quickly, is an existential requirement for most businesses. Security, Risk Management, and DevSecOps leaders are tasked with ensuring cloud mis...

What Is an Acceptable Risk for Online Payments?

Blog Published: 07/27/2022

This blog was originally published by TokenEx here.Written by Valerie Hare, Content Marketing Specialist, TokenEx.If your business handles online payments, there are risks associated with this. These risks include everything from chargebacks and fraud to data breaches and payment declines. With m...

C-SCRM and the C-Suite: Securing Executive Buy-In for Supply Chain Risk Management

Blog Published: 07/27/2022

This blog was originally published by CXO REvolutionaries here.Written by Brad Moldenhauer, CISO, Americas, ZScaler.Unfortunately, it's not enough for today's IT leaders to concern themselves with the security of their own organizations. Complex and convoluted supply chains have seized their atte...

What is CSA STAR Certification and Why it is Important for ISO/IEC 27001 Certified Organizations?

Blog Published: 07/27/2022

This blog was originally published by MSECB here. What is CSA STAR Certification? Building security and data protection into the DNA of an organization’s management system and operations is very important considering the intensive use of cloud computing by all organizations nowadays. CSA STAR...

Securely Enable Multi-Cloud Architecture for a Future-Ready Workplace

Blog Published: 07/26/2022

This blog was originally published by HCL Technologies here. Written by Magnus Hultman, Sales Director, Cybersecurity & GRC Services, HCL Technologies. The adoption of new technologies has invariably accelerated the digital transformation of businesses and their ways of working. With const...

Will the Cloud Kill Security Agents?

Blog Published: 07/26/2022

This blog was originally published by Sysdig here. Written by Anna Belak, Sysdig. The “agents or no agents” debate is ancient and eternal. Every decade or so, we go through another round of “agents are terrible, let’s end them” and “we need more visibility and control to secure the system, maybe ...

Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun

Blog Published: 07/26/2022

This blog was originally published by CrowdStrike on May 25, 2022. Written by Jamie Harries, CrowdStrike. The security landscape is constantly developing to provide easier ways to establish endpoint visibility across networks through the use of endpoint detection and response (EDR) utilities. How...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.