All Articles

All Articles
What an Auditor Should Know about Cloud Computing Part 1

Blog Published: 04/06/2021

An Introduction to Cloud Terminology and General GovernanceWritten by Moshe Ferber, CCSK and CCAK InstructorThis is the first in a series of three blogs dealing with the essentials an auditor needs to know about cloud computing. In recent years, there has been a strong focus on building cloud pla...

Cloud Security Alliance Announces Rolling Call for Participation, Content for Virtual and In-person Global Events

Press Release Published: 04/01/2021

Subject matter experts invited to share expertise with cyber, cloud communitiesSEATTLE – April 1, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today ann...

CCSK Success Stories: From a Senior Executive

Blog Published: 04/01/2021

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

Beware of Legitimate, but Compromised Websites

Blog Published: 03/30/2021

This blog was originally published by Ericom By Mendy Newman, Group CTO, International, Ericom SoftwareIt’s easy to get lulled into a false sense of security when visiting a website you know – “I navigated directly to xyz.com so I know this isn’t a spoofed site. Surfing here, even downloading thi...

Cloud Security Alliance Releases Latest Survey Report on State of Cloud Security Concerns, Challenges, and Incidents

Press Release Published: 03/30/2021

Survey finds that 58% of respondents are concerned about security in the cloud, while misconfigurations are one of the leading causes of breaches and outages, as public cloud adoption doubles over past two yearsSEATTLE – March 30, 2021 – The Cloud Security Alliance (CSA), the world’s leading orga...

How SDP Can Be Used to Thwart DDoS Attacks

Blog Published: 03/26/2021

By Shamun Mahmud, Senior Research Analyst and Standards Officer for the Cloud Security AllianceSoftware Defined Perimeter provides an integrated security architecture that is otherwise hard to achieve with existing security point products. We’ve seen tremendous growth in interest, enterprise adop...

5 Best Practices for Securing Microsoft Azure

Blog Published: 03/25/2021

This blog was originally published by OpsCompass.By John Grange from OpsCompass.Cloud adoption has led to a major shift in application security management. Unlike on-premises where the focus is more on perimeter security, cloud deployments demand a more holistic and integrated approach. Ensuring ...

Incident Response and Knowing When to Automate

Blog Published: 03/24/2021

This blog was originally published on Vectra.ai Measuring and improving total time of response is easier said than done. The reality is many organizations do not know their existing state of readiness to be able to respond to a cybersecurity incident in a fast, effective manner. And most don’t...

Planning Through Recovery: Five Things to Keep in Mind

Blog Published: 03/23/2021

By Bryan Sartin, Senior Vice President, Chief Services Officer, eSentirePlanning is everything. Just ask the Boy Scouts. While being caught in a downpour without an umbrella is certainly inconvenient, maybe even unpleasant, it pales in comparison to your organization experiencing a significant da...

CCAK Testimonials: From a Cybersecurity Consultant

Blog Published: 03/22/2021

The Certificate of Cloud Auditing Knowledge (CCAK) is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program will fill the gap in the market for technical ed...

​Cloud Explosion Catapults Privileged Access Management and Identity Security to the Forefront

Blog Published: 03/22/2021

By Justyna Kucharczak from CyberArk 2020 introduced a host of unexpected challenges for cybersecurity teams. Not only must they protect increasingly complex IT environments, they’re now charged with deploying new models to enable mobile and geographically dispersed workforces. As they move for...

Cloud Security Alliance and ISACA Announce Availability of Industry's First Cloud Auditing Credential, the Certificate of Cloud Auditing Knowledge (CCAK)

Press Release Published: 03/22/2021

CCAK demonstrates the knowledge and skills needed to address the nuanced challenges in auditing cloud environmentsSEATTLE – March 22, 2021 – The Cloud Security Alliance® (CSA) and ISACA® today announced the launch of Certificate of Cloud Auditing Knowledge™ (CCAK™), the industry’s first global, v...

CCSK Success Stories: From an IT Security Consultant

Blog Published: 03/19/2021

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

Locking Down the Security of AWS IAM

Blog Published: 03/18/2021

This blog was originally published by Fugue, Inc. By Becki Lee, Head Technical Writer, Fugue, Inc. This blog post helps cloud engineers think more critically about cloud misconfiguration — why it occurs, how malicious actors exploit it, and ways to prevent it. Why AWS IAM? Cloud misconfig...

Investment in Cybersecurity During a Recovering Economy

Blog Published: 03/17/2021

This blog was originally published by TokenEx.Written by Alex Pezold, Co-Founder and CEO at TokenEx.Over a year of economic uncertainty driven by the pandemic has led organizations to re-evaluate their budgets. If one thing is apparent, it is that investing in cybersecurity must be a top priority...

Incident Response and the Need for Speed

Blog Published: 03/16/2021

This blog was originally published on Vectra.ai When a cyberattack occurs, most aspects of the threat are not under the control of a targeted organization. These range from who is targeting them, what is the motivation, where and when the attack occurs, how well-equipped and skilled that attac...

Cloud Security Alliance Releases Additional Mappings, Update to Cloud Controls Matrix (CCM) v4

Press Release Published: 03/15/2021

Updates allow for streamlined transition to, compliance with CCM v4 and ISO standardsSEATTLE – March 15, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, to...

Threat Hunting and Incident Response in Azure Environments

Blog Published: 03/15/2021

This blog was originally published on Garland Technology's website.Contributed by Vijit Nair from Corelight. When cyber-attacks cross the network, grabbing quality and relevant data from network traffic is essential for security operations. This is especially pertinent in cloud environments w...

CCSK Success Stories: From a Cloud Digital Security Architect

Blog Published: 03/11/2021

In this blog series we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage the Certificate of Cloud Security Knowledge (CCSK) in their current roles. In this blog we'll be interviewing Yogesh, a Cloud Digital Sec...

Taking a Practical Timely Opportunity to Evaluate the Security of Your Cloud Video Surveillance Solution

Blog Published: 03/10/2021

Written by Stan Mierzwa, M.S., CISSP, Director and Lecturer, Kean University Center for Cybersecurity and Eliot Perez, IT Security Analyst, CSA NJ Chapter These days, it is not unusual to walk too far before you see the endpoint of a video surveillance system. Consider the cameras you have s...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.