Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

All Articles

Home
All Articles
Cloud Relationships: Getting to Grips With the ‘Vendor of My Vendor’

Blog Published: 04/15/2024

Written by Thales.Over the course of centuries, we have learned a valuable lesson: building walls or burying treasure on shifting sand brings no advantages. This timeless wisdom can be applied to the present era, where businesses struggle to find the perfect storage solution for their data, which...

From Gatekeeper to Guardian: Why CISOs Must Embrace Their Inner Business Superhero

Blog Published: 04/15/2024

Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.(And why it should become our outer superhero persona, too)Let's face it. The days of the CISO as the lone wolf, guarding the castle walls with a stack of firewalls and a suspicious glare, are over (thoug...

Cantwell Proposes Legislation to Create a Blueprint for AI Innovation and Security

Blog Published: 04/15/2024

Originally published by Truyo.Written by Dan Clarke.In 2024, a surge of global AI legislation is imminent, with the United States poised to follow the European Union’s lead by implementing comprehensive nationwide rules and guidelines. Senate Commerce Committee Chair Maria Cantwell is gearing up ...

Evaluate the Security of Your Cloud Service Provider with the CSA STAR Registry

Blog Published: 04/13/2024

The CSA STAR Registry is kind of a big deal in the cloud security world. It's a global database filled with over 2,000 assessments completed by cloud service providers (CSPs), documenting their security, privacy, and governance policies. Anyone can access the Registry for free to find cloud servi...

Sealing Pandora's Box - The Urgent Need for Responsible AI Governance

Blog Published: 04/12/2024

Written by MJ Schwenger, CSA AI Working Group.The explosive emergence of Generative AI, with its ability to create seemingly magical outputs from text to code, is undeniably exciting. However, lurking beneath this shiny surface lies a Pandora's box of potential risks that demand immediate attenti...

Protocols are Passé. APIs are Key for Effective Zero Trust Implementation.

Blog Published: 04/12/2024

Written by Chandra Rajagopalan, Principal Software Engineer, Netskope. A really short reminiscence of network and security protocolsFrom the 1970s to the 2000s, creating new protocols and enhancing the protocols was prevalent among networking and security experts. These protocols influenced the w...

Remote Code Execution (RCE) Lateral Movement Tactics in Cloud Exploitation

Blog Published: 04/12/2024

Originally published by Uptycs.When it comes to cybersecurity, Remote Code Execution (RCE) might sound complex, but in essence, it's a straightforward concept with profound implications. Among the myriad of security vulnerabilities, RCEs are particularly alarming due to their high impact and the ...

Cloud Gaming and Data Security: Balancing Fun and Privacy

Blog Published: 04/12/2024

Written by Ashwin Chaudhary, CEO, Accedere.Cloud gaming, also known as game streaming, has revolutionized the gaming industry. It allows players to enjoy high-quality games without the need for powerful local hardware. However, this convenience comes with its own set of security challenges. In ...

Building a SOC for Compliance

Blog Published: 04/11/2024

Originally published by RegScale.There are not many things I have hated in my professional life more than getting surprised in an audit. It is embarrassing, damages your credibility, and makes it harder to accomplish your strategic goals as you get distracted by fighting the small forest fires th...

Ensuring Trust and Compliance: The Importance of Accredited Auditors for ISO 27001

Blog Published: 04/11/2024

Originally published by BARR Advisory.Written by Cameron Kline, Director, Attest Services, BARR Advisory.As an internationally recognized certification, ISO 27001 is one of the most highly regarded and thorough cybersecurity assessments an organization can undergo. Achieving and maintaining an IS...

The Secret to Supercharging LLMs: It's Not Answers, It's Questions

Blog Published: 04/10/2024

Written by Dr. Chantal Spleiss, Co-Chair of the CSA AI Governance & Compliance Working Group.Stop talking to your AI, start collaborating with it. Prompt engineering is the key to unlocking the full potential of LLMs. This mastery of questioning is so valuable that a prompt engineer may earn ...

Securing Non-Human Identities: Lessons from the Cloudflare Breach

Blog Published: 04/10/2024

Originally published by Oasis Security. Written by Roey Rozi, Director of Solutions Architecture, Oasis Security. Cloudflare disclosed on February 2nd that it had been breached by a suspected nation-state attacker. This breach exploited multiple unrotated and exposed secrets. The chain of events ...

Why Cyber Defenders Should Embrace a Hacker Mindset

Blog Published: 04/10/2024

Originally published by Pentera. Written by Nelson Santos. Today’s security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introduci...

Powerful Cloud Permissions You Should Know: Part 2

Blog Published: 04/09/2024

Originally published by Sonrai Security.Written by Tally Shea and Deirdre Hennigar.MITRE ATT&CK Framework: PersistenceThis blog is the second publication in a series exploring the most powerful cloud permissions and how they map to the MITRE ATT&CK Framework. If you have not yet read the ...

Mapping the Impact of Cloud Remediation

Blog Published: 04/09/2024

Originally published by Tamnoon. Written by Michael St.Onge, Principal Security Architect, Tamnoon. What is impact analysis?Performing an impact analysis is a critical step in the cloud remediation process that employs methodical techniques to answer the questions: “What might go wrong if we impl...

Threats to Water: The Achilles’ Heel of Critical Infrastructure

Blog Published: 04/08/2024

Originally published by CXO REvolutionaries.Written by David Cagigal, Former CIO of the State of Wisconsin.Recent cyberattacks on the water industry raise the prospect of more frequent, widespread, damaging incidents that threaten disruption to lives and livelihoods. I know the chaos that stems f...

Why Do SOC Reports Have to Be Issued By a CPA Firm?

Blog Published: 04/08/2024

Originally published by MJD.Written by Chris Giles, CPA, Senior Manager, MJD.Q: Why do SOC reports have to be issued by a CPA firm?A: MJD AnswerThe simple answer is that SOC engagements are performed in accordance with standards set by the American Institute of Professional Accountants (AICPA). T...

Insider Data Breach at US Telecom Provider is a Wake-Up Call for HR Information Systems Security

Blog Published: 04/08/2024

Originally published by Adaptive Shield.Written by Hananel Livneh. A major player in the US telecommunications industry, with over 117,000 employees, recently experienced an insider data breach that has impacted nearly half of its workforce. The breach, discovered on December 12, 2023, occurred o...

Navigating Your Cloud Journey in 2024: Key Resources from the Cloud Security Alliance

Blog Published: 04/05/2024

Written by Nicole Krenz, Web Marketing Specialist, CSA.The cloud security landscape is ever-evolving, presenting new opportunities and challenges, especially in the realms of AI, compliance and governance, and continuous security education and advancement. The Cloud Security Alliance (CSA) is at ...

The Modern Data Stack Has Changed the Security Landscape

Blog Published: 04/05/2024

Written by Uday Srinivasan, CTO, Acante.The way businesses analyze, transform and share data has radically changed over the past few years. We are in the post-Hadoop era with the Apache Software Foundation retiring over 10 Hadoop-related projects over the last three years. The shift of enterprise...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
1
3
4
5
Last »