Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Knowledge Center
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Knowledge Center
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Cloud 101CircleEventsBlog
Sign In

All Articles

Home
All Articles
Identity Modernization for Customer-Facing Applications

Blog Published: 05/02/2023

Originally published by Strata. Want to loan a friend some money? There’s an app for that. Want to exchange some dollars for Euros? There’s an app for that. In fact, the number of mobile apps that let consumers complete financial tasks that used to require a big financial institution is growing b...

SCARLETEEL: Operation Leveraging Terraform, Kubernetes, and AWS for Data Theft

Blog Published: 05/02/2023

Originally published by Sysdig on February 28, 2023. Written by Alberto Pellitteri. The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL, that resulted in stolen proprietary data. The attacker exploited a containerized wo...

How To Use An Identity Fabric To Manage Identity Sprawl

Blog Published: 05/02/2023

Written by Lior Yaari, CEO, Grip Security. Originally published on Forbes. From HR to IT and factories to finance, the enterprise runs on SaaS. The rapid adoption of SaaS services, however, has led to the two-pronged threat of identity attacks and the hijacking of critical tools leveraged to run ...

Beyond the Inbox: Protecting Against Collaboration Apps as an Emerging Attack Vector

Blog Published: 05/01/2023

Originally published by Abnormal Security. Written by Mike Britton. Email has always been a lucrative attack vector for cybercriminals. Even today, it continues to be their most common path into an organization, and enterprises are undoubtedly feeling the impact. Losses due to business email comp...

A Security Work Stream Is Critical to IT Modernization

Blog Published: 05/01/2023

Originally published by Lookout. Written by Fazal Sadikali, Technology Managing Director of Cloud Insights, Lookout. With new technology being developed at a rapid pace, adaptability is crucial for a company to thrive against its competitors. IT cloud modernization is a great way to drive sal...

The State of Data Security: The Hard Truths

Blog Published: 05/01/2023

Originally published by Rubrik. Written by Steve Stone. Rubrik Zero Labs is excited to debut its second State of Data Security report: “The State of Data Security: The Hard Truths.” This in-depth global study uses telemetry data to provide objective data security insights. Rubrik data is ...

It May Only Take One Attack to Get Stung by OneNote!

Blog Published: 04/28/2023

Originally published by Skyhigh Security. Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. Part of Microsoft’s extensive 365 application suite, Microsoft OneNote offers users a powerful yet flexible information management workbench. As organizations continue their rampant...

Analysis for CVE-2023-23397 Microsoft Outlook Vulnerability

Blog Published: 04/28/2023

Originally published by InsiderSecurity. CVE-2023-23397 Threat Overview InsiderSecurity analysed the possible exploitation techniques for the recent Outlook vulnerability, as well as methods for early detection of such exploits, both for this specific vulnerability and future similar vulnerabilit...

Unintended Third-Party Access to Data Through Supported Azure Built-In Roles

Blog Published: 04/28/2023

Originally published by Symmetry Systems. Written by Sachin Tyagi. A combination of built-in contributor permissions could allow unintended data access in Azure Lighthouse Symmetry Systems would like to extend their appreciation and thanks to the Azure Lighthouse product managers and the ...

What Boards Need to Know About GRC and Atomized Networks

Blog Published: 04/27/2023

Originally published by Netography. Written by Martin Roesch, CEO, Netography. New regulations proposed by the Security Exchange Commission (SEC) around cybersecurity governance, risk management, and compliance (GRC) are forcing CEOs and board members to take a hard look at their governance capab...

3 Reasons Why Data Security Helps Ensure Cyber Recovery

Blog Published: 04/27/2023

Originally published by Rubrik. Written by Srujana Puttagunta. Are you still relying on legacy backup systems to protect your business from cyber attacks? If so, you might want to think twice. Cyber attacks have become so common that 98% of security and IT leaders reported that they dealt w...

Cloud Security Alliance Welcomes Three New Board Members

Press Release Published: 04/27/2023

New members bring wealth of cloud security expertise to CSARSA Conference (San Francisco) – April 27, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment,...

The Road to M&A Hell is Paved with Good (IP-based) Intentions

Blog Published: 04/27/2023

Originally published by Zscaler. Written by Martyn Ditchburn, Director of Transformation Strategy, Zscaler. TCP/IP-based communications have been the cornerstone of corporate networks for more than 30 years. Organisations like Cisco excelled at training an army of mechanical TCP/IP converts who t...

Discover the Cloud Security Alliance's STAR Program: A Must-Know for Enterprise CISOs

Blog Published: 04/26/2023

IntroductionCloud computing has unleashed unprecedented computational prowess and storage potential for businesses, but it comes with increased data privacy and security worries. The Cloud Security Alliance (CSA) spearheads efforts to tackle these concerns via its Security, Trust, Assurance and R...

An Overview of NIST Special Publications 800-34, 800-61, 800-63, and 800-218

Blog Published: 04/26/2023

Originally published by Schellman. Known more commonly as NIST, the National Institute of Standards and Technology provides cybersecurity frameworks that not only are integral for many government and Department of Defense contracts but are also widely accepted as a solid launch point for most org...

Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads

Blog Published: 04/26/2023

Originally published by CrowdStrike. Self-extracting (SFX) archive files have long served the legitimate purpose of easily sharing compressed files with someone who lacks the software to decompress and view the contents of a regular archive file. However, SFX archive files can also contain hidden...

Security is Only as Good as Your Threat Intelligence

Blog Published: 04/25/2023

Now even stronger with AI Originally published by Microsoft Security. Written by John Lambert, Corporate Vice President, Distinguished Engineer, Microsoft Security Research. Longtime cybersecurity observers know how frustrating the fight for progress can be. Our profession demands constant vigila...

Lessons from Blockbusters: What Hollywood Can Teach Us About Cyber Security

Blog Published: 04/25/2023

Originally published by NCC Group. Written by Sourya Biswas, Technical Director, NCC Group. “Everything I learned I learned from the movies.”-Audrey Hepburn, Oscar-winning actress and humanitarianFew things capture the imagination like movies. From epic dramas to tearful romances, from everyday t...

Migration to the Public Cloud: What You Need to Know and Some Best Practices

Blog Published: 04/25/2023

Written by Bindu Sundaresan, Director, AT&T Cybersecurity. Many organizations are turning to public cloud environments for their IT infrastructure expansion and enhancement. Cloud-based solutions offer many advantages, including cost-effectiveness, scalability, and ease of use. Organizations ...

The CxO Trust Cloud Change Notification Project

Blog Published: 04/24/2023

In the two years since we kicked it off, the Cloud Security Alliance’s CxO Trust Initiative has provided valuable guidance as to the key strategies necessary to advance cloud and cybersecurity within the C-Suite. We consult the CxO Trust Advisory Council regularly on issues that arise in the indu...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
1
2
4
6
7
8
Last »