Register for CSA’s SECtember conference and trainings today




Circle
Events
Blog

All Articles

All Articles
Security Operations Center (SOC) for Cloud

Blog Published: 07/08/2022

Written by Prikshit Goel, VP, Cybersecurity & GRC Services, HCL Technologies. Although cloud adoption means improved agility and flexibility for organizations, it has also led to increasing threats and challenges to data security. A Gartner survey revealed that 57% of board directors are prep...

Why Ransomware Attacks Are on the Rise

Blog Published: 07/07/2022

This blog was originally published by ShardSecure on June 27, 2022. Written by Marc Blackmer, VP of Marketing, ShardSecure. What Is Ransomware? Ransomware is a type of malware that prevents users from accessing their systems and files and requires them to pay a ransom to regain access. Most type...

Gatekeepers to Gateopeners

Blog Published: 07/07/2022

This blog was originally published by Laminar here. Written by Amit Shaked, Laminar. The past couple of years have been tragic and challenging as the world responded to COVID-19. One positive side effect of the pandemic however, has been the positive momentum of digital transformation, and the sh...

Zero-day Vulnerability Affecting the Microsoft Windows Support Diagnostic Tool (MSDT)

Blog Published: 07/07/2022

This blog was originally published by CrowdStrike here. Written by Dan Fernandez - Liviu Arsene, Endpoint & Cloud Security.On May 27, 2022, a remote code execution vulnerability was reported affecting the Microsoft Windows Support Diagnostic Tool (MSDT)The vulnerability, which is classified a...

Phishing is on the Rise: What CISOs Should Know

Blog Published: 07/06/2022

This blog was originally published by CXO REvolutionaries here. Written by Heng Mok, CISO APJ, Zscaler. The weakest link in a security architecture is often the people it protects. Although cloud-driven attacks like ransomware-as-a-service (RaaS) dominate headlines, social engineering remains a p...

The SASE Journey: A Head of IT Talks Shop

Blog Published: 07/06/2022

This blog was originally published by Lookout here. Written by Steve Banda, Senior Manager, Security Solutions, Lookout.Organizations that are adopting a permanent hybrid or remote-first work environment can use a Secure Access Services Edge (SASE) platform to implement cybersecurity that is not ...

The Access-Risk Landscape in 2022

Blog Published: 07/06/2022

Written by Marie Prokopets, Co-founder and COO, Nira. Introduction The number of data breaches and cases of unauthorized access to cloud-based documents, what we call — Access-Risk incidents — has skyrocketed over the past few years. In fact, 68% of information security professionals felt th...

Cloud Services Explained

Blog Published: 07/05/2022

NIST defines three service models which describe the different foundational categories of cloud services:Infrastructure as a Service (IaaS) offers access to a resource pool of fundamental computing infrastructure, such as compute, network, or storage. We sometimes call these the “SPI” tiers.Platf...

Threat Activity Cluster #4: Strawberry with Sprinkles

Blog Published: 07/05/2022

This blog was originally published by Alert Logic here. Written by Josh Davies and Gareth Protheroe, Alert Logic. In the next edition of our ice cream activity cluster blog series, we’re shining the spotlight on another historic actor that undertook a significant remodeling of their tactics, ...

CCSK Success Stories: From a CISO and Chief Privacy Officer

Blog Published: 07/01/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

What is the CSA Cloud Controls Matrix and Why Should Everyone on the Cloud Care?

Blog Published: 07/01/2022

This blog was originally published by Pivot Point Security here. If you’re not on the cloud you must be very afraid of heights. With nearly 100% of businesses now using cloud services, how are cloud service providers (CSPs) proving to customers and other stakeholders that they are secure?To talk ...

Five Steps to a Secure Cloud Architecture

Blog Published: 06/30/2022

This blog was originally published by Fugue here. By Josh Stella, Chief Architect, Snyk, Co-Founder, Fugue. Cloud computing cyberattacks don’t play out like the scenes from Hollywood thrillers. No one is slowly lowering Tom Cruise into a preselected target’s secure data center equipped with u...

Zero Trust Creator John Kindervag Joins Cloud Security Alliance as Security Advisor

Press Release Published: 06/30/2022

Renowned cybersecurity expert brings more than 25 years of experience to Zero Trust Advancement CenterSEATTLE – June 30, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud comp...

Definitive Guide to Kubernetes Admission Controller

Blog Published: 06/30/2022

This blog was originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO.What is Kubernetes Admission Controller?Kubernetes Admission Controller is an advanced plugin for gating and governing the configuration changes and workload deployment in a cluster. Admission C...

Understanding Compliance Platform Capabilities: Black Box Automation Has its Limitations

Blog Published: 06/29/2022

This blog was originally published by Coalfire here.Written by Dixon Wright, VP of Product Management, Coalfire.Compliance is hard. It is not a “black box” of opaque inputs and outputs, where systems and data are hidden and where users are oblivious to their inner workings. There has yet to be a ...

How to Protect Your Crypto from Hackers

Blog Published: 06/29/2022

This blog was originally published by TokenEx here.Written by Valerie Hare, Content Marketing Specialist, TokenEx.A McAfee report, "The Hidden Costs of Cybercrime," states that over $4 billion in cryptocurrency was stolen and nearly $1.4 billion was stolen in the first five months of 2020. While ...

What We Get Wrong About Ransomware

Blog Published: 06/29/2022

This blog was originally published by Forbes and Nasuni. Written by Andres Rodriguez, founder and CTO of Nasuni. We live in the age of ransomware. This persistent threat remains top of mind for CEOs, their boards, CIOs, CISOs and everyone in the line of fire in IT. Yet we still get so much wrong ...

SynLapse – Technical Details for Critical Azure Synapse Vulnerability

Blog Published: 06/28/2022

This blog was originally published by Orca Security on June 14, 2022. Written by Tzah Pahima, Orca Security. One attack vector closed, additional hardening is recommended This blog describes the technical details of SynLapse, in continuation to our previous blog. We waited to publish until now in...

Enabling Pervasive Zero Trust

Blog Published: 06/28/2022

This blog was originally published by CrowdStrike on March 9, 2022. Written by George Kurtz, CrowdStrike. The security problems that plague organizations today actually haven’t changed much in 30 years. Weak and shared passwords, misconfigurations and vulnerabilities are problems that have tormen...

Cloud Security Alliance, Cyber Risk Institute Partner to Create Cloud Controls Matrix (CCM) Addendum for the Financial Sector

Press Release Published: 06/28/2022

Strategic collaboration addresses sector-specific requirements within CCM frameworkSEATTLE – June 28, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment,...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.