Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Spies Hack Cloud Supply Chains Because That's Where the Data Is

Blog Published: 11/26/2021

This blog was originally published by Authomize on October 28, 2021. Written by Gabriel Avner, Authomize. Microsoft announced this week that the Russian hacking crew APT 29 (aka Nobelium) was detected targeting cloud service providers in an attempt to reach those organizations’ customers as part...

Improving Customer Account Management with Security Transparency

Blog Published: 11/26/2021

This blog was originally published by SafeBase here. Written by Kevin Qiu, SafeBase. According to the Identity Theft Research Center, data breaches increased year-over-year once again in 2021, with the number exceeding 2020's breaches by October. Supply chain security in particular is now top-of-...

Better Together: CMDB + CSPM = Cloud Native Cyber Asset Management

Blog Published: 11/24/2021

This blog was originally published by JupiterOne here. Written by Tyler Shields, JupiterOne. There is a lot of confusion out there when it comes to cloud native IT and cloud security tools. Things have gotten rather complicated over the last few years as we migrate our security and technology sta...

The Fourth Dimension of Security Risk Management

Blog Published: 11/24/2021

This blog was originally published by Orca Security here. Written by Andy Ellis, Advisory CISO for Orca Security. When security professionals talk about risk, especially with business executives, we often use metaphors rooted in the physical world. We might talk about coverage, and compare it to ...

Security Spotlight: Large Data Leaks, New COVID-19 Scams, and Fast Ransomware Attacks

Blog Published: 11/23/2021

This blog was originally published on October 12, 2021 by Bitglass. Written by Jeff Birnbaum, Bitglass. Here are the top security stories from recent weeks: Twitch Leak Exposes Personal DataCox Media Group Confirms Ransomware AttackXgroup Attackers Offer to Hack EU Hospitals in COVID-19 Vaccine S...

Identity-First Security is the New Perimeter

Blog Published: 11/23/2021

This blog was originally published by Authomize here. Written by Gabriel Avner, Authomize. In May, the Biden Administration issued a new Executive Order calling to modernize the nation’s defenses against the steady escalation of cyber attacks that have hit the United States over the past year. In...

CSA Security Trust Assurance and Risk (STAR) Registry Reaches Notable Landmark with 1,500 Entries

Press Release Published: 11/22/2021

Significant milestone further validates value and relevance of programSEATTLE – Nov. 22, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announ...

Modernizing Security Operations with XDR

Blog Published: 11/22/2021

This blog was originally published by Cisco here. Written by Aaron Sherrill, Senior Research Analyst at 451 Research. Set the Stage: A World Without XDRSecurity operations teams at most organizations are overwhelmed by the sheer number of security products they’re required to manage.Over the cour...

Defining an Effective Multi-Cloud Strategy: Identifying Vulnerabilities Before They Wreak Havoc

Blog Published: 11/22/2021

This blog was originally published by Alert Logic here. It’s not news that organizations are facing a growing number and frequency of cyber threats, nor that new, sophisticated attacks are evading traditional security tools. But the growing threat that companies face is the complexity of the...

DevSecOps and Misconfigurations: Key Facts to Know

Blog Published: 11/21/2021

Secure DevOps, DevSecOps, and “shifting left” have become increasingly popular terms in cybersecurity. With the rapid increase both in volume and speed to delivery of applications, attacks on applications have also increased in both volume and complexity. Combine this with the shortage of cyberse...

STAR Testimonial: Implementation and Beyond

Blog Published: 11/20/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores...

Building a Security Training Testbed for Azure

Blog Published: 11/19/2021

This blog was originally published by Adobe here. Written by Akriti Srivastava, Security Analyst, Adobe OpSec Team. With any cloud platform, a lack of understanding of required security controls and unintentional misconfigurations can bring additional risk to the DevSecOps process. A test envi...

Achieving Zero Trust Remote Access with Privileged Access Management

Blog Published: 11/19/2021

Written by Matt Miller, BeyondTrust. The radical shift to embrace largescale remote work—and even a work-from-anywhere mindset, the accelerated pace of digital transformation, the proliferation of ransomware, and massive breaches (i.e. SolarWinds Orion, Colonial Pipeline, etc.) together have kick...

A Practical Guide to the Different Compliance Kubernetes Security Frameworks and How They Fit Together

Blog Published: 11/18/2021

This blog was originally published by ARMO here. Written by Jonathan Kaftzan, ARMO. TL;DR - Comparing popular Kubernetes security and compliance frameworks, how they differ, when to use, common goals, and suggested toolsThe challenge of administering security and maintaining compliance in a Kuber...

Cloud Security Alliance’s Flagship Cloud Security Assessment and Guidance Documents Are Now Available in Five Additional Languages

Press Release Published: 11/18/2021

Cloud Controls Matrix (CCMv4), Consensus Assessments Initiative Questionnaire (CAIQ) are now available to a wider global audienceSEATTLE – Nov. 18, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to hel...

Why Cloud-Ready, Centralized AppSec Must Underpin State Government Cloud Adoption

Blog Published: 11/17/2021

This blog was originally published by Checkmarx here. Written by Rebecca Spiegel, Checkmarx. State and local governments are accelerating their use of the cloud as they focus on delivering more digital services with fewer resources and continue responding to pandemic pressures. In a recent Fe...

Data Security and Privacy-related ISO/IEC Certifications

Blog Published: 11/17/2021

Written by Ashwin Chaudhary, CEO of Accedere. In this blog, we will focus on Data Security and Privacy-related ISO/IEC Certifications. With the cybercrime market targeting 10.5 Trillion USD and increasing data security breaches, the need for third-party vendor certifications is also increasin...

Multi-Cloud Security: What You Need to Know

Blog Published: 11/16/2021

This blog was originally published by Vulcan Cyber here. Written by Orani Amroussi, Vulcan Cyber. The multi-cloud approach is becoming increasingly popular among companies looking to take advantage of its agility, innovation, potential cost savings, and the flexibility to choose the best of what ...

Two Truths and a Lie About Cloud Security

Blog Published: 11/15/2021

This blog was originally published by JupiterOne here. Written by Ashleigh Lee, JupiterOne. Cloud technology saved many businesses from catastrophe during this past year, but it’s also introduced additional challenges to security, compliance, and governance practices. The pandemic, with the s...

3 Tenets For High-Performance Cloud Operations

Blog Published: 11/15/2021

This blog was originally published by Booz Allen here. Written by Osama Malik, Booz Allen Hamilton. Unlock enterprise resilience, scale, and flexibilityThese days, with technology progressing at a rapid, continuous, unrelenting clip, cloud capabilities offer federal agencies a way to achieve and ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
99
100
101
103
105
106
107
Last »