Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
Measuring up to CMMC Compliance with AppSec

Blog Published: 11/01/2021

This blog was originally published by Checkmarx here. Written by Rebecca Spiegel, Checkmarx. Any organization with aspirations to do business with the U.S. Department of Defense will rapidly familiarize itself with the recently introduced Cybersecurity Maturity Model Certification (CMMC)....

CCSK Success Stories: From the Vice President for Information Security

Blog Published: 11/01/2021

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

Business Continuity and Disaster Recovery in the Cloud

Blog Published: 10/31/2021

Business Continuity and Disaster Recovery (BC/DR) is just as important for cloud computing as it is for any other technology. However, specific considerations for the cloud need to be kept in mind. This blog will provide an overview of how to approach BC/DR in the cloud, including the overarching...

STAR Testimonial: The First Cloud-Specific Attestation Program

Blog Published: 10/30/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. This is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC2 engagement...

Why Cloud Security is Critical for Retailers

Blog Published: 10/29/2021

By Kristen Bickerstaff, CyberArk. The past few years have seen accelerated digital transformations for the retail industry as online shopping and the demand for digital-first businesses have grown tremendously. Retailers are rapidly turning to the cloud and Infrastructure-as-a-Service (IaaS) to...

A Guided Approach to Support Your Zero Trust Strategy

Blog Published: 10/28/2021

As the world’s workforce sought to overcome the COVID-induced pandemic, a remote workforce suddenly became the new normal. At break-neck speed, information technology (IT) organizations were working to improve the security of millions of new endpoints that were accessing a network not optimized f...

5 Common Security Mistakes When Moving to Azure

Blog Published: 10/28/2021

This blog was originally published by Cloudtango here. Written by Jordi Vilanova, Cloudtango. Microsoft Azure is a powerful and wide ecosystem; covering all security aspects of a cloud environment is a complex undertaking. Although Azure is comprehensively secured by Microsoft, it does work based...

Roberto Baldoni, Director General of the Italian National Cybersecurity Agency, and McAfee’s Raj Samani to Headline Cloud Security Alliance’s CISO Cloud Summit Italy 2021

Press Release Published: 10/28/2021

Event to offer two-day Certificate of Cloud Auditing Knowledge training sessionSEATTLE and MILAN, ITALY – Oct. 28, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing...

Inside the Mind of a Cybercriminal: Common Hacking Methods, Explained

Blog Published: 10/27/2021

This blog was originally published by Black Kite here. Cyber attacks are flooding today’s headlines. Not only are they growing in frequency, but the cost of a data breach in 2021 is more than $4 million per incident— a 10% increase over last year alone. Now all organizations are being called upon...

3 Trends Shaping Identity as the Center of Modern Security

Blog Published: 10/27/2021

This blog was originally published by Microsoft here. Written by Joy Chik, Corporate Vice President, Microsoft Identity. Delivering identity solutions that secure access to everything for everyone has never been more important, given that identity has become the focal point of our digital soc...

How US Federal Government Proposals Promote Zero Trust Network Access

Blog Published: 10/26/2021

This blog was originally published by Bitglass here. Written by Jonathan Andresen, Bitglass. As part of the mandates from President Joe Biden’s May 12th Executive Order on Improving the Nation’s Cybersecurity the Office of Management and Budget (OMB) is giving agencies until the end of October to...

How Do You Securely Use the Office 365 Suite?

Blog Published: 10/26/2021

This blog was originally published by Fortica here. Written by Romain Coussement – Cloud Security Expert at Fortica. The Office 365 suite is already in place in many companies. Does everyone use it completely securely? Not necessarily. But be aware that Microsoft’s range of tools offers a host ...

What is a Cloud-Native Application Protection Platform (CNAPP)?

Blog Published: 10/25/2021

This blog was originally published by Wiz here. Written by Josh Dreyfuss, Wiz. The security space is rife with acronyms and it can be difficult to keep track of everything. There is a new acronym emerging, however, that is worth diving into: CNAPP. CNAPP, or Cloud-Native Application Protection Pl...

Are You Still Having Problems Building Secure Remote Access?

Blog Published: 10/25/2021

Written by Alex Vakulov In this article, I want to talk about the practical issues of implementing secure remote access as well as what is happening in the market, how regulators affect teleworking, and whether it is necessary to monitor employees who work from home. In the spring of last year, ...

Consistently Managing Entitlements for All Identities

Blog Published: 10/22/2021

Written by Sam Flaster, CyberArk. Today, we see identity at the heart of every trend in tech. What’s growing more complicated is the sheer size and scope of identities each organization must manage to prevent attackers from manipulating misconfigured or misaligned permissions. It’s critical...

Learn How Ransomware Attacks Have Changed - And How Response Needs To, Too

Blog Published: 10/22/2021

This blog was originally published by Mitiga here. Written by Ariel Parnes, Mitiga. Ransomware keeps hitting the news these days, filling headlines with stories about organizations struggling with disabled IT systems, inaccessible patient data, unavailable Wi-Fi, and general confusion. Ransomware...

Cloud Compliance Frameworks: What You Need to Know

Blog Published: 10/21/2021

This blog was originally published by Hyperproof here. Cloud storage and SaaS solutions bring unprecedented speed, agility, and flexibility to a business. However, trusting third-party vendors with sensitive data comes with numerous inherent risks, such as: Insecure access points can increase the...

Runtime Protection, the Mindset Shift Cloud Security Needs

Blog Published: 10/21/2021

This blog was originally published by Virsec here. Written by Satya Gupta, Co-Founder and CTO, Virsec. For years, companies have adopted cloud infrastructure for ease and speed in deploying applications. However, over the past 18 months the move to the cloud has accelerated dramatically as em...

Agents are Not Enough: Why Cloud Security Needs Agentless Deep Scanning

Blog Published: 10/20/2021

This blog was originally published by Wiz here. Written by Josh Dreyfuss, Wiz. Cloud environments are characterized by their dynamic nature. It’s easier than ever before to spin up new resources and add new technologies, which leads to an ever-increasing number of people and teams deploying in th...

Cloud Security Alliance Releases the Continuous Audit Metrics Catalog

Press Release Published: 10/20/2021

Paper is first to establish a foundation for continuous auditing of cloud services by defining a catalog of relevant security metrics and measurement processes that can be largely automatedSEATTLE – Oct. 20, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to d...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.