Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Listen Now: 'Real-Talk on Opportunities for Security Teams to Fight AI with AI'

All Articles

Home
All Articles
Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass

Blog Published: 06/22/2021

This blog was originally published by Sysdig hereWritten by Stefano Chierici, SysdigThe CVE-2021-25735 medium-level vulnerability has been found in Kubernetes kube-apiserver that could bypass a Validating Admission Webhook and allow unauthorised node updates.The kube-apiserver affected are:kube-a...

Better Together: The Future of CASBs and SWGs

Blog Published: 06/21/2021

This blog was originally published by Bitglass hereWritten by Jacob Serpa, BitglassWe’ve established before that cloud access security brokers (CASBs) and secure web gateways (SWGs) do not compete and are, in fact, complementary security tools. However, in addition to this, there is overlap betwe...

How to Earn Continuing Education Credits: Cloud Security Events, Training, and Resources

Blog Published: 06/18/2021

What are Continuing Education Credits?Continuing Education Credits are a requirement for maintaining professional certifications in fields like cloud security, cybersecurity, and IT. These credits are necessary for certifications such as CISSP from (ISC)2 or CISA from ISACA. Earning credits ensur...

​CCSK Success Stories: From a Cloud Trust Associate

Blog Published: 06/17/2021

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

​Securing a new world of hybrid work: What to know and what to do

Blog Published: 06/16/2021

This blog was originally published by Microsoft Security here Written by Vasu Jakkal, Corporate Vice President, Security, Compliance and Identity, Microsoft The cybersecurity landscape has fundamentally changed, as evidenced by large-scale, complex attacks like Nobelium, Hafnium, and more rec...

Security Spotlight: Ransomware Woes Continue Even As DarkSide Shuts Down After Claiming Multiple Victims

Blog Published: 06/15/2021

This blog was originally published by Bitglass hereWritten by Jeff Birnbaum, BitglassHere are the top security stories from recent weeks. DarkSide Ransomware Operations Shut Down Colonial Pipeline Pays $5 Million Ransomware Demand After DarkSide Ransomware AttackChemical Distributor Brenntag Pays...

Cloud Security Alliance’s Critical Controls Implementation for Salesforce Identifies Best Practices for Security Operations in Salesforce

Press Release Published: 06/15/2021

Reference document maps Salesforce controls to CSA’s 20 critical controls for cloud enterprise resource planning (ERP) customersSEATTLE – June 15, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help...

​The Case for Identity Modernization

Blog Published: 06/14/2021

Written by Eric Leach, Co-founder and Chief Product Officer of Strata Identity Companies have been deploying on-premises identity products for over two decades. It worked pretty well for the most part — managing accounts, provisioning, and authenticating users — when everything was inside the ...

Critical Controls for Oracle E-Business Suite

Blog Published: 06/11/2021

Written by Mike Miller, OnapsisOver the past months, cyber threat activity has increased to unprecedented levels, with threat actors expanding their capabilities to target critical infrastructure and mission-critical applications. From hacktivists to cyber-criminals and state-sponsored, these act...

How to Enhance GRC Program Collaboration in Your Organization

Blog Published: 06/10/2021

This blog was originally published by OneTrust GRC here. When it comes to Governance, Risk, and Compliance (GRC), understanding the integrated risk management responsibilities for each internal and external stakeholder isn’t just a best practice. It’s a critical component to preparing for and ...

Cloud Security Alliance New Telehealth Risk Management Guidance to Help Ensure Privacy and Security of Patient Information

Press Release Published: 06/10/2021

Paper analyzes concerns in each phase of the data lifecycle and presents suggested mitigation strategiesSEATTLE – June 10, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud c...

Why Is Cybersecurity Critical in Protecting Infrastructure?

Blog Published: 06/09/2021

Written by Angela Stone, Content Creator, Eleven Fifty AcademyCybersystems, assets, and physical infrastructure are vital to the economy of a country. Destroying or incapacitating infrastructure and cyber systems can have a devastating impact on the economy. Industries such as the oil and gas ind...

Real-Time Security Metrics: Insights Every Risk Management Team Should Monitor

Blog Published: 06/08/2021

This blog was originally published by OneTrust GRC here. There is one thing that businesses of all sizes, industries, and sectors have in common – they face a wide range of risk management threats. Specifically, retail, finance, hospitality, government, manufacturing, and healthcare industries...

The STAR Certification Journey

Blog Published: 06/08/2021

The CSA STAR Program is a powerful tool for security assurance in the cloud. It encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings. The CSA Securit...

Final Versions of Standard Contractual Clauses Adopted!

Blog Published: 06/07/2021

Three years after the General Data Protection Regulation (GDPR) came into effect, the European Commission has issued the much-awaited final version of two new sets of Standard Contractual Clauses that are expected to enable data controllers and processors to address some of the thorny issues in t...

Cloud Security Alliance Emphasizes Accountability and Transparency with Consensus Assessment Initiative Questionnaire (CAIQ) v4

Press Release Published: 06/07/2021

New features allow for a deeper understanding of Shared Security Responsibility Model, increase value for cloud service providers and customersSEATTLE – June 7, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best pra...

CAIQ v4 Released - Changes from v3.1 to v4

Blog Published: 06/07/2021

This blog was updated on 8/16/21 with the news that organizations can now submit CAIQ v4 to the STAR Registry.Since the publication of CCM v4 in January 2021, CSA has initiated a process to upgrade CAIQ, the questionnaire associated with CCM. In this blog we will explain changes made to version 4...

7 Simple but effective tactics to protect your website against DDoS attacks in 2021

Blog Published: 06/04/2021

Written by Tars Geerts, from Mlytic Intro Experts believe that the total number of DDoS attacks will double from the 7.9 million seen in 2018 to over 15 million by 2023. One of the reasons for this significant increase is that DDoS attacks are quite easy to pull off, making them very appealin...

CCSK Success Stories: From a Quality Security Consultant

Blog Published: 06/03/2021

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

How CSPs Can Make the Security and Compliance Evaluation Process Easier for Financial Institutions

Blog Published: 06/02/2021

This blog was originally published by Oracle hereOracle author: Maywun Wong, Director, Product MarketingContributed by: Steven D'Alfonso, Research Director, IDC Financial InsightsSo, you have finally decided to move applications to the cloud. But your board's risk committee wants assurance that s...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
102
103
104
106
108
109
110
Last »