Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Will New Executive Order on Cybersecurity Fast Track Zero Trust?

Blog Published: 07/13/2021

This blog was originally published by Bitglass hereWritten by Jonathan Andresen, BitglassOn May 12, US President Biden issued a landmark executive order on Improving the Nation’s Cybersecurity that signals the need for governments and enterprises alike to boost their cyber defenses around the pri...

A Moment in Time: SECtember

Blog Published: 07/12/2021

Our fortunes are often dictated not just by what we do, but when we do it. Understanding that special “moment in time” when we can do great things with our lives, our business, our world is not easy. In my mentoring of colleagues, I try to stress the importance of being able to take a “step back”...

Cloud Security: 5 Lessons I Learned the Hard Way

Blog Published: 07/09/2021

This blog was originally published by OpsCompass hereWritten by John Grange, OpsCompassIt’s 2021, and it’s clear that cloud is a global IT trend relevant to every company, regardless of size or industry. The main cloud infrastructure providers (AWS, Azure, and GCP), as well as their local alterna...

Chris Krebs, Former Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to Headline Cloud Security Alliance’s SECtember

Press Release Published: 07/07/2021

Chris Krebs, Former Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to Headline Cloud Security Alliance’s SECtemberRegistration opens today for industry’s premier cloud event, which will address demand for rapid cloud adoption accelerated ...

The C-Suite’s Long Embrace of the Cloud

Blog Published: 07/06/2021

Take a gander at any recent research report covering cloud services or security and you quickly find some persistent and common themes:Spending on cloud services has not only grown exponentially during the pandemic, but will keep on rising as we continue to slowly return to some sense of normalcy...

Food Industry Increasingly Targeted by Cybercriminals

Blog Published: 07/02/2021

This blog was originally published by Ericom Software hereBy Simon Moran, VP Business Development, Ericom Software In recent weeks, cybercriminals seem to be working their way down a checklist of the basic necessities of a modern life: Healthcare – check, Scripps, HSE and a bunch more. Energy – ...

CCSK Success Stories: From a Head of Cloud Security

Blog Published: 07/01/2021

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

The Right Time to Hire a Product Security Analyst

Blog Published: 06/30/2021

This blog was originally published by CyberCrypt here.A doll that understands what children say and responds to them seemed, in 2015, like a great idea — unless you were a security analyst.Unfortunately for Mattel, security analysts seem to have been left out of the conversation until the toymake...

Is the Cloud Control Plane a New Frontline in Cybersecurity?

Blog Published: 06/29/2021

This blog was originally published on Vectra.ai As cloud adoption continues to accelerate with no end in sight, the evolution of the next generation of modern attacks will traverse through and towards an enterprise’s cloud control plane. But why is that? The control plane provides management...

Top 10 Linux Server Hardening and Security Best Practices

Blog Published: 06/28/2021

This blog was originally published by Intezer here.If you have servers connected to the internet, you likely have valuable data stored on them that needs to be protected from bad actors.Linux server hardening is a set of measures used to reduce the attack surface and improve the security of your ...

New Cloud Security Alliance Research Evaluates Hyperledger Fabric 2.0 Security, Provides Guidance Mapped to NIST Cybersecurity Framework

Press Release Published: 06/28/2021

Report and checklist provide data compromise mitigation strategies for financial services industry SEATTLE – June 28, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud comput...

Split Knowledge: Literally the Key to Secure Encryption

Blog Published: 06/25/2021

This blog was originally published by CyberCrypt here.When you store your valuable items in a safe deposit box, do you leave your key to that box with the bank? Of course not. Although you might trust your banker, you keep control of that key. Otherwise, if it fell into the wrong hands, you might...

Cloud Network Virtualization: Benefits of SDN over VLAN

Blog Published: 06/25/2021

Written by the members of the Security Guidance Working GroupAll clouds utilize some form of virtual networking to abstract the physical network and create a network resource pool. Typically the cloud user provisions desired networking resources from this pool, which can then be configured within...

Cybercriminals Ramp Up Attacks on Healthcare, Again

Blog Published: 06/24/2021

This blog was originally published by Ericom here Written by James Lui, Ericom Sometimes, even knowing what’s coming can’t help you stop it. Cybersecurity experts anticipated an increase in cyberattacks on healthcare organizations during 2021. And sure enough, by the end of April, 30 US hospita...

​Continuous Security Control Enforcement & Governance in the Cloud Ecosystem

Blog Published: 06/23/2021

Written by Raghvendra Singh, Head, Cloud Security CoE, Cyber Security Unit, TCS Digital transformation across industries has witnessed unprecedented acceleration in recent times. Cloud, with its greater flexibility, agility, resilience, and scalability, is invariably the cornerstone technology...

Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass

Blog Published: 06/22/2021

This blog was originally published by Sysdig hereWritten by Stefano Chierici, SysdigThe CVE-2021-25735 medium-level vulnerability has been found in Kubernetes kube-apiserver that could bypass a Validating Admission Webhook and allow unauthorised node updates.The kube-apiserver affected are:kube-a...

Better Together: The Future of CASBs and SWGs

Blog Published: 06/21/2021

This blog was originally published by Bitglass hereWritten by Jacob Serpa, BitglassWe’ve established before that cloud access security brokers (CASBs) and secure web gateways (SWGs) do not compete and are, in fact, complementary security tools. However, in addition to this, there is overlap betwe...

How to Earn Continuing Education Credits: Cloud Security Events, Training, and Resources

Blog Published: 06/18/2021

What are Continuing Education Credits?Continuing Education Credits are a requirement for maintaining professional certifications in fields like cloud security, cybersecurity, and IT. These credits are necessary for certifications such as CISSP from (ISC)2 or CISA from ISACA. Earning credits ensur...

​CCSK Success Stories: From a Cloud Trust Associate

Blog Published: 06/17/2021

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

​Securing a new world of hybrid work: What to know and what to do

Blog Published: 06/16/2021

This blog was originally published by Microsoft Security here Written by Vasu Jakkal, Corporate Vice President, Security, Compliance and Identity, Microsoft The cybersecurity landscape has fundamentally changed, as evidenced by large-scale, complex attacks like Nobelium, Hafnium, and more rec...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
107
108
109
111
113
114
115
Last »