Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog

All Articles

Home
All Articles
Cloud Key Management 101: Cryptographic Keys and Algorithms

Blog Published: 08/17/2022

The top cloud security threat in 2022 is insufficient identity, credential, access, and key management. Key Management Systems (KMS), including hardware security modules and other cryptographic tools, are commonly used to address this threat.While different KMS offerings provide varying capabi...

Using AI/ML to Create Better Security Detections

Blog Published: 08/19/2022

Originally published by LogicHub here. Written by Anthony Morris, Solution Architect, LogicHub. The blue-team challenge Ask any person who has interacted with a security operations center (SOC) and they will tell you that noisy detections (false positives) are one of the biggest challenges. Th...

Top Threat #3 to Cloud Computing: Misconfiguration and Inadequate Change Control

Blog Published: 08/22/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of work...

Tales from the Dark Web: How Tracking eCrime’s Underground Economy Improves Defenses

Blog Published: 08/22/2022

Originally published by CrowdStrike here. Written by Bart Lenaerts-Bergmans, CrowdStrike. Ransomware is not new; adversarial groups have relied on compromises for many years. However, over the past 2-3 years, their strategy has started to shift toward a more community based business model enab...

Analyzing the Travis CI Attack and Exposure of Developer Secrets

Blog Published: 08/23/2022

Originally published by Open Raven here. Written by Michael Ness, Security Researcher, Open Raven. IntroductionThe Continuous Integration (CI) platform Travis CI was recently victim of a research based attack, where researchers from Aqua security were able to obtain approximately 73,000 sensit...

How Can Transit Gateway VPC Flow Logs Help My Incident & Response Readiness?

Blog Published: 08/26/2022

Originally published by Mitiga here. Written by Or Aspir, Mitiga. On July 14th 2022, AWS announced a new capability: flow logs for Transit Gateway. Transit Gateway VPC flow logs allows users to gain more visibility and insights into network traffic on the Transit Gateway.AWS highlights these...

CCSK Success Stories: From a Project Manager of Certificate Policy

Blog Published: 08/27/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverag...

Comments on the Extensible Visibility Reference Framework (eVRF) Program Guidebook

Blog Published: 08/23/2022

Originally published by Gigamon here. Written by Orlie Yaniv and Ian Farquhar, Gigamon. Editor’s note: Gigamon is very happy to see the CISA’s recent work on formalizing and structuring what visibility means and assessing its efficacy. As Zero Trust accelerates, visibility becomes a key f...

The State of Cloud Data Security

Blog Published: 08/22/2022

We know that the cloud is ever growing in popularity, with new organizations undergoing their digital transformations each day. However, when it comes to security, particularly the security of our most sensitive data, are organizations keeping up with the pace of cloud adoption?To answer this ...

Cloud Security is Broken but it Doesn’t Have to Be

Blog Published: 08/23/2022

Originally published by Dazz here. Written by Tomer Schwartz, Co-founder & CTO, Dazz. Continuous Delivery is Here to StayDevelopment is in the cloud in a big way. Modern engineering teams have built continuous integration pipelines, pulling together code repositories, continuous integratio...

Trends in Cybersecurity Breaches

Blog Published: 08/25/2022

The complete blog was originally posted by Alert Logic on July 7, 2022. Written by Antonio Sanchez. You may be used to hearing that cyberattacks are becoming more widespread and destructive every year. Recent world events are underscoring the point. COVID-19 left a lasting mark on our workin...

Writing Good Legislation is Hard

Blog Published: 08/22/2022

It’s hard to write good legislation. Recently H.R.7900 - National Defense Authorization Act for Fiscal Year 2023 came out. It includes the following text:At first glance, the intent seems reasonable. Vendors need to include an SBOM for their software and services, and any known vulnerabilities...

SOC 1, SOC 2, and SOC 3 Reports: Type 1, Type 2, or Readiness Assessment?

Blog Published: 08/26/2022

Originally published by A-LIGN here. Written by Alex Welsh, Manager, ISO Practice, A-LIGN. SOC reports are gaining in popularity across industries and across the globe. More and more customers are asking for demonstrated SOC compliance, and independent cybersecurity control validation and atte...

Data Security Compliance in the Age of “Work from Anywhere, on Any Device”

Blog Published: 08/29/2022

Originally published by Ericom here. Written by Peter Fell, Ericom. Customer protection and data security regulations vary significantly across industries and compliance requirements vary with them. Rigorously controlling sensitive data and safeguarding it against misuse, exposure and exfiltra...

Building a Shadow IT Policy: What CEOs, CTOs, and CISOs Need to Know

Blog Published: 08/29/2022

Originally published by ThirdPartyTrust here. Written by Sabrina Pagnotta, ThirdPartyTrust. When a US contact-tracing company exposed the details of 70,000 individuals, the term Shadow IT resonated: employees had used Google accounts for sharing data as part of an “unauthorized collaboration c...

Improve Visibility in Cyberattacks with Cybersecurity Asset Management

Blog Published: 08/24/2022

Originally published by Axonius here. Written by Kathleen Ohlson, Axonius. Google issued three emergency security updates, in as many weeks, to all of its 3.2 billion users of its Chrome browser. One was for a high-severity zero-day vulnerability that attackers exploited. Okta’s platform exper...

Securing Australia's Critical Infrastructure

Blog Published: 08/24/2022

Originally published by Onapsis here. For more than a decade, cyberattacks on critical infrastructure have been growing as core systems, like power generation and distribution, have become more complex and reliant on networks of connected devices. In fact, over the past 18 months, we’ve seen a...

Rise of Cloud Computing Adoption and Cybercrimes

Blog Published: 08/24/2022

Originally published by HCL Technologies here.Written by Sam Thommandru, VP, Global Alliances and Product Management, Cybersecurity & GRC Services, HCL Technologies. The COVID-19 pandemic has caused a major disruption in the business leaders’ perspectives of their company’s’ requirements. ...

Defending Against Email Attacks Means Optimizing Your Team (Not Just Your Tech)

Blog Published: 08/25/2022

Originally published by CXO REvolutionaries here. Written by Heng Mok, CISO APJ, Zscaler. Social Engineering is Still Very Much in Style Among Attackers Though cybersecurity is a swiftly evolving field, one principle remains constant: it’s often easier to fool people than to circumvent securit...

Defending Your Enterprise Against a Sea of Increasingly Stringent Data Privacy Laws

Blog Published: 08/25/2022

Originally published by Thales here.Written by Krishna Ksheerabdhi, VP, Product Marketing, Thales.While international privacy regulations are front and center in much of the press I’d like to turn your attention to a developing patchwork of US Federal and State privacy regulations in this post...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
107
108
109
111
113
114
115
Last »