Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Listen Now: 'Real-Talk on Opportunities for Security Teams to Fight AI with AI'

All Articles

Home
All Articles
Cloud Security Alliance, Tiro Security Partner to Offer Complimentary Cloud Certification Exam to Cybersecurity Women, Minorities in nextCISO Program

Press Release Published: 11/17/2020

Program to help minorities advance career path to CISOSEATTLE – Nov. 17, 2020 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that it has partner...

Circle - The Most Vital Cybersecurity Community

Blog Published: 11/16/2020

Written by Jaclyn Parton, Marketing Coordinator at CSA At CSA, building community is at the core of our mission. Since our beginning in 2009, CSA has been providing a forum through which diverse parties, such as CISOs, security practitioners, students, professors, and all of the cybersecurity pr...

Seven Steps to defining the art of the possible in DevOps

Blog Published: 11/14/2020

By Craig Thomas from the CSA Washington DC Chapter and VP of Engineering at C2 LabsWe all love buzzwords, and one over the last couple/few years has been DevOps. What in the world does it mean? I have talked to people that think it means Agile/SCRUM methodology, while others think it is just Dock...

​California Privacy Rights Act: What Are the Consequences for Cloud Users?

Blog Published: 11/13/2020

Francoise Gilbert, DataMinding, Inc.California voters approved Proposition 24 on November 3, 2020, paving the way to the California Privacy Rights Act (CPRA), which, on January 1, 2023, will replace California’s current data protection law, the California Consumer Privacy Act (CCPA). CPRA slightl...

Cloud Network Security 101: Azure Virtual Network Service Endpoints

Blog Published: 11/12/2020

By Becki Lee, Fugue, Inc.Originally published on Fugue’s Website on October 8, 2020Level: AdvancedReading Time: 4 minutesMicrosoft Azure offers two similar but distinct services to allow virtual network (VNet) resources to privately connect to other Azure services. Azure VNet Service Endpoints an...

The Way You Protect Your Customers' Data Is Fundamentally Changing

Blog Published: 11/10/2020

By WhisticAs an InfoSec professional, you’ve seen your fair share of growth and change in the industry. Information security presents an interesting challenge because the technology is actively solving for very real threats and risks. As the technology used by malicious forces grows and expands i...

What is cloud security? How is it different from traditional on-premises network security?

Blog Published: 11/09/2020

Cloud is also becoming the back end for all forms of computing, including the ubiquitous Internet of Things and is the foundation for the information security industry. New ways of organizing compute, such as containerization and DevOps are inseparable from cloud and accelerating the digital revo...

Cloud Security Alliance Releases Key Management in Cloud Services: Understanding Encryption's Desired Outcomes and Limitations

Press Release Published: 11/09/2020

Document illustrates use of four key management patterns with cloud services, provides usage recommendations for managing data privacy, security expectationsSEATTLE – Nov. 9, 2020 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of b...

SaaS Security Series: Salesforce Guest User Log Analysis

Blog Published: 11/05/2020

By Drew Gatchell, Senior Engineer at AppOmniIn early October, Security Researcher Aaron Costello published a blog detailing how to leverage Aura (aka Lightning) Controllers as an anonymous guest user to extract and manipulate data within a misconfigured Salesforce Community, Portal, or Site.This...

CCSK Success Stories: Cloud Security Education and the Digital Transformation

Blog Published: 11/04/2020

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

The 10 Best Practices in Cloud Data Security

Blog Published: 11/03/2020

By Branden Morrow from TokenExCloud Data Security Best Practices OverviewWhat exactly is cloud data security?Cloud security is the culmination of technologies and procedures that secure cloud computing environments against cybersecurity threats originating externally and internally. With cloud co...

Why lions shouldn’t invest in DeFi Smart Contracts

Blog Published: 11/02/2020

By Kurt Seifried, Chief Blockchain Officer at Cloud Security AllianceThis article is not legal or investment advice, it covers some aspects of front running in DeFi, and potential security solutions. This article also assumes you have a relatively deep understanding of the following Blockchain/DL...

Five Actions to Mitigate the Financial Damage of Ransomware

Blog Published: 10/30/2020

By Eran Farajun, Executive Vice President at Asigra, Inc.Ransomware attacks have become a regular occurrence for organizations today, with events that are increasingly targeted, sophisticated, and costly. According to recent reports by the Federal Bureau of Investigation[1], cybercriminals are ta...

Cloud Security: The Necessity of Threat Hunting

Blog Published: 10/28/2020

By the CSA Minnesota Chapter What is threat hunting? Threat hunting is the proactive search for real and potential threats that may be hidden in a network’s environment. These threats are tricky and malicious and are designed to pass through endpoint defenses undetected. If unfound, these attack...

6 Data Governance Best Practices in 2020

Blog Published: 10/27/2020

By Dillon Phillips from TokenExData governance is an essential practice in today’s digital landscape, but it's a broad topic that needs to be deeply understood in order to be implemented efficiently and effectively. Building on the information we introduced in our previous post (“What is Data Gov...

Over 200 Documented Blockchain Attacks, Vulnerabilities and Weaknesses

Blog Published: 10/26/2020

Blockchain attacks are very hot right now for one simple reason: it’s where the money is. If you attack and compromise a database you need to take that data and then sell it to monetize your attack. If you compromise a web server you need to install some malware to harvest credit card details, an...

​Vendor Management Software Evaluation: How to Get Executive Buy-In

Blog Published: 10/23/2020

Written by WhisticFor most InfoSec teams, the benefits of a vendor risk management platform are well defined. From making it easier to mitigate third-party risk to ensuring your internal team and external vendors are on the same page, vendor management software is a must-have in today’s open-sour...

​Mitigation Measures for Risks, Threats, and Vulnerabilities in Hybrid Cloud Environment

Blog Published: 10/22/2020

Hybrid clouds are often the starting point for organizations in their cloud journey. However, any cloud model consists of risks, threats, and vulnerabilities. Earlier this year, the Hybrid Cloud Security Working Group examined hybrid cloud model risks, threats, and vulnerabilities in its ‘Hybrid ...

Data Privacy vs. Data Security: What is the Core Difference?

Blog Published: 10/20/2020

This blog was originally published on TokenEx.Written by Dillon Phillips from TokenExFor organizations that collect or manage data—and individuals who own it—private data and the security of that data should not be taken lightly. They are primary concerns when undertaking the process of protectin...

How secure are your SaaS applications?

Blog Published: 10/19/2020

Written by Ian Sharpe, Product Leader at AppOmni The dynamic nature of protecting the enterprise technology stack has always been a challenge for security teams. The complexities of this year, however, have forced teams to consider a new set of paradigms and additional risks given the abrupt shif...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
109
110
111
113
115
116
117
Last »