Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
Why is Data Resilience Important?

Blog Published: 10/18/2022

Originally published by ShardSecure here. Written by Marc Blackmer, VP of Marketing, ShardSecure. What is data resilience? Data resilience can mean different things to different organizations. As a Carnegie Mellon University literature review notes, the concept of resilience is often used ...

Why Gaming Companies Should Follow the MPA’s Lead

Blog Published: 10/18/2022

Originally published by Ericom here. Written by Tova Osofsky, Ericom. Grand Theft Auto 6 Leaks Hit Rockstar Hard In the wake of what they characterized as a “network intrusion in which an unauthorized third party illegally accessed and downloaded… early development footage for the next G...

Understand. Automate. Eliminate. How to Manage Cloud Infrastructure Risk Today.

Blog Published: 10/20/2022

Originally published by Secberus here. Written by Fausto Lendeborg, Co-founder and Chief Customer Officer, Secberus. When it comes to governing risk (specifically when remediating cloud infrastructure misconfigurations) there are three common goals we hear from security leaders: Understand you...

How to Wrap Your Cybersecurity Plan Around an Attacker’s Mindset

Blog Published: 10/20/2022

Originally published by Ermetic here. Written by Diane Benjuya, Ermetic. Have you ever wondered why an attacker might be interested specifically in your organization? In this post we deconstruct the attacker’s PoV and what you can do to defend against it.Understanding the attacker’s point of v...

Everything You Need to Know About Social Engineering

Blog Published: 10/20/2022

Originally published by BARR Advisory here. Written by Claire McKenna, BARR Advisory. Uber is the latest prominent company to have a security breach as a result of social engineering. They’re not alone—just this year, Microsoft, Okta, and Cisco have all had security incidents due to social eng...

Misconfigurations 101: The Three V’s of SaaS App Configurations Weaknesses

Blog Published: 10/14/2022

Originally published by Adaptive Shield here. The ease with which SaaS apps can be deployed and adopted is remarkable, but it has quickly become a double-edged sword. On one hand, the availability of SaaS tools enables employees to work from anywhere. For IT and security teams however, the ado...

Top Threat #5 to Cloud Computing: Insecure Software Development

Blog Published: 10/17/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of work...

SOARs vs. No-Code Security Automation: The Case for Both

Blog Published: 10/17/2022

Originally published by The New Stack. Also published by Torq here. Written by Chris Tozzi, Torq. Just a few years ago, security orchestration, automation and response (SOAR) was the new buzzword associated with security modernization.Today, however, SOAR platforms are increasingly assuming a ...

CCSK Success Stories: From a Regional Information Security Officer

Blog Published: 10/23/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverag...

7 Best Practices for Cloud Incident Response

Blog Published: 10/18/2022

Originally published by Mitiga here. Written by Matthew Stephen, Mitiga. You may have heard the saying that it is not a matter of “if” but “when” you will experience a breach. An attack could be targeted or opportunistic, performed by a nation-state or a less sophisticated threat actor, focuse...

Zero Day Remediation Tips: Preparing for the Next Vulnerability

Blog Published: 10/19/2022

Originally published by ThirdPartyTrust here. Written by Sabrina Pagnotta, ThirdPartyTrust. Software vulnerabilities are inevitable, but you can reduce their impact by acting fast. Follow these zero day remediation tips if you think your organization might be vulnerable to a newly discovered z...

Transform Your Cybersecurity Landscape with Governance-Driven Cloud Security

Blog Published: 10/19/2022

Written by Sanjay Karandikar, Global Practice Head, Identity & Access Management, Cybersecurity & GRC Services, HCLTech. Cloud adoption cannot wait. Gartner analysts say that from 30% in 2021, over 95% of new digital workloads will be hosted on cloud-native platforms by 2025. It reaps ...

The String (Cheese) Theory of Zero Trust

Blog Published: 10/19/2022

Originally published by CXO REvolutionaries here. Written by Martyn Ditchburn, Director of Transformation Strategy, Zscaler. I regularly get asked, “How did you drive the change from the traditional data center and legacy architecture to a new paradigm of 100% cloud, DevNetSecOps, and zero tru...

The Quiet Victories and False Promises of Machine Learning in Security

Blog Published: 10/24/2022

Originally published by Dark Reading and Sysdig. Written by Anna Belak, Sysdig. Contrary to what you might have read on the Internet, machine learning (ML) is not magic pixie dust. It’s a broad collection of statistical techniques that allows us to train a computer to estimate an answer to a q...

What is a Cryptogram on a Credit Card?

Blog Published: 10/25/2022

Originally published by TokenEx here. Written by Anni Burchfiel, TokenEx. Quick Hits: EMV chip cards use cryptograms to secure cardholder data every time a transaction is made.Cryptograms validate transactions by verifying the identity of both the card and the approval from the issuer.Cryptogr...

3 Frictionless Strategies to Boost Your GCP IAM

Blog Published: 10/26/2022

Originally published by Britive here. Written by Sage Avarda, Britive. Building on Google Cloud Platform (GCP) allows DevOps teams to collaborate and create with little restriction, which results in quick turnaround time and an overall increase in market velocity. GCP provides a decent identit...

Data Security Posture Management vs Cloud Security Posture Management

Blog Published: 10/26/2022

Originally published by Sentra here. It was only a few years ago that we thought ‘Cloud Security Posture Management’ was going to bring the ultimate level of security to the cloud. But we’re already discovering that while CSPM is doing a good job of finding infrastructure vulnerabilities, da...

The Need for SAP Security in the Utilities Sector

Blog Published: 10/27/2022

Originally published by Onapsis here. It’s no secret cyberattacks have become more advanced over the last few years. Industries that are critical to everyday life have seen, firsthand, the debilitating impact cyberattacks can have. Critical infrastructure, such as the informational technology ...

What is SOC 2? Complete Guide to SOC 2 Reports and Compliance

Blog Published: 10/27/2022

Originally published by A-LIGN here. Written by Stephanie Oyler, Vice President of Attestation Services, A-LIGN. In today’s security landscape, it’s crucial you assure your customer and partners that you are protecting their valuable data. SOC compliance is the most popular form of a cybersecu...

Cloud IAM Done Right: How LPA Helps Significantly Reduce Cloud Risk

Blog Published: 10/28/2022

Originally published by Rapid7 here. Written by Sanjeev Williams, Senior Director, Cloud Security Products, Rapid7.Today almost all cloud users, roles, and identities are overly permissive. This leads to repeated headlines and forensic reports of attackers leveraging weak identity postures to ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
113
114
115
117
119
120
121
Last »