Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Using CSA’s Implementation Guide for SAP to securely migrate and operate ERP applications in the cloud.

Blog Published: 10/09/2020

By Juan Perez-Etchegoyen, chair of the Enterprise Resource Planning working group, and CTO of Onapsis.With the increasingly growing adoption of cloud models across Enterprise Resource Planning (ERP) applications, organizations need to increase the level of attention and controls provided to the ...

New 2020 Survey Report on Security Practices in HPC & HPC Cloud

Blog Published: 10/08/2020

Written by: Guan Sin Ong and Andrew HowardWith the current trend of HPC workloads and infrastructure increasingly becoming cloud-like (e.g., resource pooling, rapid elasticity, on-demand self-service), or interacting with the cloud (e.g., bursting), security will become a greater concern at an ac...

Cloud Security Alliance Announces Recipients of 2020 Ron Knode Service Awards

Press Release Published: 10/07/2020

Volunteers recognized for dedication, efforts to furthering cloud security best practicesSEATTLE – Oct. 7, 2020 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, t...

Complementing Your CSPM with Runtime Cloud Workload Protection

Blog Published: 10/07/2020

Written by IntezerThere are many solutions available for securing your cloud applications and workloads. Even after doing your due diligence and making an investment, it can take a long time to provide value. CISOs report Cloud Security Posture Management (CSPM) and other pre-runtie vulnerability...

Improving Data Security for SaaS Apps - 5 Key Questions every CISO needs to ask

Blog Published: 10/06/2020

By Matt Hines, VP of Marketing at CipherCloud & Neeraj Nayak, Sr. Product Marketing Manager at CipherCloud Summary: The rapid uptake of game-changing SaaS applications has been transforming the way organizations do business long before COVD-19 emerged and the remote workforce exploded overn...

AWS Security Best Practices: Cloud Security Report 2020 for InfoSec

Blog Published: 10/05/2020

By CloudPassageThis year, many companies have made a rapid shift to the cloud in response to the enduring COVID-19 pandemic. By adopting new IaaS and PaaS solutions or expanding their existing footprints in the cloud, companies are able to support a growing work-from-anywhere workforce. However, ...

No Free Rides With Your OAuth Tokens

Blog Published: 10/03/2020

By Ian Sharpe, Product Leader at AppOmni It’s just another typical Wednesday in May. You’ve received an email from one of your contacts, someone with whom you haven’t spoken to in years. They’ve shared a Google Docs with you. It seems a bit odd, but you’re curious, so you click on the “Open in D...

Shared Responsibility Model Automation: Automating Your Share Part 2

Blog Published: 09/30/2020

By CloudPassageIn Part 1 of our Shared Responsibility blog series, we provided a detailed overview to help you understand security in a public, hybrid or multi-cloud environment. We broke down the infrastructure stack, explained the responsibilities taken by the cloud service provider, and where ...

CSA Security Trust Assurance and Risk (STAR) Registry Reaches Significant Milestone with 1,000 Entries

Press Release Published: 09/30/2020

Registry is world’s largest repository of cloud provider security testimonialsSEATTLE – Sept. 30, 2020 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, announced ...

Registration Open for Cloud Security Alliance EMEA Congress 2020

Press Release Published: 09/29/2020

Virtual event to provide educational, practical advice on core topics critical to cloud ecosystemSEATTLE – Sept. 29, 2020 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing env...

RECON (CVE-2020-6287) and its impact on Cloud Applications

Blog Published: 09/29/2020

By Shamun Mahmud, Sr. Research Analyst at Cloud Security AllianceKey takeawaysCloud adoption is growing when it comes to ERP ApplicationsERP Applications in the cloud can be vulnerable security issues and organizations need to apply the proper security controls and patches.IntroductionThe RECON v...

Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks

Blog Published: 09/28/2020

By Nicole Fishbein, Malware Analyst and Reverse Engineer at IntezerTeamTNT is a cybercrime group that targets cloud environments including Docker and Kubernetes instances. The group has been previously documented using several tools including crypto-miners and Amazon Web Services (AWS) credential...

The Quantum Threat to Cyber Security — How to Prepare for Risk Mitigation

Blog Published: 09/27/2020

By Dr. Itan Barmes, Cryptography Expert, Deloitte Cyber Risk ServicesA “new” threat in the security landscapeThe cyber security landscape is becoming more complex with the regular introduction of new threat vectors. A cyber threat that is now gaining more attention is the potential ability of a l...

DevOps Security Automation: AWS Cloud Security Report 2020 for DevSecOps

Blog Published: 09/25/2020

By CloudPassageIn a DevOps environment, software and feature delivery happen in real time. Security, while critical to your company, cannot become a bottleneck. InfoSec and DevOps leadership are searching for the best ways to bridge the gap between their two organizations in order to better secur...

​Building a Secure Amazon S3 Bucket

Blog Published: 09/23/2020

By Josh Stella, Co-Founder and CTO, FugueOriginally Published at fugue.co/blog on Sept 8, 2020Much has been said about Amazon S3 security on Amazon Web Services (AWS) in the press and technical publications, and much of it is oversimplified and of limited practical use. Amazon S3 is an incredibly...

Cloud Security Alliance Releases Top Threats to Cloud Computing: Egregious 11 Deep Dive; Articulates Cloud Computing’s Most Significant Issues

Press Release Published: 09/23/2020

Case studies provide understanding of how lessons and mitigation concepts can be applied in real-world scenarios with identity and access management controls the most relevant mitigationSEATTLE – Sept. 23, 2020 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to de...

CCSK Success Stories: From the Head of IT at a Financial Services Company

Blog Published: 09/22/2020

Written by Faisal Yahya, Head of IT - Cybersecurity and Insurance Enterprise Architect, PT IBS Insurance Broking ServiceThis is the fifth part in a blog series on cloud security education, in which we will be interviewing Faisal Yahya, Head of IT - Cybersecurity and Insurance Enterprise Architect...

Is your vendor platform future proof?

Blog Published: 09/21/2020

Written by WhisticIn the last few years, the InfoSec and data privacy sectors have grown exponentially. From on-premise hardware and servers to fully adopting cloud-based, SaaS-focused security workflows, the InfoSec world of 2020 looks much different from ten years ago. If you’re like most InfoS...

Quantum Bitcoin

Blog Published: 09/19/2020

By Dr. Jonathan Jogenfors, Quantum Bitcoin Inventor, Hacker, Atea Senior Information Security Consultant, CSA Blockchain Cybersecurity and Privacy Best Practices Group AdvisorMoney requires copy protection. If banknotes or coins could be forged, they would hardly be usable in daily life. Blockcha...

​Polyrize Launches Its Inaugural Shadow Identity Report

Blog Published: 09/17/2020

Key trends and challenges in securing cloud identities and privilegesPolyrize, an innovator in managing and securing privileges and identity access across the public cloud, today launched its 2020 Shadow Identity Report, developed by its new SaaS Threat Labs Team. The report covers key trends and...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
116
117
118
120
122
123
124
Last »