Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Upending Old Assumptions in Security

Blog Published: 08/03/2020

By Wendy Nather, Head of Advisory CISOs at DuoEvery time you think you’ve figured out this risk management thing, something else happens to torpedo your hidden assumptions. Remember when we assumed that an IP address was a pretty good indicator of someone’s physical location and origin, so a netw...

Strong MFA: The First Stop on the Path to Passwordless

Blog Published: 07/31/2020

By Andrew Hickey, Director of Content at DuoStrong MFA: The First Stop on the Path to PasswordlessPasswords, the antiquated security mechanism in place since the 1960’s, have since their inception caused user and administrative frustration due to their complexity and frequent resets. As technolog...

CSA’s SECtember Experience to Provide a Month of Vital Expert Briefings

Press Release Published: 07/28/2020

CloudBytes webinar series to guide participants’ race to the cloud, offers CPE creditsSEATTLE – July 28, 2020 – The Cloud Security Alliance (CSA), the global leader of the secure cloud ecosystem, today announced the SECtember Experience (Sept. 8-25), a webinar series that will provide a preview ...

Implementing a Vendor Assessment Platform? Tips for Long-Term Success

Blog Published: 07/27/2020

By the Whistic TeamProactive vendor security is no longer just a buzzword tossed about in InfoSec conversations—it’s a must-have for cloud-based organizations to differentiate themselves from peers and vendors in a competitive landscape. As data security is working its way up the list of corporat...

​Schrems 2 – 12 FAQs Published by the EDPB but Little Practical Guidance

Blog Published: 07/24/2020

By Francoise Gilbert, CEO, DataMinding, Inc.Since the publication of the European Court of Justice (EUCJ) decision in the Schrems 2 case, businesses located on both sides of the Atlantic, and around the world, have been attempting to determine how they should interpret and act upon the decision. ...

Healthcare Big Data in the Cloud Summary

Blog Published: 07/23/2020

By Dr. Jim Angle, Trinity Health, and Alex Kaluza, Cloud Security AllianceIn the modern age of technology and all the ways that it impacts our lives, healthcare is no exception. The use of cloud computing, big data analytics, and the move to consumer-focused health care is changing the way health...

How Hackers Changed Strategy with Cloud

Blog Published: 07/21/2020

By Drew Wright, Co-Founder of FugueOriginally published June 30, 2020 on https://www.fugue.co/blogIf you’re running a workload in the cloud, take a moment to look at the activity logs for your public-facing resources. There’s bad guys there, and they’re probing your cloud infrastructure looking f...

​The Mobile App Testing Landscape

Blog Published: 07/20/2020

Written by: Henry Hu, Co-Chair, MAST Working Group & CTO, Auriga Security, Inc. and Michael Roza, Member, MAST Working GroupCloud computing accelerates the development and real-time use of applications, which drives personal productivity and business agility. However, with the proliferation o...

EU Court of Justice Decision - Privacy Shield Invalidated; Standard Clauses Challenged​​

Blog Published: 07/16/2020

European Court of Justice Schrems 2 Decision Creates Havoc in Global Digital Exchanges: Significant Challenges to Privacy Shield and Standard Contractual Clauses UsersBy Francoise Gilbert, CEO, DataMinding, Inc.For months, the global digital trade community has been awaiting the decision of the E...

Abusing Privilege Escalation in Salesforce Using APEX

Blog Published: 07/16/2020

By Nitay Bachrach, Senior Security Researcher, PolyrizeThis article describes in detail a Salesforce privilege escalation scenario whereby a malicious insider exploits Author Apex permission to take over an organization’s Salesforce account and all data within it. The user abuses the fact that so...

​Understanding Common Risks in Hybrid Clouds

Blog Published: 07/14/2020

Written by:ZOU Feng, Co-Chair, Hybrid Cloud Security WG & Director of Cloud Security Planning and Compliance, HuaweiNarudom ROONGSIRIWONG, Co-Chair, Hybrid Cloud Security WG & SVP and Head of IT Security, Kiatnakin BankGENG Tao, Senior Engineer of Cloud Security Planning and Compliance, H...

​Securing the multi-cloud environment through CSPM and SSPM

Blog Published: 07/13/2020

By the CipherCloud TeamMisconfigurations are the biggest cause of data breaches in the cloud, exposing more than 33 billion records and costing companies close to $5 trillion in 2018 and 2019. - DivvyCloudIt took decades to convince IT leaders to move to the cloud. In the initial years, cloud ado...

Cryptocurrencies, Digital assets, Tokens and Blockchain maturity is coming soon

Blog Published: 07/10/2020

By Kurt Seifried, Chief Blockchain Officer, CSTautology - a statement that is true by necessity or by virtue of its logical form.Blockchains are going to rapidly gain maturity because people are using blockchains, because they are rapidly gaining maturity. Essentially we’re at the inflection poin...

What Does Proactive Vendor Security Mean?

Blog Published: 07/10/2020

By the Whistic TeamAs an InfoSec professional, you have probably heard the term “proactive vendor security” tossed around. But what exactly does proactive vendor security mean?Looking for a deeper meaningOn the surface, proactive is the opposite of reactive. Instead of waiting around for issues, ...

Night of the Living Cloud (aka CSA Federal Summit) Part 1 of 2

Blog Published: 07/09/2020

By Jim Reavis, Co-founder and Chief Executive Officer, CSAIf you want to get a feel for what the zombie apocalypse might be like, I highly recommend taking a business trip right now. It provides a surreal experience without the hassle of someone trying to eat your brains. It was thus for me as I ...

New Paper Offers Practical Guidance on Automating Security in DevSecOps

Blog Published: 07/07/2020

By Souheil Moghnie, NortonLifeLock Today, SAFECode is excited to join the Cloud Security Alliance in sharing a new report offering practical guidance on integrating security automation into the software development lifecycle. The paper, The Six Pillars of DevSecOps: Automation, was developed in c...

Cloud Security Alliance Publishes New Paper, The Six Pillars of DevSecOps: Automation

Press Release Published: 07/07/2020

Document provides practical advice for integrating automated security into software development lifecycleSEATTLE– July 7, 2020 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud com...

FTC Guidance - Six Steps Toward More Secure Cloud Computing

Blog Published: 07/06/2020

By Francoise Gilbert – DataMinding, Inc.The June 15, 2020 FTC Blogpost, titled Six Steps Towards More Secure Cloud Computing provides a concise, valuable checklist for businesses that use or intend to use cloud services, so that they make their use of cloud services safer. The document is a remin...

Cloud Risk Management

Blog Published: 07/02/2020

By Ashwin Chaudhary with AccedereCloud Risk Management is an important aspect in today’s world where majority of the organizations have adopted the cloud in some form or the other. Cloud risks continue to remain high for a CISO or a CIO and is gaining more importance in today’s world where more o...

Data Discovery to Rescue Historical Data from Compliance Violations

Blog Published: 07/01/2020

By Ishani Sircar, Product Marketing Manager at CipherCloudAs technology evolved and the world migrated to the cloud, the amount of data in the cloud increased at a rapid pace and most organizations in trying to keep pace overlooked security best practices. Organizations are sitting on tons of hi...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
118
119
120
122
124
125
126
Last »