Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog

All Articles

Home
All Articles
Manual vs. SSPM: Research on What Streamlines SaaS Security Detection and Remediation

Blog Published: 12/07/2022

Originally published by Adaptive Shield. Written by Zehava Musahanov, Adaptive Shield. When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However...

Zero Trust is Key to Supply Chain Security

Blog Published: 12/07/2022

Originally published by CXO REvolutionaries. Written by Jeff Lund, Global CISO - Global Information Security, Marsh McLennan. When former director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Chris Krebs spoke at Black Hat 2022, he highlighted two factors that regularly ...

What Is eBPF and What Are Its Use Cases?

Blog Published: 12/08/2022

Originally published by Tigera. Written by Reza Ramezanpour, Tigera. With the recent advancements in service delivery through containers, Linux has gained a lot of popularity in cloud computing by enabling digital businesses to expand easily regardless of their size or budget. These advancemen...

Data States Security Experts Unhappy With Traditional Tokenization

Blog Published: 12/08/2022

Originally published by Titaniam. Titaniam’s 2022 State of Enterprise Tokenization Survey shows that the vast majority of cybersecurity experts are dissatisfied with their current tokenization tools. In fact, despite spending 1 million dollars annually on tokenization security tools, 99% of re...

The Role Of ITSM In The Cloud, DevSecOps, And Container Era

Blog Published: 12/09/2022

Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. Over the last two decades, ITIL has become the de-facto industry standard for managing IT services. IT service management tools and processes were developed and implemented to execute I...

New Kiss-a-Dog Cryptojacking Campaign Targets Vulnerable Docker and Kubernetes Infrastructure

Blog Published: 12/09/2022

Originally published by CrowdStrike on October 26, 2022. Written by Manoj Ahuje, CrowdStrike. CrowdStrike has uncovered a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “...

5 Common Problems in ISO 27701 Certifications

Blog Published: 12/12/2022

Originally published by Schellman. Written by James Hunter, Schellman. If you’ve ever been in a car with someone who takes a speedbump anywhere above 10mph, at the time, you’ve probably thought, “didn’t you see that coming?!” Or maybe, “why didn’t they avoid that giant bump in the road?”Speedb...

The Latest PKI and IoT Trends Study from Ponemon is Out, and Here's What We Found

Blog Published: 12/12/2022

Originally published by Entrust. Written by Samantha Mabey, Entrust. The 2022 PKI and IoT Trends Study conducted by the Ponemon Institute is out, and Entrust is pleased to be the sponsor for the 8th consecutive year. Just to recap, the survey collects feedback from over 2,500 IT professionals ...

Unpatched ERP Vulnerabilities Haunt Organizations

Blog Published: 12/12/2022

Originally published by Onapsis. The challenge of how to identify vulnerabilities, prioritize patches, and prevent cyberattacks targeting business-critical Enterprise Resource Planning (ERP) data and systems is keeping cybersecurity professionals up at night. Don’t let unpatched ERP vulnerabi...

Preventing Unauthorized Usage of Non-Person Entities (NPEs)

Blog Published: 12/08/2022

Originally published by TrueFort. Written by Trish Reilly, TrueFort. What is an “NPE”? For those of you not working at a Federal agency, the acronym ‘NPE’ may be foreign. Or you may know it as service accounts for non-federal organizations. Like any other industry, the US Federal government ...

Altruism in Information Security, Part 3: Effort (and Sacrifice) in Execution

Blog Published: 12/13/2022

Originally published by Tentacle. Written by Matt Combs, Tentacle. I could not wrap up this blog series without at least taking some time to acknowledge and speak to the amount of effort that is truly required to pull off a proper information security program. There are so many InfoSec profess...

The Four Horsemen of Network Security

Blog Published: 12/09/2022

Originally published by Netography. Written by Martin Roesch, CEO, Netography. One of the fundamental organizing principles for network security is that we have four fundamental things to secure—users, applications, data, and devices. I sometimes jokingly refer to them as the four horsemen of ...

How to Detect Cloud Storage Misconfigurations to Protect Valuable Data

Blog Published: 12/14/2022

Originally published by CrowdStrike. Written by Ciaran O'Brien and Matt Johnston, CrowdStrike. Cloud storage misconfigurations continue to become more prevalent and problematic for organizations as they expand their cloud infrastructure, driving the importance of technologies such as cloud se...

AWS Security Groups Guide

Blog Published: 12/15/2022

Originally published by Sysdig. Written by Brett Wolmarans, Sysdig. AWS Security Groups (and Network ACLs and VPCs) are some of the fundamental building blocks of security in your cloud environment. They are similar to firewalls, but are ultimately different. You have to understand this topic...

Advanced BEC Scam Campaign Targeting Executives on O365

Blog Published: 12/15/2022

Originally published by Mitiga on August 27, 2022. Mitiga spotted a sophisticated, advanced business email compromise (BEC) campaign, directly targeting relevant executives of organizations (mostly CEOs and CFOs) using Office 365. The attackers combine high-end spear-phishing with an adversary...

Redshift Security: Attack Surface Explained

Blog Published: 12/15/2022

Originally published by Dig Security. Written by Ofir Shaty and Ofir Balassiano, Dig Security. We have previously discussed (Access and Data Flows, Data Backups and Encryption) security best practices to implement least privileged access on Redshift and reduce the static risk associated with y...

How State CIOs Can Elevate Priorities Above Personalities

Blog Published: 12/13/2022

Originally published by CXO REvolutionaries. Written by David Cagigal, Former CIO of the State of Wisconsin. If we continue to develop technology without wisdom or prudence, our servant may prove to be our executioner." - General Omar N. Bradley Earlier this month, the National Association of ...

SASE to SSE: Understanding the Shift

Blog Published: 12/13/2022

Written by Prakhar Singh, Business Development Manager, Cybersecurity & GRC Services, HCLTech. IntroductionIn a previous blog post, I highlighted the importance of Zero Trust and Zero Trust Network Access and how organizations can cultivate the same within their ecosystems. While the term ...

CyberThreats Mushrooming Over Global Nuclear Facilities

Blog Published: 12/14/2022

Originally published by Cyble. Cyble Research & Intelligence Labs (CRIL) has been observing and reporting about parallel cyber hostilities extending among various nations since the beginning of the Russia-Ukraine conflict in February 2022.Apparently, Threat Actors (TAs), Hacktivist Groups,...

SANS 2022 Cloud Security Survey, Chapter 2: What Security and Compliance Worries Do IT Pros Have About the Cloud?

Blog Published: 12/14/2022

Originally published by Gigamon. Written by Chris Borales, Gigamon. Editor’s note: This post explores Chapter 2 of the SANS 2022 Cloud Security Survey. Chapter 1 is available here. Check back for future posts covering Chapters 3 and 4.The cloud is sold more and more as the answer to what ails ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
119
120
121
123
125
126
127
Last »