Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog

All Articles

Home
All Articles
Five Steps to Mitigate the Risk of Credential Exposure

Blog Published: 04/10/2023

Originally published by Pentera. Written by Eli Domoshnitsky. Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to br...

Cloud Security and Encrypted OT Traffic: Safeguarding Critical Infrastructure

Blog Published: 04/13/2023

Written by Keith Thomas, Principal Architect, AT&T Cybersecurity Consulting. As Operational Technology (OT) systems increasingly connect and use cloud-based services for daily operations, securing the encrypted traffic between OT systems and the cloud is crucial. This article provides an u...

Containing Compromised EC2 Credentials Without (Hopefully) Breaking Things

Blog Published: 04/13/2023

Originally published by FireMon. Written by Rich Mogull, SVP of Cloud Security, FireMon. TL;DR: There are multiple techniques for containing compromised instance credentials. The easy ones are the most likely to break things, but there are creative options to lock out attackers without breakin...

Top Cloud Security Challenges in 2023

Blog Published: 04/14/2023

Originally published by InsiderSecurity. Cloud adoption is speeding up in 2023, with Gartner estimating the worldwide spending on public cloud services to grow by 20% from 2022. This has beaten the initial forecasts of 18% for cloud growth, showing the high demand for public cloud services des...

When Instant Messaging Goes Rogue: Safeguarding Your Corporate Communication Channels

Blog Published: 04/14/2023

By Alex Vakulov Six million dollars for two errors in the code. This is the amount that the Israeli company Aurora Labs paid to white hackers - cyber security specialists who test the reliability of IT systems. Thanks to the white hats, the company discovered critical bugs in the infrastructur...

What is the New National Cybersecurity Strategy?

Blog Published: 04/14/2023

Originally published by Schellman. Throughout history, warfare has evolved. The Romans did it one way, the Vikings did it another—Sun Tzu, Richard the Lionheart, and the Allied forces all had different tactics that forced opponents to adjust their defenses and strategies.Now in the modern tech...

A Fool With a Tool is Still a Fool: A Cyber Take

Blog Published: 04/17/2023

Originally published by CXO REvolutionaries and Dark Reading. Written by Tony Fergusson, CISO - EMEA, Zscaler. New tech often requires new thinking — but that's harder to install Here's a provocative question: Is it possible, given the vast array of security threats today, to have too many sec...

How to Mitigate Risks When Your Data is Scattered Across Clouds

Blog Published: 04/17/2023

Originally published by Lookout. Written by Sundaram Lakshmanan, CTO of SASE Products, Lookout. Cloud applications have opened up limitless opportunities for most organizations. They make it easier for people to collaborate and stay productive, and require a lot less maintenance to deploy,...

A Case for Cyber Resilience

Blog Published: 04/18/2023

Originally published by Rubrik on March 28, 2023. Written by Bipul Sinha. Last month, The White House introduced a new National Cybersecurity Strategy for the first time since 2018. The landscape has changed rapidly over the past five years – a lifetime in cyber. Yet one thing remains constant...

The Cloud Monitoring Journey

Blog Published: 04/18/2023

Originally published by Sysdig. Written by Emanuela Zaccone. Monitoring is not a goal, but a path. Depending on the maturity of your project, it can be labeled in one of these six steps of the cloud monitoring journey. You will find best practices for all of them and examine what companies get...

DevOps Threat Matrix

Blog Published: 04/20/2023

Originally published by Microsoft Security. Written by Ariel Brukman, Senior Security Researcher, Microsoft Defender for Cloud. The use of DevOps practices, which enable organizations to deliver software more quickly and efficiently, has been on the rise. This agile approach minimizes the time...

Solving the Tower of Babel Challenge

Blog Published: 04/20/2023

Originally published by Netography. Written by Martin Roesch, CEO, Netography. Today’s Atomized Networks, which are dispersed, ephemeral, encrypted, and diverse (DEED), pose numerous network monitoring and security challenges for the teams responsible for defending and managing them. Here, I’m...

From Code to Cloud, the Case for Cloud-Native App Protection

Blog Published: 04/21/2023

Originally published by CXO REvolutionaries. Written by Rich Campagna, SVP & GM, Posture Control, Zscaler. A Cloud Native Application Protection Platform (CNAPP) is far more than just another buzz-acronym in an industry already chock full of them. It’s the next logical stage of security ev...

HITRUST CSF Releases v11 to Increase Efficiencies and Stay Threat-Adaptive

Blog Published: 04/21/2023

Originally published by BARR Advisory. Written by Kyle Cohlmia. HITRUST CSF recently released version 11, which includes important updates to the framework that will help streamline the process to greater healthcare assurance and protect against new and emerging threats. As a single framework,...

An Overview of NIST Special Publications 800-34, 800-61, 800-63, and 800-218

Blog Published: 04/26/2023

Originally published by Schellman. Known more commonly as NIST, the National Institute of Standards and Technology provides cybersecurity frameworks that not only are integral for many government and Department of Defense contracts but are also widely accepted as a solid launch point for most ...

3 Reasons Why Data Security Helps Ensure Cyber Recovery

Blog Published: 04/27/2023

Originally published by Rubrik. Written by Srujana Puttagunta. Are you still relying on legacy backup systems to protect your business from cyber attacks? If so, you might want to think twice. Cyber attacks have become so common that 98% of security and IT leaders reported that they deal...

What Boards Need to Know About GRC and Atomized Networks

Blog Published: 04/27/2023

Originally published by Netography. Written by Martin Roesch, CEO, Netography. New regulations proposed by the Security Exchange Commission (SEC) around cybersecurity governance, risk management, and compliance (GRC) are forcing CEOs and board members to take a hard look at their governance ca...

Trust, but Verify (Your Third-Party Vendors)

Blog Published: 04/11/2023

Originally published by NCC Group. Written by Sourya Biswas, Technical Director, NCC Group. As far back as 2010, Google estimated that more information was being created every two days than had existed in the entire world from the dawn of time to 2003. Granted, a lot of this information includ...

Shadow Data is Inevitable, but Security Risks Aren’t

Blog Published: 04/12/2023

Originally published by Dig Security. Written by Benny Rofman. Shadow data is unavoidable. It’s always been around, but the move to the cloud and the push towards data democratization have made it far more common. It’s never been easier to create shadow data assets, and employees have an incen...

Cloud Security Alliance Summit at RSA 2023 to Delve Into Lessons Learned as Cloud Becomes Leading Platform for Mission-Critical Business Systems

Press Release Published: 04/12/2023

Register today for RSA Conference’s premier thought-leadership eventSEATTLE – April 12, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today anno...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
131
132
133
135
137
138
139
Last »