Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Software-Defined Perimeter Architecture Guide Preview

Blog Published: 07/31/2018

Part 1 in a four-part series.By Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc.The Software-Defined Perimeter (SDP) Working Group was founded five years ago, with a mission to promote and evangelize a new, more secure architecture for managing user access to applica...

Convincing Organizations to Say “Yes to InfoSec”

Blog Published: 07/20/2018

By Jon-Michael C. Brook, Principal, Guide Holdings, LLCSecurity departments have their hands full. The first half of my career was government-centric, and we always seemed to be the "no" team, eliminating most initiatives before they started. The risks were often found to outweigh the benefits, a...

What Is a CASB?

Blog Published: 07/16/2018

By Dylan Press, Director of Marketing, AvananEmail is the #1 attack vector. Cloud Account Takeover is the #1 attack target. A CASB is the best way to protect against these threats. Gartner first defined the term Cloud Access Security Broker (CASB) in 2011, when most IT applications were hosted i...

Avoiding Cyber Fatigue in Four Easy Steps

Blog Published: 07/12/2018

By Jon-Michael C. Brook, Principal, Guide Holdings, LLCCyber alert fatigue. In the cybersecurity space, it is inevitable. Every day, there will be a new disclosure, a new hack, a new catchy title for the latest twist on an old attack sequence. As a 23-year practitioner, the burnout is a real thin...

Methodology for the Mapping of the Cloud Controls Matrix

Blog Published: 07/09/2018

By Victor Chin, Research Analyst, Cloud Security AllianceThe Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud customers seeking to assess the overall security risk of a cloud service. To reduce compliance fatigue i...

Cloud Migration Strategies and Their Impact on Security and Governance

Blog Published: 06/29/2018

By Peter HJ van Eijk, Head Coach and Cloud Architect, ClubCloudComputing.comPublic cloud migrations come in different shapes and sizes, but I see three major approaches. Each of these has very different technical and governance implications.Three approaches to cloud migrationCompanies dying to ge...

Top Security Tips for Small Businesses

Blog Published: 06/27/2018

By Jon-Michael C. Brook, Principal, Guide Holdings, LLCMost small businesses adopt some sort of cloud offering, be it Software as a Service like Quickbooks or Salesforce, or even renting computers in Amazon Web Services or Microsoft’s Azure, in an Infrastructure as a Service environment. You get ...

CCM v3 Introduces Reverse Mappings, Gap Analysis

Blog Published: 06/26/2018

By Sean Cordero, VP of Cloud Strategy, NetskopeSince its introduction in 2010, the Cloud Security Alliance’s Cloud Control Matrix (CCM) has led the industry in the measurement of cloud service providers (CSP). The CCM framework continues to deliver for CSPs and cloud consumers alike a uniform set...

Cybersecurity Trends and Training Q and A

Blog Published: 06/22/2018

By Jon-Michael C. Brook, Principal, Guide Holdings, LLCQ: Why is it important for organizations and agencies to stay current in their cybersecurity training?A: Changes accelerate in technology. There's an idea called Moore's Law, named after Gordon Moore working with Intel, that the power of a mi...

Cybersecurity Certifications That Make a Difference

Blog Published: 06/14/2018

By Jon-Michael C. Brook, Principal, Guide Holdings, LLCThe security industry is understaffed. By a lot. Previous estimates by the Ponemon Institute suggest as much as 50 percent underemployment for cybersecurity positions. Seventy percent of existing IT security organizations are understaffed and...

Microsoft Workplace Join Part 2: Defusing the Security Timebomb

Blog Published: 06/13/2018

By Chris Higgins, Technical Support Engineer, BitglassIn my last post, I introduced Microsoft Workplace Join. It’s a really convenient feature that can automatically log users in to corporate accounts from any devices of their choosing. However, this approach essentially eliminates all sense of s...

Cloud Security Alliance Issues Recommendations on Firmware Integrity 
in the Cloud Data Center

Press Release Published: 06/12/2018

Group calls for more standardization from hardware manufacturers to improve security SEATTLE, WA – JUNE 12, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing env...

Firmware Integrity in the Cloud Data Center

Blog Published: 06/12/2018

By John Yeoh, Research Director/Americas, Cloud Security AllianceAs valued members, we wanted you to be among the first to hear about the newest report out from CSA—Firmware Integrity in the Cloud Data Center, in which key cloud providers and datacenter development stakeholders share their though...

New Software-Defined Perimeter Glossary Sheds Light on Industry Terms

Blog Published: 06/12/2018

The Cloud Security Alliance's Software Defined Perimeter Working Group set out to author a comprehensive resource on the terms and definitions within software defined perimeter (SDP) architectures. SDP has changed since the working group's inception in 2014, so the Working Group went about crea...

Continuous Monitoring in the Cloud

Blog Published: 06/11/2018

By Michael Pitcher, Vice President, Technical Cyber Services, Coalfire FederalI recently spoke at the Cloud Security Alliance’s Federal Summit on the topic “Continuous Monitoring / Continuous Diagnostics and Mitigation (CDM) Concepts in the Cloud.” As government has moved and will continue to mov...

Microsoft Workplace Join Part 1: The Security Timebomb

Blog Published: 06/08/2018

By Chris Higgins, Technical Support Engineer, BitglassIt’s no secret that enterprise users wish to access work data and applications from a mix of both corporate and personal devices. In order to help facilitate this mix of devices, Microsoft has introduced a new feature called Workplace Join int...

Volunteers Needed: Application Containers and Microservices Working Group

Press Release Published: 06/07/2018

The CSA Application Containers and Microservices Working Group is searching for volunteers to participate in the development of whitepapers on best practices and challenges in securing containers and microservices. If you are interested in being part of these projects, please sign up for the wo...

Cloud Security Trailing Cloud App Adoption in 2018

Blog Published: 06/06/2018

By Jacob Serpa, Product Marketing Manager, BitglassIn recent years, the cloud has attracted countless organizations with its promises of increased productivity, improved collaboration, and decreased IT overhead. As more and more companies migrate, more and more cloud-based tools arise.In its four...

Five Cloud Migration Mistakes That Will Sink a Business

Blog Published: 06/05/2018

By Jon-Michael C. Brook, Principal, Guide Holdings, LLCToday, with the growing popularity of cloud computing, there exists a wealth of resources for companies that are considering—or are in the process of—migrating their data to the cloud. From checklists to best practices, the Internet teems wit...

Cloud Security Alliance Issues Code of Conduct Self-Assessment and Certification Tools for GDPR Compliance

Press Release Published: 06/05/2018

New mechanisms offer vested parties structured, transparent path to meeting personal data protection requirements SEATTLE, WA and LONDON – JUNE 5, 2018 – InfoSecurity Europe Conference - The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, cert...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
132
133
134
136
138
139
140
Last »