Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
Examining Zero Trust From a Policy Perspective: Four Themes for CXOs

Blog Published: 04/12/2023

Originally published by CXO REvolutionaries. Written by Brett James, Director, Transformation Strategy, Zscaler. In many ways, an enterprise zero trust transformation is more about policy change than technology, an idea that may seem foreign to insiders contemplating change in the IT industry....

Cloud Security Alliance Welcomes Three New Board Members

Press Release Published: 04/27/2023

New members bring wealth of cloud security expertise to CSARSA Conference (San Francisco) – April 27, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environme...

ISF to Map its “Standard of Good Practice” with Cloud Security Alliance Controls Matrix

Press Release Published: 04/18/2023

Responding rapidly to mounting risks with ready-made frameworks of security controls designed to mitigate known and unknown threats and challengesLONDON – April 18, 2023: The Information Security Forum (ISF), an independent, not‑for‑profit cybersecurity association with 500+ corporate members,...

The Importance of Zero Trust for Financial Services

Blog Published: 04/14/2023

With the 2023 RSA conference just around the corner, I am reminded that many of my first learnings about emerging security concepts came from the time at this event. In fact, it was at RSAC that I first began to explore how to secure data within cloud computing and the concept of ‘zero trust’...

Tackling the Four Horsemen with Modern Data Security

Blog Published: 04/17/2023

Originally published by Symmetry Systems. Written by Claude Mandy. Chief Information Security Officers are tasked with preparing their organizations and themselves for any number of impending apocalypse scenarios. Whether it’s ransomware, a phish, or an insecure API resulting in a career-endin...

The Best Way to Improve Your Cyber Security? Outline Where You Are Now and Roadmap to Your Target State.

Blog Published: 04/18/2023

Originally published by NCC Group. Written by Sourya Biswas, Technical Director, NCC Group. As anyone working in cyber security knows, 100% threat prevention/mitigation is a myth. One question we hear time and time again is, “how much security is enough?” There are so many different ways to an...

A Brief Overview of the CPRA for Data Security and Privacy Professionals

Blog Published: 04/19/2023

Originally published by Laminar. Written by Orin Israely, Product Manager, Laminar. The new year brought in new changes to the California Consumer Privacy Act (CCPA) under the California Privacy Rights Act (CPRA). What does that mean for data security and privacy professionals? Here are the pe...

Cloud Visibility and Port Spoofing: The Known Unknown

Blog Published: 04/19/2023

Originally published by Gigamon. Written by Stephen Goudreault. As with all technology, new tools are iterations built on what came before, and classic network logging and metrics are no different. Tooling, instrumenting, and monitoring of network traffic are virtually unchanged across the pri...

Google Proposal To Reduce TLS Certificates Validity To 90 Days Puts Focus On Automated Certificate Lifecycle Management

Blog Published: 04/19/2023

Originally published by AppViewX. On March 3, in a move that’s meant to reinforce better Internet security, Google announced a proposal called “Moving Forward, Together,” outlining some of the key policy changes it plans to introduce in future versions of its Chrome Root Program.One of the sig...

The Discovery of the First-Ever Dero Cryptojacking Campaign Targeting Kubernetes

Blog Published: 04/20/2023

Originally published by CrowdStrike. CrowdStrike discovers the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure. Dero is a cryptocurrency that claims to offer improved privacy, anonymity and higher and faster monetary rewards compared to Monero, which is a commonly u...

Report Shows Cloud Adoption is Higher Than Ever and So is Risk

Blog Published: 04/21/2023

Originally published by Skyhigh Security. Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. — Here’s What You Can Do About ItWith massive global changes rocking the status quo of how organizations operate and secure data, it’s no wonder that 2022 saw some pretty huge ch...

Why the Cloud Security Alliance Needs to Help Secure AI (And You Do, Too)

Blog Published: 04/24/2023

When I frame a very big technology trend, I have a somewhat annoying habit of paraphrasing a quote that revolutionary Leon Trotsky may or may not have ever said. In this case it goes:You may not be interested in artificial intelligence, but artificial intelligence is interested in you.Artifici...

Security is Only as Good as Your Threat Intelligence

Blog Published: 04/25/2023

Now even stronger with AI Originally published by Microsoft Security. Written by John Lambert, Corporate Vice President, Distinguished Engineer, Microsoft Security Research. Longtime cybersecurity observers know how frustrating the fight for progress can be. Our profession demands constant vig...

Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads

Blog Published: 04/26/2023

Originally published by CrowdStrike. Self-extracting (SFX) archive files have long served the legitimate purpose of easily sharing compressed files with someone who lacks the software to decompress and view the contents of a regular archive file. However, SFX archive files can also contain hid...

Discover the Cloud Security Alliance's STAR Program: A Must-Know for Enterprise CISOs

Blog Published: 04/26/2023

IntroductionCloud computing has unleashed unprecedented computational prowess and storage potential for businesses, but it comes with increased data privacy and security worries. The Cloud Security Alliance (CSA) spearheads efforts to tackle these concerns via its Security, Trust, Assurance an...

Cloud Security Alliance Releases First ChatGPT Guidance Paper and Issues Call for Artificial Intelligence Roadmap Collaboration

Press Release Published: 04/24/2023

RSA Conference (San Francisco) – April 24, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, released Security Implications of ChatGPT, a whitepaper...

Unintended Third-Party Access to Data Through Supported Azure Built-In Roles

Blog Published: 04/28/2023

Originally published by Symmetry Systems. Written by Sachin Tyagi. A combination of built-in contributor permissions could allow unintended data access in Azure Lighthouse Symmetry Systems would like to extend their appreciation and thanks to the Azure Lighthouse product managers and t...

Analysis for CVE-2023-23397 Microsoft Outlook Vulnerability

Blog Published: 04/28/2023

Originally published by InsiderSecurity. CVE-2023-23397 Threat Overview InsiderSecurity analysed the possible exploitation techniques for the recent Outlook vulnerability, as well as methods for early detection of such exploits, both for this specific vulnerability and future similar vulnerabi...

The CxO Trust Cloud Change Notification Project

Blog Published: 04/24/2023

In the two years since we kicked it off, the Cloud Security Alliance’s CxO Trust Initiative has provided valuable guidance as to the key strategies necessary to advance cloud and cybersecurity within the C-Suite. We consult the CxO Trust Advisory Council regularly on issues that arise in the i...

CSA’s Enterprise Architecture: Business Operation Support Services

Blog Published: 04/22/2023

Written by CSA’s Enterprise Architecture Working Group. The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects, and risk management professionals to leverage a common set of solutions and controls. It can be used to assess op...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
132
133
134
136
138
139
140
Last »