Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
How to Support Agile Development with Zero Trust Best Practices

Blog Published: 04/24/2023

Originally published by TrueFort. Written by Nik Hewitt. What is agile development? Agile software development is the practice of delivering small pieces of working software quickly to fix bugs, add features, enhance usability, and generally improve the customer experience. It lets development...

From Cloud Data Sprawl to Cloud Data Security: Navigating the Complexities

Blog Published: 04/24/2023

Originally published by Dig Security. Written by Sharon Farber. More than 60% of enterprise data is now stored in the cloud. And as this number grows, it is becoming increasingly important to ensure complete data security. Cloud computing offers greater efficiency for storing, analyzing, and s...

The State of Data Security: The Hard Truths

Blog Published: 05/01/2023

Originally published by Rubrik. Written by Steve Stone. Rubrik Zero Labs is excited to debut its second State of Data Security report: “The State of Data Security: The Hard Truths.” This in-depth global study uses telemetry data to provide objective data security insights. Rubrik data ...

A Security Work Stream Is Critical to IT Modernization

Blog Published: 05/01/2023

Originally published by Lookout. Written by Fazal Sadikali, Technology Managing Director of Cloud Insights, Lookout. With new technology being developed at a rapid pace, adaptability is crucial for a company to thrive against its competitors. IT cloud modernization is a great way to drive ...

Beyond the Inbox: Protecting Against Collaboration Apps as an Emerging Attack Vector

Blog Published: 05/01/2023

Originally published by Abnormal Security. Written by Mike Britton. Email has always been a lucrative attack vector for cybercriminals. Even today, it continues to be their most common path into an organization, and enterprises are undoubtedly feeling the impact. Losses due to business email c...

Migration to the Public Cloud: What You Need to Know and Some Best Practices

Blog Published: 04/25/2023

Written by Bindu Sundaresan, Director, AT&T Cybersecurity. Many organizations are turning to public cloud environments for their IT infrastructure expansion and enhancement. Cloud-based solutions offer many advantages, including cost-effectiveness, scalability, and ease of use. Organizatio...

How To Use An Identity Fabric To Manage Identity Sprawl

Blog Published: 05/02/2023

Written by Lior Yaari, CEO, Grip Security. Originally published on Forbes. From HR to IT and factories to finance, the enterprise runs on SaaS. The rapid adoption of SaaS services, however, has led to the two-pronged threat of identity attacks and the hijacking of critical tools leveraged to r...

Lessons from Blockbusters: What Hollywood Can Teach Us About Cyber Security

Blog Published: 04/25/2023

Originally published by NCC Group. Written by Sourya Biswas, Technical Director, NCC Group. “Everything I learned I learned from the movies.”-Audrey Hepburn, Oscar-winning actress and humanitarianFew things capture the imagination like movies. From epic dramas to tearful romances, from everyda...

SCARLETEEL: Operation Leveraging Terraform, Kubernetes, and AWS for Data Theft

Blog Published: 05/02/2023

Originally published by Sysdig on February 28, 2023. Written by Alberto Pellitteri. The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL, that resulted in stolen proprietary data. The attacker exploited a containerized...

I2Pminer MacOS Mineware Variant

Blog Published: 05/03/2023

Originally published by CrowdStrike on February 23, 2023. CrowdStrike analyzed an I2Pminer variant that targets macOSThe mineware utilizes I2P to hide XMRig network trafficCrowdStrike recently analyzed a macOS-targeted mineware campaign that utilized malicious application bundles to deliver op...

The Road to M&A Hell is Paved with Good (IP-based) Intentions

Blog Published: 04/27/2023

Originally published by Zscaler. Written by Martyn Ditchburn, Director of Transformation Strategy, Zscaler. TCP/IP-based communications have been the cornerstone of corporate networks for more than 30 years. Organisations like Cisco excelled at training an army of mechanical TCP/IP converts wh...

QakBot eCrime Campaign Leverages Microsoft OneNote Attachments

Blog Published: 05/10/2023

Originally published by CrowdStrike. In November 2021[1] and February 2022[2], Microsoft announced that by default it would block Excel 4 and VBA macros in files that were downloaded from the internet. Following these changes, CrowdStrike Intelligence observed eCrime adversaries that had previ...

The Art of Prioritizing Vulnerabilities: Maximizing Your Defense

Blog Published: 05/12/2023

Written by Alex Vakulov According to FIRST, organizations can eliminate from 5% to 20% of vulnerabilities per month. The average time to fix vulnerabilities is growing. At the same time, according to Skybox Security, there was a 3x increase in the number of vulnerabilities over the past decade...

The Internet-Based Threats Putting Your Organization at Risk

Blog Published: 05/15/2023

Originally published by Lookout. Written by Stephen Banda, Senior Manager, Security Solutions, Lookout. The way we connect in the workplace has changed. For one, “the workplace” isn’t just limited to the office anymore, and that means instead of relying on a corporate network, employees ar...

Millions Wasted on Kubernetes Resources

Blog Published: 05/16/2023

Originally published by Sysdig. Written by Javier Martínez. The Sysdig 2023 Cloud-Native Security and Container Usage Report has shed some light on how organizations are managing their cloud environments. Based on real-world customers, the report is a snapshot of the state of cloud-native in 2...

Chaos in the Cloud: Rampant Cloud Activity Requires Modern Protection

Blog Published: 05/17/2023

Originally published by CrowdStrike. Digital transformation isn’t only for the good guys. Adversaries are undergoing their own digital transformation to exploit modern IT infrastructures — a trend we’re seeing play out in real time as they increasingly adapt their knowledge and tradecraft to e...

It May Only Take One Attack to Get Stung by OneNote!

Blog Published: 04/28/2023

Originally published by Skyhigh Security. Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. Part of Microsoft’s extensive 365 application suite, Microsoft OneNote offers users a powerful yet flexible information management workbench. As organizations continue their ramp...

Identity Modernization for Customer-Facing Applications

Blog Published: 05/02/2023

Originally published by Strata. Want to loan a friend some money? There’s an app for that. Want to exchange some dollars for Euros? There’s an app for that. In fact, the number of mobile apps that let consumers complete financial tasks that used to require a big financial institution is growin...

Definitive Guide to Hybrid Clouds, Chapter 7: Selecting the Right Cloud VAF and NDR Vendor

Blog Published: 05/03/2023

Originally published by Gigamon. Written by Stephen Goudreault. Editor’s note: This final post of this series explores Chapter 7 of the “Definitive Guide™ to Network Visibility and Analytics in the Hybrid Cloud.” Read Chapter 1, Chapter 2, Chapter 3, Chapter 5, and Chapter 6.If you haven’t sta...

Zero Trust is a Journey. Not a Single Project.

Blog Published: 05/04/2023

Originally published by CXO REvolutionaries. Written by Larry Biagini, Chief Technology Evangelist, Zscaler. A successful digital transformation cannot be achieved while using antiquated networking concepts, tiptoeing toward change, and avoiding risk. Thinking about enterprise security in term...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
133
134
135
137
139
140
141
Last »