Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
AI at Work: Three Steps to Prepare and Protect Your Business

Blog Published: 12/12/2023

Originally published by Forbes.Written by Yaki Faitelson, Co-Founder and CEO of Varonis. In terms of hype, nothing is hotter than AI right now; blockchain has some weak links, the metaverse isn't singing in this part of the multiverse, and even big data seems small. As the CEO of a leading cyb...

The Perils and Protections of Privileged Accounts

Blog Published: 12/13/2023

Written by Alex Vakulov. Privileged users are the Achilles heel of any company. There are specialized IT systems on the market for managing privileged access - PAM (Privileged Access Management). Nowadays, PAM is no longer just about account management; it is a cybersecurity strategy for regul...

Resilient Container Security: Why You Need a Preventive Approach

Blog Published: 12/13/2023

Written by Christina DePinto, Product Marketing Manager, Tenable Cloud Security. As organizations move to the cloud, container adoption is skyrocketing. A recent study conducted by Forrester Consulting on behalf of Tenable surveyed 825 IT and cybersecurity pros worldwide1 and found that 32% o...

Resilient Container Security: How to Achieve it in Three Steps

Blog Published: 12/22/2023

Written by Christina DePinto, Product Marketing Manager, Tenable Cloud Security. As your organization grows its cloud adoption, chances are its use of containers is rapidly increasing, too, and with it the need to secure your container infrastructure. But how do you properly and effectively p...

Resilient Container Security: How Container Security Benefits Cybersecurity and DevOps

Blog Published: 01/08/2024

Written by Christina DePinto, Product Marketing Manager, Tenable Cloud Security. Securing containers across the entire software development life cycle is a huge win for cybersecurity teams and DevOps. Why? These two traditionally siloed entities can now congregate around a strategic approach ...

Artificial Intelligence Leaders Partner with Cloud Security Alliance to Launch the AI Safety Initiative

Press Release Published: 12/12/2023

Program for responsible, safe and forward-looking research, best practices, education, professional credentialing and organizational certification for generative AI is underwaySEATTLE – Dec. 12, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining st...

An Update on EU Cybersecurity: NIS2, EU Cybersecurity Schemes, and the Cyber Resilience Act

Blog Published: 12/14/2023

Originally published by Schellman.The European Union (EU) has made significant strides lately in shaping cybersecurity regulation—new developments include those related to the NIS2 Directive, the EU Cybersecurity Act, the EU Cloud Services Cybersecurity Scheme (EUCS), and the EU Cyber Resilien...

When a Breach Isn't All Bad: Making the Most of Adverse Cyber Circumstances

Blog Published: 12/19/2023

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler.Would you do business with a company that’s recently been in the headlines for a data breach? I would. Let me tell you why.High-profile incidents are one of the most surefire ways to get companies to ...

Comments on Draft NIST Special Publication 800-92r1 “Cybersecurity Log Management Planning Guide”

Blog Published: 12/15/2023

Originally published by Gigamon. Written by Orlie Yaniv, Ian Farquhar, and Josh Perry. Editor’s note: the mechanisms by which organizations derive observability and visibility generally fall under the title of telemetry, and the most prevalent form of telemetry is logging. As we see increased ...

Behind the Curtain with a CCZT Developer: Director Zenith Law

Blog Published: 12/18/2023

The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The winner of Cyber Defense Magazine’s 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training, the ...

2024 SaaS Security Predictions: A Look at the SaaS Threat Landscape in the Year Ahead

Blog Published: 12/22/2023

Originally published by AppOmni. Written by Beverly Nevalga. Breaches of consumer health, credit data, and military systems were among the most devastating in 2023 – evidence that no SaaS applications are immune from being compromised. To find out what next year holds, we asked 5 cyberse...

WinRAR CVE-2023-38831 Vulnerability Draws Attention from APTs

Blog Published: 12/28/2023

Originally published by Uptycs. Written by Shilpesh Trivedi and Nisarga C M. In April 2023, the cybersecurity community faced a significant challenge with the discovery of CVE-2023-38831, a vulnerability affecting versions of WinRAR prior to 6.23. This security flaw has become a critical conce...

Is the Auditor’s Role in a SOC 2 Audit Just to Find Gaps in Our System?

Blog Published: 01/17/2024

Originally published by MJD. Written by Chris Giles, CPA, Senior Manager, MJD. Q: Is the auditor’s role in a SOC 2® audit just to find gaps in our system?A: MJD AnswerThe auditor’s role in a SOC 2 audit is to provide an opinion on the design and operating effectiveness of the controls related ...

Unraveling CVE-2023-46214: A Deep Dive into Splunk RCE Vulnerability

Blog Published: 12/15/2023

Originally published by Uptycs. Written by Siddartha Malladi. Cybersecurity experts have uncovered a critical Remote Code Execution (RCE) vulnerability in Splunk, the data analytics platform that forms the backbone of many corporate IT infrastructures. Identified as CVE-2023-46214, this flaw c...

Identifying SaaS App Risks

Blog Published: 12/19/2023

Originally published by Suridata. Written by Haviv Ohayon. SaaS vendors tend not to enforce strong security settings by default. Rather, they leave the details up to the client’s discretion. They do this mostly to reduce their responsibility for security. They also want to make their services ...

What Controls are Required for SOC 2 Reports?

Blog Published: 12/19/2023

Originally published by MJD.Written by Mike DeKock, CPA, Founder & CEO, MJD.Q: What controls are required for SOC 2®?A: MJD AnswerThere is nuance to this question, and other well-meaning and very smart people that I respect might give a different answer. But within the volumes of literat...

Traditional Privileged Access Management is Antiquated; Modernize with the 5 Advantages of JIT

Blog Published: 12/21/2023

Originally published by Britive.Forward-thinking DevSecOps professionals know that when it comes to privileged access, innovation and adaptability are the name of the game. Privileged Access Management (PAM) solutions have long served as the guardians of critical systems and data, essential fo...

Securing CI/CD Pipelines: Why a Comprehensive Approach is Needed

Blog Published: 12/21/2023

Originally published by Dazz. Written by Noah Simon, Head of Product Marketing, Dazz. Continuous Integration and Continuous Deployment (CI/CD) pipelines have become the backbone of modern software development, enabling teams to deliver code faster and more reliably. However, in the rush to acc...

How to Build a Third-Party Risk Management Strategy

Blog Published: 12/21/2023

Originally published by BARR Advisory. Written by Brett Davis. Today’s modern enterprise is often fragmented, with businesses relying extensively on third-party vendors and partners. While these relationships are critical for the success of organizations of all sizes, the management of associa...

5 Security Risks of Collaboration Tools

Blog Published: 12/20/2023

Originally published by Abnormal Security. Written by Mick Britton. Today’s business tech ecosystems are rapidly evolving. Many employees take advantage of remote work, SaaS environments continue to expand, and collaboration tools increase in popularity. Common examples of these tools include ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
154
155
156
158
160
161
162
Last »