ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

All Articles
What’s Logs Got to Do With It?

Blog Published: 12/18/2023

Leveraging the cross-cutting capability of visibility and analytics for Zero Trust implementationWritten by Shruti Kulkarni, Cyber Security Architect at 6point6. Visibility and analytics is a cross-cutting capability for Zero Trust. In simple terms, visibility is achieved based on logging and ...

Applying the AIS Domain of the CCM to Generative AI

Blog Published: 12/22/2023

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR. 1. Introduction The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing that's developed by the Cloud Security Alliance (CSA). It's designed to provide organizations with the necess...

Securing Cloud Infrastructure: Cloud Security Training Bundle

Blog Published: 12/27/2023

Whether you're a seasoned IT professional or just embarking on your cloud journey, continuous education is the key to staying on top of the latest security advancements. CSA’s Cloud Infrastructure Security (CIS) Training Bundle serves as a reliable guide in your cloud security journey. Instead...

New SEC Rules Push Cybersecurity to the Top of the Inbox

Blog Published: 01/02/2024

Originally published by Synack on September 11, 2023. Written by Stephen Soper. If you had the U.S. Securities and Exchange Commission on your bingo card for shaking up the cybersecurity sector this year, congratulations! Through its new cybersecurity disclosure requirements, which took effect...

Enhancing Access Control by Combining IGA and PAM

Blog Published: 01/05/2024

Written by Alex Vakulov. Some companies adopt IGA (Identity Governance & Administration) systems to protect against cyber threats by controlling user access. Others focus on PAM (Privileged Access Management) to secure accounts with extended rights. What would happen if these technologies ...

2024: A Critical Year for the Cloud Security Teenager

Blog Published: 12/29/2023

2024 marks the 15th anniversary of the Cloud Security Alliance. We have seen so many changes in our world, shifts in the tech scene, and several cloud security ventures come and go during that time. In a world that is so dynamic, corporations don’t have the same longevity they once had, but as...

How Do I Communicate My New SOC 2 Report? SOC 2 Certified?

Blog Published: 01/03/2024

Originally published by MJD. Written by Mike DeKock, CPA, Founder & CEO, MJD. Q: How do I communicate my new SOC 2® Report? SOC 2 Certified?A: MJD AnswerWe highly recommend you do not use the phrase “SOC 2 Certified”. Yes, you see it everywhere, and your competitors are celebrating their...

Revolutionizing Enterprise Security Management with AIOps

Blog Published: 01/03/2024

Originally published by HCLTech. Written by Prashant Mishra, Sr Solutions Architect, Global Alliances, Palo Alto Networks and Amit Raj, Associate General Manager, Cybersecurity, HCLTech. In today’s rapidly evolving digital landscape, the complexity of managing enterprise security is a constant...

Assistive vs Automatic Remediation: What to Consider

Blog Published: 01/04/2024

Originally published by Dazz. Written by Noah Simon, Head of Product Marketing, Dazz. Without any doubt, automation is growing in importance for security teams. No matter the size and resources - every company is grappling with the fact that attacks now happen in hours, but it takes most organ...

How Malicious Insiders Use Known Vulnerabilities Against Their Organizations

Blog Published: 01/11/2024

Originally published by CrowdStrike. Between January 2021 and April 2023, CrowdStrike identified multiple incidents in which an internal user either exploited or sought to exploit a known vulnerability, or deploy offensive security tooling against their enterprise environment.Approximately 55%...

5 Simple Ways Innovative Tech Decision-Makers Can Streamline DevOps Security

Blog Published: 01/05/2024

Originally published by Britive.DevOps has emerged in the last few years as the ultimate game-changer, driving agility and efficiency across the software development lifecycle. However, the fast-paced nature of DevOps can leave security teams struggling to keep up. Enter DevOps security, the v...

Practical Ways to Combat Generative AI Security Risks

Blog Published: 01/05/2024

Originally published by Astrix.Written by Idan Gour. As many have come to realize in the cyber world, all that glitters is not gold. Generative AI, and its ability to automate work processes and boost productivity, is increasingly being used across all business environments. While it’s easy to...

Gain Business Support for Your Zero Trust Initiative

Blog Published: 01/08/2024

Written by Alex Sharpe and Jason Garbis of the CSA Zero Trust Working Group.Zero Trust is a major industry trend that is being adopted and promoted by security teams within many organizations around the globe, and for good reason. Zero Trust mitigates cyber risk, allowing the business to creat...

Uncovering Hybrid Cloud Attacks Through Intelligence-Driven Incident Response: Part 1– Addressing the Speed of Cloud Attacks

Blog Published: 01/10/2024

Originally published by Gem Security. Written by Yotam Meitar. The rapid global migration to cloud environments has created unparalleled opportunities for scaling up IT operations, along with an increasingly high volume of sophisticated cyberattacks. Effectively responding to these attacks can...

NIST SP 800-171 R3: An Overview of the Changes

Blog Published: 01/09/2024

Originally published by Schellman. In the latest revision of documents pertinent to the ongoing CMMC countdown, NIST SP 800-171 R3 has been released. Though there were only a handful of changes in this new version, there were some significant ones regarding the assessment practices and their p...

OAuth Token: What It Is, How It Works, and Its Vulnerabilities

Blog Published: 01/09/2024

Originally published by AppOmni. Written by Tamara Bailey, Content Marketing Specialist, AppOmni. Previous security breaches at Heroku and GitHub serve as stark reminders that OAuth token theft and inactive, overly permissive SaaS-to-SaaS connections represent significant security risks to any...

Data Privacy Dilemmas Highlight Need for Comprehensive DLP

Blog Published: 01/10/2024

Originally published by CXO REvolutionaries. Written by Daniel Ballmer, Senior Transformation Analyst, Zscaler. Imagine you place an order for food delivery and shortly after it arrives you receive a text message. The delivery driver is asking you out on a date. This experience is a reality fo...

Demystifying Cloud Security: Why the CCZT Course and Certificate Matter

Blog Published: 01/16/2024

Written by Jaye Tillson, Director of Strategy, Field CTO, HPE and Co-Host of the SSE Forum.In today's cloud-fuelled world, ensuring robust security is paramount. This is where the Cloud Security Alliance's (CSA) Certificate of Competence in Zero Trust (CCZT) shines.Let's delve into the benefit...

Creating an Incident Response Plan for Email Attacks

Blog Published: 01/18/2024

Originally published by Abnormal Security. Written by Mick Leach. Since 2013, the FBI has identified nearly $51 billion in exposed losses due to business email compromise. Modern threat actors are constantly finding new tactics for bypassing traditional security methods to access sensitive dat...

Why You Need a Vulnerability Disclosure Program (VDP)

Blog Published: 01/18/2024

Originally published by Synack. Written by Ron Ulko. What is a Vulnerability Disclosure Program (VDP)? Virtually all computer systems have vulnerabilities in their applications or infrastructure, and persistent hackers are constantly probing for those vulnerabilities to see if they can br...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.