Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
CCM & CAIQ v3.0.1 Version Update Soft Launch

Press Release Published: 07/11/2014

We are very excited to announce the soft launch of the Cloud Controls Matrix (CCM) and Consensus Assessments Initiative Questionnaire (CAIQ) v.3.0.1. We invite you to download both documents during this early review period: Download CCM Here ‎ Download CAIQ Here ‎ What's New in CCM v3.0.1 T...

Securing the Cloud

Blog Published: 07/10/2014

By Robert Clauff, Security Engineer, SolutionaryMore and more organizations are moving to the “CLOUD." It seems as though you can't read an article about IT or turn on the TV without seeing someting about the increasingly ubiquitous cloud. Of course, the cloud is more than just an IT buzzword, it...

Upcoming Webinar: Triaging the Cloud - 5 Steps to Putting the Cloud Controls Matrix to Work to Safely Enable Cloud Services in Your Enterprise

Press Release Published: 07/05/2014

Join Cloud Security Alliance Chief Operating Officer, John Howie, Pandora Director of Information Security, Doug Meier, and Netskope Chief Scientist, Krishna Narayanaswamy, for a practical discussion and set of next steps to making the CCM work for you and triaging the apps you discover. Register...

Survey Opportunity: Security as a Service Categories

Press Release Published: 07/05/2014

The Security as a Service (SecaaS) working group within the Cloud Security Alliance (CSA) has been created to provide leadership and direction on how the cloud can be used to deliver security services to cloud, on premises and hybrid environments. In our framework for defining a Security as a Se...

CLOUD SECURITY CUP: USA VS. EUROPE (SPOILER – IT’S NOT A 0-0 DRAW)

Blog Published: 07/03/2014

By Brandon Cook, Skyhigh NetworksWith the World Cup in full swing, one cannot help but compare the US to our neighbors around the world. The event begs it. We see our skills, our style, our strategy and our fans all juxtaposed with more established soccer powers from around the globe.And, I have ...

New Study Highlights the Risks of Bring Your Own Cloud

Blog Published: 07/02/2014

By Hormazd Romer, Senior Director, Product Marketing, AccellionA new study by the Ponemon Institute, The Insider Threat of Bring Your Own Cloud (BYOC), analyzes the risks of enterprise employees using cloud services without the permission or oversight of the IT department—a practice that the stud...

Seeking Data Privacy Experts to participate in a Data Protection Heat Index Research Initiative

Press Release Published: 06/30/2014

The Cloud Security Alliance research team would like to invite global data privacy experts to participate in a brief survey that is intended to measure attitudes towards data protection areas that tie into technology solutions that enable the exchange of information across the cloud. Within the ...

Volunteer Spotlight: Sean Cordero

Press Release Published: 06/30/2014

Mr. Sean Cordero, CISSP, CISA. CRISC, CISM, is the chair of the Cloud Security Alliance’s Cloud Controls Matrix where he works alongside other industry thought leaders to drive the development of security standards for cloud computing. Prior to establishing his company, Cloud Watchmen, Inc., M...

Are Cloud Services Taking on a Life of Their Own?

Blog Published: 06/30/2014

By Nina Seth, Senior Product Marketing Manager, AccellionA new report from SkyHigh Networks – a company that tracks the use of cloud services for corporate customers – found that cloud services are growing exponentially within enterprises. The findings in the report were based on traffic generate...

Cloud Security Alliance Expands CCSK Training Program

Press Release Published: 06/25/2014

CSA selects HP as Master Training Partner for China and Japan Seattle, WA – June 17, 2014 – The Cloud Security Alliance (CSA) today announced that in recognition of the success and growth of the CSA Certificate of Cloud Security Knowledge (CCSK) Certification training program conducted by HP, t...

The 5 Steps to Prepare for a PCI Assessment

Blog Published: 06/19/2014

Preparing for a Payment Card Industry (PCI) compliance assessment is a major task for any size organization. However, companies that store, process, or transmit credit card transactions are required to comply with PCI's Data Security Standards (DSS). PCI DSS includes up to 13 requirements that sp...

Security as a Service (SecaaS) Working Group 2014 Kick-Off Call

Press Release Published: 06/16/2014

The Security as a Service (SecaaS) Working Group will be kicking off their latest research efforts on: Monday June 16th at 9:00am PDT (GMT-7) (Meeting details are below) The latest developments will be towards an updated "Defined Categories of Service v2.0" and includes: Proposals for new...

OpenSSL CCS Injection Vulnerability Countdown

Blog Published: 06/16/2014

By Krishna Narayanaswamy, Netskope Chief ScientistOn June 5, researchers discovered an OpenSSL vulnerability (CVE-2014-0224) that could result in a man-in-the-middle attack exploiting some versions of OpenSSL. Called the OpenSSL Change Cipher Spec (CCS) Injection, this vulnerability requires that...

Virtualization Working Group 2014 Kick-Off Call

Press Release Published: 06/13/2014

The Cloud Security Alliance Virtualization Working Group is seeking volunteers to participate in developing and maintaining a research portfolio providing capabilities to assist the cloud provider industry in research of the combined virtualized operating systems and future technologies. The grou...

TweetDeck — Just another hack or a missed opportunity to tighten cloud security?

Blog Published: 06/13/2014

June 12, 2014By Harold Byun, Senior Director of Product Management, Skyhigh Networks The recent TweetDeck hack on Twitter presents a common cloud dilemma for information security teams. On the one hand, the BYOX trends that drive cloud service adoption and worker self-enablement are transformin...

DON’T GET SNOWDENED: 5 QUESTIONS EVERY CEO SHOULD ASK THEIR CIO / CISO

Blog Published: 06/05/2014

By Sekhar Sarukkai, Founder, VP of EngineeringSkyhigh NetworksToday is the 1-year anniversary of the historic Snowden disclosure. In the year since the first stories about Edward Snowden appeared, one of the lasting affects of the scandal is a heightened awareness of the risk posed by rogue insi...

The Evolution of Threats against Keys and Certificates

Blog Published: 06/05/2014

By George Muldoon, Regional Director, Venafi In my blog post about the Heartbleed hype, I stress that threats against keys and certificates neither started with the Heartbleed vulnerability, nor certainly will end with it. Threats specifically against keys and certificates go back to 2009 and 201...

The Cloud Multiplier Effect on Data Breaches

Blog Published: 06/04/2014

by Krishna Narayanaswamy, Chief Scientist at NetskopeAll of the things we love about cloud and SaaS apps can also put us at risk of a data breach. First, we love that we can get our favorite apps quickly and easy without having to answer to anyone. This leads to massive app growth, usually of inh...

Heartbleed Hype Left Enterprises Uninformed

Blog Published: 06/03/2014

By George Muldoon, Regional Director, Venafi In early April, the vulnerability known simply as “Heartbleed” became the latest rage. During the first week after discovery, the mainstream media aggressively reported on Heartbleed, stirring up a tornado of fear, uncertainty, and doubt amongst all In...

Too Many Employees Ignore BYOD Security

Blog Published: 06/02/2014

By Nina Seth, AccellionConsidering the risks that BYOD mobile activity can pose to enterprises, CIOs have a right to be dismayed by two recent surveys showing just how little some employees care about protecting data on mobile devices.A recent survey by Centrify found that: 43% have accessed sen...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
162
163
164
166
168
169
170
Last »