Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
The Tie Between Cloud App Enterprise-Readiness Score and Heartbleed Remediation: 7 Steps You Need to Take Now

Blog Published: 04/17/2014

Krishna Narayanaswamy, Netskope Chief ScientistThe Heartbleed Bug is a serious vulnerability for websites around the world. Many enterprise cloud and SaaS apps were also impacted. While most app vendors have remediated their systems, some remain vulnerable.Netskope researchers have been scanning ...

The Heartbleed Bug: Learn How It Operates

Blog Published: 04/15/2014

By Zulfikar Ramzan, CTO, ElasticaThe entire internet security community was up in arms on Monday as a devastating new bug, Heartbleed was discovered in OpenSSL, the most widely deployed cryptographic function on the web. Google’s security team discovered the malicious bug. Since then OpenSSL has ...

HOW CHICKEN EYES TAUGHT US TO DETECT CLOUD SECURITY BREACHES

Blog Published: 04/15/2014

By Sekhar Sarukkai, SkyHigh Networks A fascinating scientific discoveryThere was a fascinating discovery last month on a new state of matter never before seen in biology in, of all places, the eyes of chicken – a state of “disordered hyperuniformity”. This arrangement of particles in the chicken’...

FTC Recognizes Value of Trust Established by SSL and Digital Certificates

Blog Published: 04/14/2014

By KEVIN BOCEK, VP, SECURITY STRATEGY & THREAT INTELLIGENCE, VENAFIAttacks on digital certificates and trusted connections drive FTC to actionRecognizing that the trust established by Secure Sockets Layer (SSL) and digital certificates plays an important role in everyday life, the US Federal ...

Mad Max Here We Come: Heartbleed shows how much we blindly trust keys and certificates (and take them for granted)

Blog Published: 04/10/2014

KEVIN BOCEK, VP, SECURITY STRATEGY & THREAT INTELLIGENCE, VENAFI The race is on to respond and remediate by replacing keys and certificates in use with millions of applications because patching won't help. The world runs on the trust established by digital certificates and cryptographic keys....

24 HOURS AFTER HEARTBLEED, 368 CLOUD PROVIDERS STILL VULNERABLE

Blog Published: 04/10/2014

By Harold Byun, Skyhigh NetworksOver the past weeks, security teams across country have been grappling with end of life for Windows XP, which is still running on 3 out of 10 computers. That issue has been completely overshadowed with news of the Heartbleed vulnerability in OpenSSL, which is used ...

Cloud Policy? I’ll Take a Sharp Stick in the Eye, Please!

Blog Published: 04/10/2014

By Jamie Barnett, VP Marketing, NetskopeWe were struck by a survey we conducted with RSA Conference attendees in February when we learned that even though more than 60% of respondents didn’t have or didn’t know if they had a cloud app policy, 70% cared enough to think about their organization’s p...

DON’T LET THE END OF SUPPORT FOR WINDOWS XP PUT YOUR CORPORATE DATA AT RISK

Blog Published: 04/10/2014

By Harold Byun, Skyhigh Networks April 8 = Y2K all over again?I may be dating myself a little bit here by writing this, but at the turn of the century, the impending arrival of the year 2000 led to multi-year coding projects, systems upgrades, and a massive testing effort to ensure Y2K compliancy...

CSA Seeks Input on Open Peer Review: CAIQ v3.0.1

Press Release Published: 04/09/2014

CSA has kicked off the Consensus Assessment Initiative Questionnaire (CAIQ) v3.0.1 open peer review period, to be held now through May 8, 2014. Please consider participating in this peer review by leaving your comments on the CAIQ v3.0.1. This updated version of the CAIQ realigns the quest...

CSA Seeks Input on Open Peer Review: CCM v3.0.1

Press Release Published: 04/09/2014

Cloud Security Alliance announces an open peer review period for the Cloud Controls Matrix (CCM) v3.0.1, now through May 8, 2014. We invite you to submit your feedback by leaving comments on the CCM v3.0.1. The CCM v3.0.1 release will include new or updated mappings to the following securi...

Why Should You Update Your Trusted CAs and Enforce Certificate Whitelists?

Blog Published: 04/09/2014

By Patriz Regalado, Product Marketing Manager, Venafi Your organization’s policies—or lack of policies—regarding trusted root CA certificates are exposing you to unnecessary risk. Because certificates serve as credentials for so many mission-critical transactions, attackers are constantly trying ...

Windigo: Another Multi-Year APT Targets SSH Credentials

Blog Published: 04/04/2014

By Gavin Hill, Director, Product Marketing and Threat Intelligence, Venafi Last month, ESET, a leading IT security company, published a detailed analysis of operation Windigo. This operation, active since 2011, has compromised over 25,000 Linux and Unix webservers. Cyber-criminals use these serve...

Cloud Security Alliance Announces Launch Of Privacy Level Agreement (PLA) V.2 Working Group

Press Release Published: 04/03/2014

PLA v.2 to Provide Powerful Transparency and Voluntary Disclosure Mechanism to Support European Cloud Service Providers Edinburgh (UK), Amsterdam (NL) and Seattle, WA – April 3, 2014 – SecureCloud 2014 - The Cloud Security Alliance (CSA) today announced the launch of version 2 of its Privacy Lev...

Cloud Security Alliance (CSA) Announces SAP Has Joined CSA as an Executive Corporate Member

Press Release Published: 04/02/2014

Newest Member to Help CSA Promote Best Practices and Standards in EMEA Amsterdam, Netherlands (SecureCloud 2014) - April 2, 2014 - Today at SecureCloud 2014, the Cloud Security Alliance (CSA) today announced that SAP (NYSE: SAP) has joined the CSA as an executive corporate member and will become...

SIT Partners The Cloud Security Alliance In Landmark Agreement

Press Release Published: 04/01/2014

1. The Singapore Institute of Technology (SIT) has signed a Memorandum of Understanding with the Cloud Security Alliance (CSA) to collaborate on education and research efforts in cloud security. The CSA is a not-for-profit organization that promotes best practices in providing security assurance ...

On behalf of the CDPC Leadership Team: Open Review Period - Cloud Data Protection Cert Candidate Project

Press Release Published: 03/31/2014

We would like to invite Cloud Security Alliance (CSA) members as well as the cloud and security community to participate in the open review period for a new candidate project that we are proposing for contribution to the CSA Research Portfolio. In addition, we are considering contributing this I...

On behalf of the CDPC Leadership Team: Open Review Period - Cloud Data Protection Cert Candidate Project

Blog Published: 03/29/2014

We would like to invite Cloud Security Alliance (CSA) members as well as the cloud and security community to participate in the open review period for a new candidate project that we are proposing for contribution to the CSA Research Portfolio. In addition, we are considering contributing this I...

I Hunt Sys Admins’ SSH

Blog Published: 03/28/2014

KEVIN BOCEK, VP, SECURITY STRATEGY & THREAT INTELLIGENCE, VENAFI SSH keys again confirmed as a favorite target for advanced attackers - how will IT security fight back?Newly leaked NSA documents from Edward Snowden, entitled “I Hunt Sys Admins” show that sophisticated attackers are aiming to ...

Do you know what’s happening in the cloud at your organization?

Blog Published: 03/26/2014

By Sanjay Beri, Founder and CEO, NetskopeFor as long as “Shadow IT” has existed, technology vendors have encouraged IT professionals to uncover unsanctioned apps in their organizations so they can block them. But people rely on apps like Box, Dropbox, Evernote, Jira, and Workday for business crit...

First Research Newsletter Now Available

Press Release Published: 03/20/2014

The CSA Research team is excited to announce that the first monthly Research Update is available here. If you would like to receive future Research Updates please sign up here.

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
164
165
166
168
170
171
172
Last »