Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Download CSA’s AI Controls Matrix to Secure Cloud-Based AI Systems

All Articles

Home
All Articles
Insider Data Breach at US Telecom Provider is a Wake-Up Call for HR Information Systems Security

Blog Published: 04/08/2024

Originally published by Adaptive Shield.Written by Hananel Livneh. A major player in the US telecommunications industry, with over 117,000 employees, recently experienced an insider data breach that has impacted nearly half of its workforce. The breach, discovered on December 12, 2023, occurre...

Why Do SOC Reports Have to Be Issued By a CPA Firm?

Blog Published: 04/08/2024

Originally published by MJD.Written by Chris Giles, CPA, Senior Manager, MJD.Q: Why do SOC reports have to be issued by a CPA firm?A: MJD AnswerThe simple answer is that SOC engagements are performed in accordance with standards set by the American Institute of Professional Accountants (AICPA)...

Navigating Your Cloud Journey in 2024: Key Resources from the Cloud Security Alliance

Blog Published: 04/05/2024

Written by Nicole Krenz, Web Marketing Specialist, CSA.The cloud security landscape is ever-evolving, presenting new opportunities and challenges, especially in the realms of AI, compliance and governance, and continuous security education and advancement. The Cloud Security Alliance (CSA) is ...

Powerful Cloud Permissions You Should Know: Part 2

Blog Published: 04/09/2024

Originally published by Sonrai Security.Written by Tally Shea and Deirdre Hennigar.MITRE ATT&CK Framework: PersistenceThis blog is the second publication in a series exploring the most powerful cloud permissions and how they map to the MITRE ATT&CK Framework. If you have not yet read t...

Do You Know These 7 Terms About Cyber Threats and Vulnerabilities?

Blog Published: 04/19/2024

In today's digitally interconnected world, where cybercriminals continue to advance as technology does, understanding the landscape of cyber threats and vulnerabilities is crucial for both individuals and organizations. Below, we define seven fundamental terms and provide additional resources ...

Protocols are Passé. APIs are Key for Effective Zero Trust Implementation.

Blog Published: 04/12/2024

Written by Chandra Rajagopalan, Principal Software Engineer, Netskope. A really short reminiscence of network and security protocolsFrom the 1970s to the 2000s, creating new protocols and enhancing the protocols was prevalent among networking and security experts. These protocols influenced th...

How to Audit Your Outdated Security Processes

Blog Published: 04/16/2024

Originally published by Vanta.As your business grows, there are new demands of the security team, like adding additional compliance frameworks, more security questionnaires, or new, advanced requirements from large enterprise customers.While this growth is exciting, it also comes with growing...

Neutralizing the Threat with Cloud Remediation

Blog Published: 04/23/2024

Originally published by Tamnoon. Written by Michael St.Onge, Principal Security Architect, Tamnoon. Smooth remediation requires meticulous coordination across tools, teams, and schedules. The complexity and scale of the remediation process may suggest that only a manual or an automated process...

‘Leaky Vessels’ Docker Vulnerabilities Found in Many Cloud Environments: RunC (60%) and BuildKit (28%)

Blog Published: 04/23/2024

Originally published by Orca Security. Written by Roi Nisimi.On January 31st, Snyk unveiled the discovery of four novel container vulnerabilities that target the runC and BuildKit components within Docker container environments. The vulnerabilities were assigned CVEs with CVSS scores ranging f...

Secure Your Kubernetes Environment by Enforcing Least Privilege

Blog Published: 04/24/2024

Originally published by Tenable. Written by Tom Croll, Advisor at Lionfish Tech Advisors. Kubernetes has emerged as the de facto standard for managing containerized workloads across private and public clouds. However, the evolution of security standards has significantly lagged, leading to h...

Remote Code Execution (RCE) Lateral Movement Tactics in Cloud Exploitation

Blog Published: 04/12/2024

Originally published by Uptycs.When it comes to cybersecurity, Remote Code Execution (RCE) might sound complex, but in essence, it's a straightforward concept with profound implications. Among the myriad of security vulnerabilities, RCEs are particularly alarming due to their high impact and t...

Sealing Pandora's Box - The Urgent Need for Responsible AI Governance

Blog Published: 04/12/2024

Written by MJ Schwenger, CSA AI Working Group.The explosive emergence of Generative AI, with its ability to create seemingly magical outputs from text to code, is undeniably exciting. However, lurking beneath this shiny surface lies a Pandora's box of potential risks that demand immediate atte...

Cantwell Proposes Legislation to Create a Blueprint for AI Innovation and Security

Blog Published: 04/15/2024

Originally published by Truyo.Written by Dan Clarke.In 2024, a surge of global AI legislation is imminent, with the United States poised to follow the European Union’s lead by implementing comprehensive nationwide rules and guidelines. Senate Commerce Committee Chair Maria Cantwell is gearing ...

From Gatekeeper to Guardian: Why CISOs Must Embrace Their Inner Business Superhero

Blog Published: 04/15/2024

Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.(And why it should become our outer superhero persona, too)Let's face it. The days of the CISO as the lone wolf, guarding the castle walls with a stack of firewalls and a suspicious glare, are over (th...

The Data Security Risks of Adopting Copilot for Microsoft 365

Blog Published: 04/16/2024

Originally published by Cyera.Written by Leo Reznik. Microsoft is taking the lead when it comes to AI-powered ecosystems. The company’s newly introduced Copilot AI assistant for Microsoft 365 surfaces organizational data to deliver users a seamless workflow experience. However, with lots of da...

How to Set Your Small Privacy Team Up for Success

Blog Published: 04/17/2024

Originally published by Schellman.Amidst the evolving patchwork of data protection and privacy legislation in the United States, privacy remains a top priority for organizations. But protecting privacy also requires resources, and while not all organizations have that much to spare, it is poss...

How to Prepare Your Workforce to Secure Your Cloud Infrastructure with Zero Trust

Blog Published: 04/24/2024

Written by Martin Hall.As business reliance on cloud infrastructure has grown, attack surfaces have changed, vulnerabilities have increased, and the nature of threats continues to evolve. Zero Trust has become a pivotal framework to enhance the security of cloud infrastructure and services. It...

Navigating the XZ Utils Vulnerability (CVE-2024-3094): A Comprehensive Guide

Blog Published: 04/25/2024

Originally published by Uptycs.On 29 March 2024, the cybersecurity community turned its attention to a newly disclosed vulnerability in XZ Utils, identified as CVE-2024-3094. This backdoor vulnerability has sent ripples across the tech world, primarily due to the widespread use of XZ Utils for...

CPPA AI Rules Cast Wide Net for Automated Decisionmaking Regulation

Blog Published: 04/26/2024

Originally published by Truyo. Written by Dan Clarke.At the end of 2023, the California Privacy Protection Agency (CPPA) unveiled draft regulations aimed at automated decision-making technology (ADMT), including artificial intelligence (AI), to bolster consumer protections in the state. This s...

This Year’s Zero Trust Opportunity for Security Professionals

Blog Published: 04/26/2024

Written by Martin Hall. The world of Zero Trust is at the doorstep of security professionals, bringing the opportunity to add value to their tool belts and advance their careers and opportunities.Digital transformation is gathering pace. Organizations are increasing their use of cloud infrastr...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
165
166
167
169
171
172
173
Last »