Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Cloud 101CircleEventsBlog
Discover the latest cloud threats, evolving AI risks, and how to stay ahead. Don’t miss CSA’s free Cloud Threats & Vulnerabilities Summitregister now!

All Articles

Home
All Articles
Enterprise Management Associates Names Cloud Security Alliance as a Cutting-Edge Security Exhibitor in Its Vendor Vision 2024 Report for RSA

Press Release Published: 05/07/2024

CSA was the only nonprofit to be named in the reportSAN FRANCISCO (RSA Conference) – May 7, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, is ple...

Zero Trust & Identity and Access Management: Mitigating Shadow Access

Blog Published: 05/10/2024

Written by the CSA Identity and Access Management Working Group.In today's digitally interconnected landscape, understanding the intricacies of Identity and Access Management (IAM) is imperative for safeguarding organizational assets. A looming threat to IAM is Shadow Access. This insidious me...

What is Management Plane (Metastructure) Security

Blog Published: 05/13/2024

Written by Ashwin Chaudhary, CEO, Accedere.Metastructure refers to the protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration as per Cloud Security Alliance's Securi...

The Importance of Securing Your Organization Against Insider and Offboarding Risks

Blog Published: 05/14/2024

Written by Wing Security.Offboarding employees may seem like a routine administrative task, but the security risks it poses are anything but ordinary. In today's interconnected digital landscape, failing to properly revoke access for departing employees can lead to catastrophic data breaches, ...

Unveiling the Dark Arts of Exploiting Trust

Blog Published: 05/14/2024

Originally published by CXO REvolutionaries. Written by Tony Fergusson, CISO in Residence, Zscaler.Trust is a fundamental aspect of human interaction, forming the foundation of relationships and societal harmony. However, trust can be deceptive, concealing hidden vulnerabilities that emerge wh...

How to Design an IT Service Model for End User Happiness

Blog Published: 05/15/2024

Originally published by Automox.Episode SummaryThis episode of Automate IT with David van Heerden explores the topic of end user happiness and how it relates to automation in IT. David discusses two different approaches taken by ISPs to improve customer satisfaction: a tech-driven automation s...

Securing Generative AI with Non-Human Identity Management and Governance

Blog Published: 05/16/2024

Originally published by Oasis Security.Written by Joel McKown, Solutions Engineer, Oasis Security.There are many inevitabilities in technology, among them is that rapid innovation will introduce unique risks and 3 letter acronyms will abide. Generative AI conversations have become top of mind,...

Two Effective Strategies to Reduce Critical Vulnerabilities in Applications

Blog Published: 05/20/2024

Originally published by CrowdStrike.Securing custom applications in a sea of vulnerabilities is daunting. To make the task even more challenging, the threat to applications continues to grow: 8 out of the top 10 data breaches last year were related to application attack surfaces.This blog deta...

The Narrow Escape from the xz Disaster

Blog Published: 05/07/2024

Originally published by Dazz.Written by Tomer Schwartz, Co-founder & CTO, Dazz.In the intricate world of software supply chain, the recent near-miss incident with CVE-2024-3094–the xz/liblzma backdoor–serves as a potent reminder of our system's fragility and the constant vigilance required...

Building Resilience Against Recurrence with Cloud Remediation

Blog Published: 05/09/2024

Originally published by Tamnoon.Written by Michael St.Onge, Principal Security Architect, Tamnoon.In the fast-evolving cloud security landscape, successful remediation isn’t just about fixing issues when they arise – it’s equally about preventing the recurrence of these issues.Prevention is th...

Utah S.B. 149: Creating a Safe Space for Developers While Regulating Deceptive AI

Blog Published: 05/09/2024

Originally published by Truyo.Written by Dan Clarke.Utah’s foray into the realm of artificial intelligence (AI) regulation is marked by the passage of Senate Bill 149, the Artificial Intelligence Policy Act. While many states grapple with the complexities of AI governance, Utah’s rather fast a...

A Risk-Based Approach to Vulnerability Management

Blog Published: 05/10/2024

Written by Devin Maguire, ArmorCode.Security and risk are related but not synonymous. Security prevents, detects, and responds to attacks and is a key variable in the broader category of risk management. Risk management weighs the probability and impact of adverse events across the organizatio...

New SEC Rules: Material Incident Reporting Through Cybersecurity Disclosures

Blog Published: 05/13/2024

Originally published by Cyera.Written by Jonathan Sharabi.The Securities and Exchange Commission (SEC) rules set forth on July 26th, 2023, require that nearly all companies that file documents with the SEC (“registrants”) must describe the processes and management procedures they use to assess...

Building Trust Through Vendor Risk Management

Blog Published: 05/15/2024

Originally published by BARR Advisory.Written by Brett Davis.In today’s business landscape, relationships are paramount. But while the focus often lies on customer relationships, relationships with vendors are equally crucial. Establishing trust with vendors facilitates smooth operations and s...

Navigating Cloud Security Best Practices: A Strategic Guide

Blog Published: 05/15/2024

As cloud computing continues to be a pivotal force in IT infrastructure, it’s crucial for organizations to understand and use effective cloud security strategies to protect their data. This blog provides a short guide based on CSA’s Security Guidance, showing key ways to secure cloud environme...

2024 State of SaaS Security Report Shows A Gap Between Security Team Confidence And Complexity of SaaS Risks

Blog Published: 05/16/2024

Originally published by Valence.Written by Jason Silberman.Valence Security has released the 2024 State of SaaS Security Report. Among the primary themes we saw in the report—which combines an industry survey with data collected by Valence from hundreds of real enterprise SaaS applications—is ...

Apple's New iMessage, Signal, and Post-Quantum Cryptography

Blog Published: 05/17/2024

Written by Denis Mandich, Member of the CSA Quantum-Safe Security Working Group and CTO of Qrypt.Apple recently updated their iMessage application with stronger security features, adopting cryptography believed to be secure against attack by quantum computers. They use common end-to-end encryp...

Exploring Syscall Evasion – Linux Shell Built-ins

Blog Published: 05/20/2024

Originally published by Sysdig.Written by Jason Andress.This is the first article in a series focusing on syscall evasion as a means to work around detection by security tools and what we can do to combat such efforts. We’ll be starting out the series discussing how this applies to Linux opera...

Cloud Security Alliance and SAFECode Release Sixth and Final White Paper in Its Six Pillars of DevSecOps Series

Press Release Published: 05/15/2024

Document promotes and demonstrates the importance of clear measurements for security performance in DevSecOpsSEATTLE – May 15, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure ...

Is Climate Change an Issue for Your ISO Certification?

Blog Published: 05/22/2024

Originally published by Schellman.On February 23, 2024, ISO (along with the International Accreditation Federation (IAF)) published short amendments to all standards aligned with its Harmonized Structure. In the form of new requirement language and one additional note, ISO has now adapted clim...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
168
169
170
172
174
175
176
Last »