Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Participate in the CSA Top Threats to Cloud Computing 2025 peer review to help shape industry insights!

All Articles

Home
All Articles
Five Considerations to Keep Your Cloud Secure

Blog Published: 05/22/2024

Originally published by Bell.Written by Jack Mann, Senior Technical Product Manager, Cyber Security, Bell.When you make the shift to the cloud, it’s easy to assume that your cloud service provider – whether that’s AWS®, Microsoft Azure®, Google® Cloud or any another vendor – will keep your dat...

Securing AI-Native Application Workloads with Zero Trust: Preventing LLM Attacks and Poisoning

Blog Published: 05/23/2024

Written by Vaibhav Malik, Global Partner Solutions Architect, Cloudflare. AI-native application workloads are rapidly emerging as the next frontier in artificial intelligence. These workloads leverage advanced AI technologies, such as large language models (LLMs), to enable intelligent and int...

The Transformative Power of Continuous Threat Exposure Management (Myth or Reality?)

Blog Published: 05/24/2024

Written by Alex Vakulov.The growing dynamics of cyber risks are forcing companies to shift their approach to information security from reactive to proactive. Gartner has introduced a new concept called Continuous Threat Exposure Management (CTEM) to address this. In 2022, Gartner first introd...

Why Do Most Cybersecurity Attacks Occur in Q4?

Blog Published: 05/24/2024

Written by Ashwin Chaudhary, CEO, Accedere.Cybersecurity attacks exhibit intriguing patterns throughout the year. While it’s not universally true that most attacks occur in the last quarter, there are several reasons and notable trends, why cybersecurity attacks tend to increase in the fourth ...

Goodbye PCI DSS 3.2.1. Hello PCI DSS 4.0: 12 Key Changes!

Blog Published: 05/28/2024

Originally published by RegScale.Written by Dan Biewener.As of March 31, 2024, PCI DSS 3.2.1 has been retired—and businesses who process credit card transactions will have until March 31, 2025 to achieve full PCI DSS compliance with the new version 4.0. This update introduces around 60 new req...

Cloud Security Assessment Fundamentals in 2024

Blog Published: 05/29/2024

Written by David Balaban.The indisputable benefits of cloud computing for organizations are the tip of the iceberg. Beneath it lies an oft-overlooked multitude of unique threats and vulnerabilities that might erode the environment unless kept in check. The challenges run the gamut from cloud s...

Decommissioning Orphaned and Stale Non Human Identities

Blog Published: 06/03/2024

Originally published by Oasis Security.Written by Yonit Glozshtein, Director of Product Management, Oasis Security.Unmanaged non-human identities (NHIs) pose a significant security risk in today's digital landscape. NHIs often operate outside traditional IT security reviews, making them vulner...

Cloud Threats Deploying Crypto CDN

Blog Published: 06/03/2024

Originally published by Sysdig.Written by Stefano Chierici.The Sysdig Threat Research Team (TRT) discovered a malicious campaign using the blockchain-based Meson service to reap rewards ahead of the crypto token unlock happening around March 15th. Within minutes, the attacker attempted to crea...

Unmasking Vendor Fraud: Detecting Suspicious Activity in Email Communications

Blog Published: 06/04/2024

Originally published by Abnormal Security. Written by Jake Shulman. Not all email attacks involve the use of malicious links, malware, or attachments. Increasingly, attackers rely on social engineering tactics to exploit unsuspecting employees. One of the highest value and most pernicious form...

Automated Cloud Remediation – Empty Hype, Viable Strategy, or Something in Between?

Blog Published: 05/17/2024

Originally published by Tamnoon.Written by Idan Perez, CTO, Tamnoon.What role does automation play in cloud remediation? Will it replace or simply augment the role of security and R&D teams?Over 60% of the world’s corporate data now resides in the cloud, and securing this environment has b...

The Risk and Impact of Unauthorized Access to Enterprise Environments

Blog Published: 05/17/2024

Originally published by StrongDM.Unauthorized access poses serious threats to businesses, compromising sensitive information and disrupting operations. Cybercriminals leverage vulnerabilities through advanced phishing attacks and API security breaches, underscoring the necessity for companies ...

It’s Time to Throw Away the Manual with Evidence Collection

Blog Published: 05/20/2024

Originally published by RegScale.Written by Larry Whiteside Jr.In today’s complex and ever-changing regulatory environment, it is more important than ever for organizations to have a strong compliance program in place. However, manually gathering compliance data can be a time-consuming and ine...

Ignoring the Change Healthcare Attack Invites a Cycle of Disaster

Blog Published: 05/21/2024

Originally published by CXO REvolutionaries.Written by Tamer Baker, CTO in Residence, Zscaler.You may recall, in February, Change Healthcare announced that threat actors affiliated with BlackCat/ALPHV had breached their organization. The adversaries executed a ransomware attack affecting criti...

Priorities Beyond Email: How SOC Analysts Spend Their Time

Blog Published: 05/21/2024

Originally published by Abnormal Security.Written by Mick Leach.In the cybersecurity world, Security Operations Center (SOC) analysts serve as watchful defenders, tasked with the critical mission of fortifying systems against malicious intrusions and swiftly responding to emerging threats. Cen...

Why the EU AI Act Poses Greater Challenges Than Privacy Laws

Blog Published: 05/22/2024

Originally published by Truyo.In an age bursting with technological advances, the European Union has taken a pioneering step toward shaping the future of Artificial Intelligence (AI) governance. Enter the landmark Artificial Intelligence Act—a comprehensive regulatory framework penned to strik...

The Shift to SDP: A Business Imperative for Enhanced Cybersecurity

Blog Published: 05/29/2024

Written by Cetark.A revolution is underway in cybersecurity. As businesses grapple with an escalating wave of cyber threats and the realities of a mobile workforce, the traditional cybersecurity infrastructure, epitomized by Virtual Private Networks (VPNs), is scrutinized. The emerging paradig...

The Risks of Relying on AI: Lessons from Air Canada’s Chatbot Debacle

Blog Published: 06/05/2024

Originally published by Truyo.In the era of artificial intelligence (AI), companies are increasingly relying on automated systems to streamline operations and enhance customer service. However, a recent incident involving Air Canada’s AI-powered chatbot serves as a stark reminder of the risks ...

2024 Report Reveals Hundreds of Security Events Per Week, Highlighting the Criticality of Continuous Validation

Blog Published: 05/23/2024

Originally published by Pentera.Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half. And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their ...

What is ASPM?

Blog Published: 05/28/2024

Written by LingRaj Patil, VP of Marketing, ArmorCode.Application Security Posture Management (ASPM) is a long name for an approach centered around unlocking AppSec visibility across the Continuous Development and Continuous Deployment pipeline. If you are with a software development organizati...

Zero Trust Hitting ‘Critical Mass’ at Federal Level

Blog Published: 06/06/2024

Originally published by CXO REvolutionaries.Written by Kavitha Mariappan, EVP, Customer Experience and Transformation, Zscaler.In early 2024, when the federal government got wind of certain Ivanti vulnerabilities, it immediately advised civilian executive branch agencies to disconnect these so...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
169
170
171
173
175
176
177
Last »