ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

All Articles
Mastering Least Privilege: Cutting Unused Access

Blog Published: 05/30/2024

Written by StrongDM.It’s an irrefutable fact: You can't defend your total attack surface without visibility into privileged access. The Principle of Least Privilege emphasizes that individuals within your environment should only have the necessary access and permissions essential for their rol...

Level Up Your Security Strategy with Cyber Resilience

Blog Published: 05/30/2024

Originally published by BARR Advisory.Even with strong cybersecurity programs in place, companies can still become victims of a security breach. While it may seem unfair or frustrating, especially if you’ve spent time, money, and energy working to reduce your risk, unfortunately it’s impossibl...

Unlocking Trust in the Digital Age: The Power of Blockchain Technologies

Blog Published: 05/28/2024

Written by Gökhan Polat, Member of the CSA Blockchain Working Group.Trust serves as the cornerstone of strong human relationships, fostering security, effective communication, cooperation, and emotional intimacy. In today's business landscape, trust is paramount, especially in the digital real...

What is Agile Compliance? | Continuous Monitoring for Enhanced Risk Reduction

Blog Published: 05/31/2024

The CSA Security Update podcast is hosted by John DiMaria, Director of Operations Excellence at CSA. The podcast explores the CSA STAR program, cloud security best practices, and associated technologies. In this blog series, we edit key podcast episodes into shorter Q&As. Today’s post feat...

What are the ISO 9001 Requirements?

Blog Published: 05/31/2024

Originally published by Schellman. When seeking ISO 9001 certification, part of that road to compliance will be aligning your required quality management system (QMS) with the key clauses (4-10) within the standard, each of which focuses on a specific facet of that management system—context, l...

3 Ways AI Can Streamline Your Regulatory Compliance

Blog Published: 06/04/2024

Originally published by RegScale.In an era where regulatory changes are fast and frequent, organizations have a difficult time keeping up. They fall behind on compliance and jeopardize passing their audits or inspections. To avoid falling behind even further, organizations need to speed up the...

Learn How to Navigate Ransomware Attacks in a Digital World

Blog Published: 05/31/2024

Written by LRQA.In an increasingly digital world, ransomware attacks have become a prevalent threat, disrupting businesses and causing significant financial losses. The increasing volume and impact of ransomware attacks - which encrypt victims’ computer files until they pay a fee - poses a si...

The Path to SOC 2 Compliance for Startups

Blog Published: 05/30/2024

I've worked for some notable early-stage startup companies that sought to do business with Fortune 500 companies. I clearly remember the challenges of demonstrating how you can protect their customer data. SOC 2 compliance for startups can be a massive undertaking.When you have a compelling so...

CSA Community Spotlight: Advancing Thought Leadership with Cybersecurity Architect Shruti Kulkarni

Blog Published: 06/05/2024

For the last 15 years, CSA has been disseminating expert-led thought leadership to the cybersecurity community at large. Our offerings have included research publications, trainings, blogs, in-person and virtual webinars and events, and many other initiatives based on top-of-mind security conc...

Artificial Intelligence (AI) in Risk Assessment and Mitigation

Blog Published: 06/06/2024

Written by Ashwin Chaudhary, CEO, Accedere.The advancement of generative AI technologies like GPT has led to rapid growth in AI adoption worldwide. While companies adopt AI with the intention of being competitive in the market, they often overlook the security risks that come with AI that can ...

Cloud Security Alliance Survey Finds 70% of Organizations Have Established Dedicated SaaS Security Teams

Press Release Published: 06/04/2024

Despite economic uncertainty, organizations are prioritizing SaaS security investmentGartner Security and Risk Management Summit, National Harbor, Maryland – June 4, 2024 – Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams...

Cloud Security Alliance Announces Implementation Guidelines v2.0 for Cloud Controls Matrix (CCM) in Alignment with Shared Security Responsibility Model

Press Release Published: 06/04/2024

Update strengthens CCM’s position as the cloud security industry’s preferred control frameworkSEATTLE – June 4, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing...

Secure Your Staff: How to Protect High-Profile Employees’ Sensitive Data on the Web

Blog Published: 06/07/2024

Originally published by CrowdStrike.Written by Ben TerMeer, Brian Bunyard, and Keith Mason.Organizations are increasingly concerned about high-profile employees’ information being exposed on the deep and dark web. The CrowdStrike Counter Adversary Operations team is often asked to find fake s...

What is Continuous Controls Monitoring & Its Impact on Cybersecurity?

Blog Published: 06/11/2024

Originally published by RegScale.Written by Dan Biewener.It’s 2024 and the rules have changed, literally. Late in 2023, the U.S. Securities and Exchange Commission (SEC) issued new requirements for cybersecurity disclosures. In addition to reporting material cybersecurity incidents within four...

CSA STAR: Securing the Cloud and Beyond

Blog Published: 06/04/2024

CSA’s Security, Trust, Assurance and Risk (STAR) program is in its 13th year and is one of the offerings we have developed that I am most proud of. I would even go so far as to say we are the gold standard for cloud provider assurance, as our public registry contains listings for over 2,500 cl...

Application Security Solutions: CNAPP vs CSPM vs ASPM

Blog Published: 06/07/2024

The CSA Security Update podcast is hosted by John DiMaria, Director of Operations Excellence at CSA. The podcast explores the CSA STAR program, cloud security best practices, and associated technologies. In this blog series, we edit key podcast episodes into shorter Q&As. Today’s post feat...

Security Considerations for Hardware Security Module as a Service

Blog Published: 06/07/2024

A hardware security module (HSM) is a trusted platform for performing cryptographic operations and protecting keys. A main feature of the HSM architecture is its special co-processor that performs cryptography functions. HSMs also consist of a hardware-based random number generator, RAM, stora...

AWS S3 Bucket Security: The Top CSPM Practices

Blog Published: 06/10/2024

Written by ArmorCode.An S3 bucket is a fundamental resource in Amazon Web Services (AWS) for storing and managing data in the cloud. S3 stands for "Simple Storage Service," providing scalable, durable, and highly available object storage.S3 is widely used for various purposes, such as storing ...

Discover CCSK v5: The New Standard in Cloud Security Expertise

Blog Published: 06/12/2024

Written by Martin Hall.Already trusted by thousands of companies and tens of thousands of cloud security professionals worldwide, the Certificate of Cloud Security Knowledge (CCSK) is the industry standard for cloud security expertise. And it's about to get even better. Based on input from our...

Beyond Blind Trust: The Imperative of Zero Trust for Federal Agencies

Blog Published: 06/13/2024

Originally published by Synack.Written by Ed Zaleski. Director of Federal Sales for the Department of Defense, Synack.TL;DRZero trust cybersecurity principles require continuous monitoring and evaluation to ensure effectiveness.Implementing zero trust necessitates a significant overhaul of exi...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.