Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
Automated Cloud Remediation – Empty Hype, Viable Strategy, or Something in Between?

Blog Published: 05/17/2024

Originally published by Tamnoon.Written by Idan Perez, CTO, Tamnoon.What role does automation play in cloud remediation? Will it replace or simply augment the role of security and R&D teams?Over 60% of the world’s corporate data now resides in the cloud, and securing this environment has beco...

Securing Generative AI with Non-Human Identity Management and Governance

Blog Published: 05/16/2024

Originally published by Oasis Security.Written by Joel McKown, Solutions Engineer, Oasis Security.There are many inevitabilities in technology, among them is that rapid innovation will introduce unique risks and 3 letter acronyms will abide. Generative AI conversations have become top of mind, as...

2024 State of SaaS Security Report Shows A Gap Between Security Team Confidence And Complexity of SaaS Risks

Blog Published: 05/16/2024

Originally published by Valence.Written by Jason Silberman.Valence Security has released the 2024 State of SaaS Security Report. Among the primary themes we saw in the report—which combines an industry survey with data collected by Valence from hundreds of real enterprise SaaS applications—is a c...

Navigating Cloud Security Best Practices: A Strategic Guide

Blog Published: 05/15/2024

As cloud computing continues to be a pivotal force in IT infrastructure, it’s crucial for organizations to understand and use effective cloud security strategies to protect their data. This blog provides a short guide based on CSA’s Security Guidance, showing key ways to secure cloud environments...

How to Design an IT Service Model for End User Happiness

Blog Published: 05/15/2024

Originally published by Automox.Episode SummaryThis episode of Automate IT with David van Heerden explores the topic of end user happiness and how it relates to automation in IT. David discusses two different approaches taken by ISPs to improve customer satisfaction: a tech-driven automation solu...

Cloud Security Alliance and SAFECode Release Sixth and Final White Paper in Its Six Pillars of DevSecOps Series

Press Release Published: 05/15/2024

Document promotes and demonstrates the importance of clear measurements for security performance in DevSecOpsSEATTLE – May 15, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure clo...

Building Trust Through Vendor Risk Management

Blog Published: 05/15/2024

Originally published by BARR Advisory.Written by Brett Davis.In today’s business landscape, relationships are paramount. But while the focus often lies on customer relationships, relationships with vendors are equally crucial. Establishing trust with vendors facilitates smooth operations and stre...

Unveiling the Dark Arts of Exploiting Trust

Blog Published: 05/14/2024

Originally published by CXO REvolutionaries. Written by Tony Fergusson, CISO in Residence, Zscaler.Trust is a fundamental aspect of human interaction, forming the foundation of relationships and societal harmony. However, trust can be deceptive, concealing hidden vulnerabilities that emerge when ...

The Importance of Securing Your Organization Against Insider and Offboarding Risks

Blog Published: 05/14/2024

Written by Wing Security.Offboarding employees may seem like a routine administrative task, but the security risks it poses are anything but ordinary. In today's interconnected digital landscape, failing to properly revoke access for departing employees can lead to catastrophic data breaches, com...

What is Management Plane (Metastructure) Security

Blog Published: 05/13/2024

Written by Ashwin Chaudhary, CEO, Accedere.Metastructure refers to the protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration as per Cloud Security Alliance's Security ...

New SEC Rules: Material Incident Reporting Through Cybersecurity Disclosures

Blog Published: 05/13/2024

Originally published by Cyera.Written by Jonathan Sharabi.The Securities and Exchange Commission (SEC) rules set forth on July 26th, 2023, require that nearly all companies that file documents with the SEC (“registrants”) must describe the processes and management procedures they use to assess, i...

5 Best Practices to Secure Your Azure Resources

Blog Published: 05/13/2024

Originally published by CrowdStrike.Cloud computing has become the backbone for modern businesses due to its scalability, flexibility and cost-efficiency. As organizations choose cloud service providers to power their technological transformations, they must also properly secure their cloud envir...

Zero Trust & Identity and Access Management: Mitigating Shadow Access

Blog Published: 05/10/2024

Written by the CSA Identity and Access Management Working Group.In today's digitally interconnected landscape, understanding the intricacies of Identity and Access Management (IAM) is imperative for safeguarding organizational assets. A looming threat to IAM is Shadow Access. This insidious menac...

How Continuous Controls Monitoring Brings IT Unity & Agility

Blog Published: 05/10/2024

Originally published by RegScale.Written by Larry Whiteside Jr.Throughout my tenure as an operational CISO, there were countless moments when I yearned for things to unfold in a more streamlined manner. I had a clear vision for my team, which frequently grappled with being overburdened, understaf...

A Risk-Based Approach to Vulnerability Management

Blog Published: 05/10/2024

Written by Devin Maguire, ArmorCode.Security and risk are related but not synonymous. Security prevents, detects, and responds to attacks and is a key variable in the broader category of risk management. Risk management weighs the probability and impact of adverse events across the organization t...

Utah S.B. 149: Creating a Safe Space for Developers While Regulating Deceptive AI

Blog Published: 05/09/2024

Originally published by Truyo.Written by Dan Clarke.Utah’s foray into the realm of artificial intelligence (AI) regulation is marked by the passage of Senate Bill 149, the Artificial Intelligence Policy Act. While many states grapple with the complexities of AI governance, Utah’s rather fast and ...

Building Resilience Against Recurrence with Cloud Remediation

Blog Published: 05/09/2024

Originally published by Tamnoon.Written by Michael St.Onge, Principal Security Architect, Tamnoon.In the fast-evolving cloud security landscape, successful remediation isn’t just about fixing issues when they arise – it’s equally about preventing the recurrence of these issues.Prevention is the f...

CSA Community Spotlight: Educating the Security Industry with CISO Rick Doten

Blog Published: 05/08/2024

Can you believe that CSA has been defining and raising awareness of cloud security best practices for 15 years? Over the course of these several years, we’ve been educating the community with our volunteer-driven research publications, trainings, certificate programs, in-person and virtual events...

Cloud Security Alliance Announces Additional Mappings Between Cloud Controls Matrix (CCM) and National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF)

Press Release Published: 05/08/2024

Mapping identifies misalignment and gaps between updated CCM and CSFRSA Conference (San Francisco) – May 8, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing enviro...

Navigating Legacy Infrastructure: A CISO’s Strategy for Success

Blog Published: 05/08/2024

Originally published by Pentera.Every company has some level of tech debt. Unless you’re a brand new start-up, you most likely have a patchwork of solutions that have been implemented throughout the years, often under various leadership teams with different priorities and goals. As those technol...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.