Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
Bringing the Security vs. Usability Pendulum to a Stop

Blog Published: 11/26/2024

Originally published by CXO REvolutionaries.Written by Jay Patty, CTO in Residence, Zscaler.Like death and taxes, the tradeoff between robust security and a seamless user experience has long been a challenge for organizations across industries. On the one side, stringent security measures are ...

Defining Identities, Accounts, and the Challenge of Privilege Sprawl

Blog Published: 12/02/2024

Originally published by Britive.Identity and access management (IAM) has always been crucial for maintaining security within organizations. Traditionally, IAM and other identity-focused solutions prioritize managing these identities and permissions within on-premises environments.However, the ...

Legacy MFT Solutions Might Not Look Broken, But They Are

Blog Published: 12/03/2024

Originally published by Axway.Written by Shari Lava, Senior Director, AI and Automation at IDC.Introduction by Emmanuel Verge, Senior Product & Solutions Marketing Director at Axway.IntroductionAxway is happy to contribute to the discussion within the CSA community about new emerging trend...

What Can We Learn from Recent Cloud Security Breaches?

Blog Published: 11/26/2024

Originally published by Skyhawk Security.Over the past year there have been several prominent cyber incidents involving the cloud. These incidents have illustrated the dependency of organizations on the cloud, the vulnerability of the cloud, and the motivation of attackers to utilize this to t...

A Wednesday in the Life of a Threat Hunter

Blog Published: 11/27/2024

Written by Chandra Rajagopalan, Principal Software Engineer, Netskope. Imagine you have a role in making sure your enterprise is secure and on a typical Wednesday, you suddenly suspect that something is amiss or you come to know of a new threat intelligence about a specific technique or too...

AI in Cybersecurity - The Double-Edged Sword

Blog Published: 11/27/2024

Written by Jithu Joseph, Information Security Analyst and Member of the CSA Bangalore Chapter.Artificial Intelligence (AI) is revolutionizing cybersecurity, providing tools and techniques that can detect, prevent, and respond to cyber threats with unimaginable speed and precision. While AI emp...

CSA Community Spotlight: Creating Globally-Recognized Cybersecurity Assessments with Willy Fabritius

Blog Published: 11/27/2024

Celebrating 15 years of innovation, the Cloud Security Alliance (CSA) has established itself as the premier organization shaping the future of cloud security through the development of transformative security frameworks. Since the release of our inaugural Security Guidance for Critical Areas o...

Readiness Assessments: A Crucial Part of Your SOC Engagement

Blog Published: 12/02/2024

Originally published by BARR Advisory.In the world of data security, a readiness assessment is your organization’s first step toward completing a successful SOC engagement. Readiness assessments test the controls that will be examined during your audit, which will provide recommendations for a...

Top Threat #6 - Code Confusion: The Quest for Secure Software Development

Blog Published: 12/02/2024

Written by CSA’s Top Threats Working Group.In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whe...

Upcoming CPPA Meeting and Proposed Data Broker Rulemaking Made Public

Blog Published: 12/04/2024

Originally published by Truyo. Written by Dan Clarke, President, Truyo. The California Privacy Protection Agency (CPPA) remains actively engaged, not only in the prominent new rulemaking on automated decision-making but also in the ongoing refinement of existing policies. The CPPA will host a ...

Cyber Essentials Certification Cost and Related Expenses: A Detailed Breakdown

Blog Published: 12/05/2024

Originally published by Vanta.The Cyber Essentials assurance scheme is one of the best accreditations you can obtain for improving your organization's cybersecurity posture and reducing the risk of cyberattacks. It offers a robust set of controls you can implement to fortify the security of yo...

AI-Enhanced Penetration Testing: Redefining Red Team Operations

Blog Published: 12/06/2024

Written by Umang Mehta, Global Delivery Head and Member of the CSA Bangalore Chapter. In the ever-evolving world of cybersecurity, penetration testing has long been a cornerstone for identifying vulnerabilities and assessing the resilience of systems. Traditional penetration testing involves s...

Why Continuous Controls Monitoring is Not GRC: Transforming Compliance and Risk Management

Blog Published: 12/09/2024

Originally published by RegScale.Written by Esty Peskowitz.Governance, risk, and compliance (GRC) have long been the cornerstone of organizational operations, ensuring that enterprises adhere to regulatory standards and effectively manage risks. However, as technology continues to evolve at a ...

Phishing Attacks on State and Local Governments Surge 360%

Blog Published: 12/04/2024

Originally published by Abnormal Security.Written by Mike Britton.A successful email attack on a private organization can undoubtedly have costly consequences. But a single successful attack on a government agency can be absolutely devastating—putting public utilities, emergency services, and ...

Evolutionary vs. Revolutionary Growth: Striking a Balance at Sunbelt Rentals

Blog Published: 12/05/2024

Originally published by CXO REvolutionaries.Written by JP Saini, CTO, Sunbelt Rentals, Inc.Every enterprise knows the importance of extending seamless connectivity to customers and employees without compromising security. The objectives seem – and sometimes are – at odds with one another. Best...

Microsoft Power Pages: Data Exposure Reviewed

Blog Published: 12/09/2024

Originally published by AppOmni.Written by Aaron Costello, Chief of SaaS Security Research, AppOmni.This blog post explores a significant data exposure issue within Microsoft Power Pages, a low-code SaaS platform, due to misconfigured access controls. It highlights how sensitive PII can be ina...

Strengthening Cybersecurity with a Resilient Incident Response Plan

Blog Published: 12/10/2024

Written by Itzik Alvas, Entro.As ransomware and phishing threats rise, having a robust Cybersecurity Incident Response Plan (CSIRP) has become essential. Forbes notes that 2023 saw a 72% spike in data breaches compared to 2021, largely from compromised non-human identities as well as email-dri...

The Service Accounts Guide Part 1: Origin, Types, Pitfalls and Fixes

Blog Published: 12/10/2024

Originally published by Astrix.Written by Tal Skverer.When you hear “Service Account” what comes to mind? Unrotated passwords? MSSQL Server 2008?Terminator-style robots? 🤖These “OGs of non-human identities” are the interconnection point between automated processes for accessing sensitive data,...

The Transformative Power of Multifactor Authentication

Blog Published: 12/11/2024

Written by Abel E. Molina, Softchoice."It is easier to resist at the beginning than at the end."- Leonardo da VinciThe quote stated above aligns perfectly with the principles of multifactor authentication (MFA), emphasizing early and proactive security measures. MFA requires users to provide m...

It’s Time for Ushered Access to Replace Free Reign for Third-Party Partners

Blog Published: 12/12/2024

Originally published by CXO REvolutionaries.Written by Maneesh Sahu, Contributor, Zscaler.Consider a familiar scene for office goers. Upon entering the building, employees, long-term contractors, and building staff typically swipe a key fob or a mobile key to gain access to the company office ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
186
187
188
190
192
193
194
Last »