Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
Vulnerability Management Isn't About Finding Issues — It's About Fixing Them in Context

Blog Published: 12/13/2024

Originally published by Dazz.Written by Daniel Miessler.I think a lot about Vulnerability Management because I think it's a proxy for a lot that's wrong with Cybersecurity. Plus I've spent a long time doing it in various forms, culminating in building and running the VM program for Robinhood a...

Break Glass Account Management Best Practices

Blog Published: 12/16/2024

Originally published by Britive.In today’s multi-cloud environments, organizations face growing challenges in managing privileged access securely. Break glass accounts are crucial for administrative access, but if mishandled, they can introduce significant security risks to your organization. ...

Threats in Transit: Cyberattacks Disrupting the Transportation Industry

Blog Published: 12/17/2024

Originally published by Abnormal Security.Written by Mike Britton.The transportation industry is the lifeblood of the global economy—moving goods, people, and essential services across borders and cities. However, as the world becomes increasingly interconnected, so too does the vulnerability ...

Winning at Regulatory Roulette: Innovations Shaping the Future of GRC

Blog Published: 12/19/2024

Originally published by RegScale.Written by Esty Peskowitz.Governance, Risk, and Compliance (GRC) demands continuous adaptation and vigilance, transcending its role as a mere business necessity. In the ever-changing world of compliance, companies are often caught in a high-stakes game we call...

10 Fast Facts About Cybersecurity for Financial Services—And How ASPM Can Help

Blog Published: 12/20/2024

Originally published by Dazz.Written by Jordan McMahon.It should shock no one that financial services organizations are a major target for cybercrime. In fact, according to the World Economic Forum, financial organizations are the number 2 target, “accounting for 8.3% of attacks on critical in...

2024 Amendments to Illinois' Biometric Information Privacy Act (BIPA)

Blog Published: 01/02/2025

Originally published by Truyo.Written by Dan Clarke.In August 2024, Illinois made significant amendments to its Biometric Information Privacy Act (BIPA), a law that has been the cornerstone of biometric privacy regulation in the state since its inception in 2008. These amendments have brought ...

The Rise of Malicious AI: 5 Key Insights from an Ethical Hacker

Blog Published: 01/03/2025

Originally published by Abnormal Security.Written by Jade Hill.Artificial intelligence has become prevalent in nearly every industry worldwide over the last two years, and cybercrime is no exception. While the cybersecurity industry is focused on how to use AI to stop bad actors, those cybercr...

Enhancing Salesforce Security: Beyond Built-in Features

Blog Published: 01/03/2025

Written by Itzik Alvas, CEO, Entro Security.Salesforce, the world’s leading CRM platform, boasts over 230,000 customers globally and dominates with a 20% market share. Organizations flock to Salesforce for its proven ability to drive results, reporting an average revenue growth of 25% annually...

Let’s Go Back to the Basics: How ISO 27001 Certification Works

Blog Published: 01/09/2025

Written by Yehia (Ian) Ahmed, Complade.With cyber threats continually evolving, organizations across all sectors are increasingly pursuing ISO 27001 certification as a systematic framework for information security management and a robust assurance mechanism. ISO 27001 stands out as a universal...

What 2024’s SaaS Breaches Mean for 2025 Cybersecurity

Blog Published: 12/03/2024

Originally published by AppOmni.Written by Julia Benson, Technical Content Marketing Manager, AppOmni.In 2024, we witnessed a significant evolution in SaaS-based TTPs, which enabled bad actors to bypass traditional entry points, exploit SaaS misconfigurations and identity systems, and compromi...

Lifecycle Management in SaaS Security: Navigating the Challenges and Risks

Blog Published: 12/04/2024

Originally published by Valence Security.Written by Jason Silberman.The rapid rise of Software-as-a-Service (SaaS) has transformed business operations, offering unprecedented flexibility and scalability. However, this shift brings its own set of security challenges, particularly when it comes ...

Texas Attorney General’s Landmark Victory Against Google

Blog Published: 12/20/2024

Originally published by Truyo.Texas Attorney General Ken Paxton has successfully challenged Google’s monopolistic practices, with the U.S. District Court for the District of Columbia ruling in favor of Paxton’s allegations. The court found that Google’s business conduct violated the Sherman Ac...

Top Threat #7 - Data Disclosure Disasters and How to Dodge Them

Blog Published: 12/16/2024

Written by CSA’s Top Threats Working Group.In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whe...

Systems Analysis for Zero Trust: Understand How Your System Operates

Blog Published: 12/05/2024

If you’re excited about building a Zero Trust architecture for your organization, we understand! Zero Trust is pretty much the ultimate security strategy. However, before diving headfirst into building out your architecture, you need to perform a comprehensive systems analysis.This analysis sh...

CSA Community Spotlight: Filling the Training Gap with Dr. Lyron H. Andrews

Blog Published: 12/06/2024

Now celebrating 15 years of advancing cloud security, the Cloud Security Alliance (CSA) is proud to be the world’s leading organization dedicated to defining best practices for a secure cloud computing environment. Since our incorporation in 2009 and the release of our inaugural Security Guida...

From AI Agents to MultiAgent Systems: A Capability Framework

Blog Published: 12/09/2024

Written by Ken Huang, CEO of DistributedApps.ai and Co-Chair of AI Safety Working Groups at CSA.There is no clear and consensus definition of what an AI agent is in the literature. This article does not aim to define what an AI agent is. Rather, I focus on examining AI agents from a range of c...

The European Union Artificial Intelligence (AI) Act: Managing Security and Compliance Risk at the Technological Frontier

Blog Published: 12/10/2024

Originally published by Scrut Automation.Written by Amrita Agnihotri.A growing wave of AI-related legislation and regulation is building, with the most significant example being the European Union’s (EU) Artificial Intelligence (AI) Act. In March 2024, European leaders passed this sweeping leg...

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

Blog Published: 12/11/2024

Written by Ella Siman, Wing Security.Originally published by The Hacker News.With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data ar...

CSA Community Spotlight: Auditing Cloud Security with CEO David Forman

Blog Published: 12/12/2024

As we celebrate 15 years of advancing cloud security, the Cloud Security Alliance (CSA) reflects on our role as the world’s leading organization dedicated to establishing and promoting best practices in cloud computing. Among our many initiatives, our auditing and compliance efforts stand out ...

Achieving Cyber Resilience with Managed Detection and Response

Blog Published: 12/13/2024

Originally published by HCLTech.Written by B. Mani Shankar, Global Manager – MDR, Cyber Threat Intel & Incident Response Services, Cybersecurity, HCLTech. In today’s hyper-connected digital landscape, cyber threats have become more sophisticated, pervasive and difficult to detect. With ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
187
188
189
191
193
194
195
Last »