Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Participate in the CSA Top Threats to Cloud Computing 2025 peer review to help shape industry insights!

All Articles

Home
All Articles
Master Your Disaster

Blog Published: 02/10/2025

Originally published by HanaByte.Written by Otis Thrasher, Staff Security Consultant, HanaByte.Life is full of ups and downs, and no one can avoid them. This includes natural disasters, accidents, and loss of loved ones. The digital world operates on a similar principle. It’s not a question of...

How I Used Free Tools to Resource Jack API Keys

Blog Published: 02/11/2025

Originally published by Aembit.Written by Ashur Kanoon, Technical Product Marketing, Aembit.How much damage could an attacker do with free tools and minimal effort? That’s the question I set out to answer – and the results even surprised me. In less than 10 minutes, I managed to exploit expose...

5 Ways Non-Human Identity Ownership Impacts Your Security Program

Blog Published: 02/12/2025

Originally published by Oasis Security.Written by Guy Feinberg.As we meet with customers to discuss non-human identity security strategy, the topic of ownership comes up more frequently as one of the key component for any comprehensive Non-Human Identity Managament (NHIM) program. Our discover...

From Y2K to 2025: Evolution of the Cybersecurity and Information Security Landscape over the Past 25 Years

Blog Published: 02/12/2025

Written by the CSA New Jersey Chapter:Stanley Mierzwa, Ph.D.; CISSP, Director, Center for Cybersecurity, Transformational Learning and External Affairs, Kean University Eliot Perez, Director, Information Technology, Township of Bedminster, New Jersey Remember Y2K, in the context of the worry...

How AI Will Change the Role of the SOC Team

Blog Published: 02/19/2025

Originally published by Abnormal Security.Written by Emily Burns.The security operations center (SOC) has long been the nerve center of an organization's cybersecurity efforts, monitoring, analyzing, and responding to threats in real-time. It serves as the frontline defense against increasingl...

Dark Patterns: Understanding Their Impact, Harm, and How the CPPA is Cracking Down

Blog Published: 02/19/2025

Originally published by Truyo.Written by Dan Clarke, President, Truyo.The California Privacy Protection Agency (CPPA) has flexed its muscles yet again, taking a strong stance against dark patterns, especially in the context of the California Consumer Privacy Act (CCPA). The CPPA’s recent enfor...

Simplicity is Complexity Resolved

Blog Published: 02/20/2025

Originally published by CXO REvolutionaries.Written by Tony Fergusson, CISO in Residence, Zscaler.Zero trust architecture isn't rocket science. But, as in rocket science, stripping away unnecessary functions and streamlining existing ones is a step in the direction of simpler, more elegant sol...

How to Prepare for ISO 42001 Certification

Blog Published: 02/21/2025

Originally published by Schellman.Written by Danny Manimbo.Since the release of ISO 42001 in late December 2023, it’s been a year of discovery and education regarding this new flagship artificial intelligence (AI) standard in terms of determining its applicability, use case(s), and benefits to...

7 Steps to Get Started with Security and Privacy Engineering

Blog Published: 02/14/2025

Originally published by BARR Advisory.Written by Julie Mungai.For startups, security and privacy engineering can feel daunting. Limited resources, competing priorities, and the pressure to deliver products quickly often push these considerations to the back-burner. However, embedding security ...

What is a Virtual CISO (vCISO) and Should You Have One on Your Team?

Blog Published: 02/18/2025

Originally published by Vanta.Most people know what a chief information security officer (CISO) is and how they’re essential to improving an organization’s security posture. The problem is that many organizations have limited hiring resources and it makes little sense to appoint an in-house CI...

Top Threat #10 - Who Goes There? Tackling Unauthenticated Resource Sharing

Blog Published: 02/18/2025

Written by CSA’s Top Threats Working Group.   In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle...

The Explosive Growth of Generative AI: Security and Compliance Considerations

Blog Published: 02/20/2025

Written by Jayesh Gadewar, Scrut Automation.Generative AI is reshaping industries at an incredible pace. Tools for image creation, chatbots, and code generation are driving innovation and pushing productivity to new heights. According to G2’s recent “State of Software” report, demand for these...

Implementing CCM: Put Together a Business Continuity Management Plan

Blog Published: 02/14/2025

CSA’s Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing. It contains 197 control objectives structured into 17 domains that cover all key aspects of cloud technology. You can use CCM to systematically assess a cloud implementation. CCM also provides guidance ...

Transforming SOCs with AI: From Reactive to Proactive Security

Blog Published: 02/21/2025

Originally published by HCLTech. Written by G Kiran Raju, Business Development and Product Offerings Lead, Google, Cybersecurity, HCLTech and Ben Caisley, SecOps Specialist Lead, Google Cloud.   As cybersecurity threats continue to evolve, organizations are increasingly adopting advan...

DeepSeek-R1 AI Model 11x More Likely to Generate Harmful Content, Security Research Finds

Blog Published: 02/19/2025

Written by Enkrypt AI.   AI race between US and China take a dark turn as red teaming report uncovers critical safety failures The launch of DeepSeek’s R1 AI model has sent shockwaves through global markets, reportedly wiping USD $1 trillion from stock markets.¹ Trump ad...

Global ICS Exposures: What Our State of the Internet Report Reveals About Critical Infrastructure Security

Blog Published: 02/25/2025

Originally published by Censys. Written by Rachel Hannenberg, Censys Senior Content Marketing Manager.   The Censys Research Team identified over 145,00 exposed Industrial Control System (ICS) services globally, more than one-third of which are located in the United States. Indus...

Love Letters to Compliance: Tips for Long Term Commitments

Blog Published: 02/21/2025

Originally published by Prescient Assurance. Written by Frejin Arooja.   Running a compliance program is a commitment. As long as you do the right things and avoid making any wrong move, you’re okay. But one wrong move can quickly escalate a happy relationship into a nightmare.&nb...

7 Cloud Security Mistakes You May Not Realize You’re Making

Blog Published: 02/24/2025

Originally published by Seiso. Written by Eric Lansbery.   With every new tool or layer of protection, complexity grows—along with risks. Many organizations unknowingly make common security mistakes, such as misconfigurations, reliance on manual processes, and fragmented team e...

Implementing CCM: The Change Management Process

Blog Published: 02/24/2025

The Cloud Controls Matrix (CCM) is a framework of controls (policies, procedures, and technical measures) that are essential for cloud computing security. It is created and updated by CSA and aligned to CSA best practices. You can use CCM to systematically assess and guide the security of ...

Why Should Active Directory Hygiene Be Part of Your NHI Security Program?

Blog Published: 02/25/2025

Originally published by Oasis Security. Written by Roey Rozi, Director of Solution Architecture, Oasis Security.   Active Directory (AD) has been around forever—and for good reason. If you’ve got a big on-prem setup, it’s the go-to for managing users, permissions, and access. But ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
192
193
194
196
198
Last »