Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
The EU AI Act Comes Into Force: How This Pioneering Legislation Impacts Your Organization

Blog Published: 11/12/2024

Originally published by Diligent.The EU AI Act comes into force on 1 August 2024. It is the world’s first comprehensive legislation designed to address artificial intelligence (AI) risks by establishing a set of rules and obligations aimed at safeguarding the health, safety, and fundamental right...

Data Warehousing Demystified: From Basics to Advanced

Blog Published: 11/08/2024

Originally published by Actian.Written by Fenil Dedhia.Understanding the BasicsWelcome to data warehousing 101. For those of you who remember when “cloud” only meant rain and “big data” was just a database that ate too much, buckle up—we’ve come a long way. Here’s an overview:What is a Data Wareh...

When a Breach Occurs, Are We Ready to Minimize the Operational Effects

Blog Published: 11/08/2024

Written by Dr. Vito Nozza, Softchoice.“Plan for what is difficult while it is easy, do what is great while it is small” Sun TzuI love to quote Sun Tzu, as the art of war is indicative of what cyber professionals go through on a daily grind. The offensive security mindset and techniques that are r...

Threat Report: BEC and VEC Attacks Continue to Surge, Outpacing Legacy Solutions

Blog Published: 11/08/2024

Originally published by Abnormal Security.Written by Callie Hinman Baron.While the way we work has evolved throughout the digital age, two constants remain: email is still the primary hub for professional communication, and employees are the weakest link in your cybersecurity chain. This combinat...

Mitigating GenAI Risks in SaaS Applications

Blog Published: 11/07/2024

Originally published by Valence Security and Forbes.Written by Jason Silberman.Artificial Intelligence (AI) tools have revolutionized the business landscape, offering unprecedented automation, efficiency, and innovation. Among these, Generative AI (GenAI) has gained particular traction for its ab...

The Future of Compliance: Adapting to Digital Acceleration and Ephemeral Technologies

Blog Published: 11/07/2024

Originally published by RegScale.Written by Ivy Shelby.As we move towards 2030, the landscape of governance, risk, and compliance (GRC) is undergoing a seismic shift. With the rapid digital acceleration, the pervasive adoption of cloud technologies, and the rise of ephemeral tech, organizations a...

Securing Staging Environments: Best Practices for Stronger Protection

Blog Published: 11/07/2024

Originally published by Entro.Written by Itzik Alvas.Staging environments often serve as the critical last step before pushing code to production, mirroring the setup used in live systems. However, these environments are often neglected in terms of security, making them prime targets for breaches...

Modernization Strategies for Identity and Access Management

Blog Published: 11/04/2024

Originally published by Britive.Shifting technology and access needs make identity and access management (IAM) a priority for all major organizations today. As infrastructure modernization efforts accelerate and businesses are increasingly adopting cloud-first approaches to their architecture and...

ChatGPT and GDPR: Navigating Regulatory Challenges

Blog Published: 11/04/2024

Originally published by Truyo.As artificial intelligence technologies like OpenAI’s ChatGPT advance, they encounter increasing scrutiny from regulatory bodies, particularly concerning data protection and privacy. The European Data Protection Board (EDPB) has been investigating whether ChatGPT com...

Dispelling the ‘Straight Line’ Myth of Zero Trust Transformation

Blog Published: 11/04/2024

Originally published by CXO REvolutionaries.Written by Guido Sacchi, Former Senior Executive Vice President and Chief Information Officer, Global Payments.Throughout my career, I always reacted to ideas of “zero trust” the same way. It sounds great in principle, but how do we execute on it? How d...

Empowering Snowflake Users Securely

Blog Published: 11/01/2024

Originally published by Normalyze.Written by Joe Gregory.Two security leaders address data sprawl, user access, compliance, and scaleI recently moderated a webinar titled Unlocking the Power of Snowflake about the top challenges organizations face today: how to maximize their Snowflake investment...

Zero Standing Privileges: The Essentials

Blog Published: 11/01/2024

Originally published by CyberArk.Written by Josh Kirkwood.In December, I’ll have been with CyberArk for seven years, and at a similar point, I’ll have spent two years leading product marketing for cloud security at the company. In my short tenure with CyberArk Product Marketing, I’ve advocated fo...

Identity Breaches in 2024 – An Ounce of Hygiene is Worth a Pound of Technology

Blog Published: 11/01/2024

Originally published by Pentera.Identity is a key to open a doorWho are you? Yes, you reading. Who are you?There’s probably a lot of ways you can answer that question, and that is because there are a lot of attributes that make up your identity. Let’s keep things simple because that’s what’s easy...

The EU Cloud Code of Conduct: Apply GDPR Compliance Regulations to the Cloud

Blog Published: 10/31/2024

The CSA Security Update podcast is hosted by John DiMaria, Director of Operations Excellence at CSA. The podcast explores the CSA STAR program, cloud security best practices, and associated technologies. In this blog series, we edit key podcast episodes into shorter Q&As. Today’s post expl...

How to Get your Cyber Essentials Certification: A Process Guide

Blog Published: 10/31/2024

Originally published Vanta.Most organizations today are heavily reliant on technology, regardless of the product or service they provide. This expands their data exposure points and potential attack surface, which is why there is a significant need to monitor the risks and vulnerabilities in the ...

Tackling Ransomware Head-On: A Business’s Guide to Understanding and Defense

Blog Published: 10/31/2024

Originally published by Richey May.In today’s cybersecurity landscape, threats are more than just a cautionary tale—they’re a daily reality, and ransomware tops the list of concerns. This aggressive form of cyberattack can grind operations to a halt and compromise sensitive data. Keep reading, we...

Top IAM Priorities for 2025: Addressing Multi-Cloud Identity Management Challenges

Blog Published: 10/30/2024

As we move toward 2025, the adoption of multi-cloud and hybrid cloud is continuing to accelerate. While the benefits are manifold, it also means that organizations have significant challenges when securely integrating hybrid and cloud identity systems.Just some of these challenges identity and ac...

The Hidden Power of Zero Trust Thinking

Blog Published: 10/30/2024

Written by Mark Fishburn and originally published on his website.1. Daytime Stress and Sleepless Nights Managing cybersecurity, networks, workloads, and websites can be stressful, especially when many things go bump simultaneously in the middle of the night. During calmer daytime moments, we r...

According to Cloud Security Alliance Survey More than Half of Organizations Cite Technical Debt as Top Hurdle to Identity System Modernization

Press Release Published: 10/30/2024

Report also found that over 75% of enterprises are using two or more IDPs and struggle to manage access controls and consistent security policiesSEATTLE – Oct. 30, 2024 – Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity...

How to Assess and Treat AI Risks and Impacts with ISO/IEC 42001:2023

Blog Published: 10/30/2024

Originally published by Schellman.ISO/IEC 42001:2023 is rapidly becoming the global standard for Artificial Intelligence (AI) governance. While it is a close cousin of ISO/IEC 27001:2022, ISO 42001—rather than focusing primarily on cyber and information security—takes a more holistic approach to ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
2
4
5
6
Last »