Cloud 101CircleEventsBlog
Join us at CSA's third annual Virtual Zero Trust Summit from November 20 - 21. Register now!

All Articles

All Articles
Optimizing Secrets Management to Enhance Security and Reduce Costs

Blog Published: 10/22/2024

Written by Itzik Alvas, Entro Security.Cyber threats are evolving rapidly. Organizations must navigate the delicate balance between robust security measures and cost-efficiency. One critical aspect of this balancing act is Non-Human identities & secrets management; secrets management is how o...

Top Threat #4 - Cloudy with a Chance of Breach: The Cloud Security Strategy Storm

Blog Published: 10/21/2024

Written by CSA’s Top Threats Working Group.In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whethe...

5 Behaviors for Transforming Your Cybersecurity Leadership

Blog Published: 10/21/2024

Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.As an enterprise cybersecurity leader, your role is pivotal in safeguarding your organization's assets, data, people, and reputation. You likely have a very capable team to help with each of these tasks, ...

File-Sharing Fraud: Data Reveals 350% Increase in Hard-to-Detect Phishing Trend

Blog Published: 10/21/2024

Originally published by Abnormal Security.Phishing has long remained a favorite strategy among cybercriminals, and as security awareness has evolved, so have their tactics. According to our H2 2024 Email Threat Report, which was released today, phishing makes up nearly 72% of all advanced attacks...

Learn How to Conduct a Cybersecurity Audit for the Cloud with These CSA Training Options

Blog Published: 10/18/2024

As cloud adoption continues to reshape the IT landscape, ensuring cloud environments are secure and compliant is critical. However, a cybersecurity audit specific to cloud computing introduces unique challenges, given the complexities of shared security responsibilities between cloud providers an...

Emulating Cryptomining Attacks: A Deep Dive into Resource Draining with GPU Programming

Blog Published: 10/18/2024

Originally published by Pentera.Cryptomining has surged in popularity, driven by the growing value of cryptocurrencies like Bitcoin and Ethereum. With leaked credentials easier than ever to acquire, attackers are looking for ways to profit, which has led to a rise in malicious cryptomining, or cr...

A Look At Strong Password Practices: A Shield For Your Digital Life

Blog Published: 10/18/2024

Written by Abel E. Molina, Softchoice."An ounce of prevention is worth a pound of cure." - Benjamin FranklinIn the digital age, our lives are intricately tied to the online world, from managing finances to sharing moments with loved ones. Yet, with the convenience of the internet comes a signific...

Navigating Cloud Security: A Shared Responsibility

Blog Published: 10/17/2024

Originally published by CyberArk.Written by Alyssa Miles.Each July, my family and I take a road trip from Kentucky back to my hometown in northwestern Pennsylvania to spend time on Lake Erie. As tradition dictates, we stop along I-71 for coffee at a branch of a certain coffee shop, which also hap...

The EU AI Act: A Roadmap for Trustworthy AI

Blog Published: 10/17/2024

Originally published by Vanta.Written by Herman Errico.As artificial intelligence (AI) continues to revolutionize various sectors, ensuring it is developed and deployed in alignment with ethical standards and fundamental rights is critical for businesses that use it. The European Union's Artifici...

An Overview of Microsoft DPR, Its New AI Requirements, and ISO 42001’s (Potential) Role

Blog Published: 10/16/2024

Originally published by Schellman. Within a few months of their latest update to their Data Protection Requirements (DPR) to address a coding incident (version 9.1), Microsoft released a draft or “pre-read” for their version 10 requirements that will be utilized for its Supplier Security and Pri...

Rowing the Same Direction: 6 Tips for Stronger IT and Security Collaboration

Blog Published: 10/16/2024

Originally published by Dazz.The Olympians make it look easy, but make no mistake: rowing is a more difficult sport than meets the eye. Changing conditions in the water and weather, exhaustion, and even a head tilt in the wrong direction can send the boat off course or cause the team to lose time...

How to Leverage Automation Tools to Streamline Your Next Compliance Audit: 3 Tips for Security Teams

Blog Published: 10/16/2024

Originally published by BARR Advisory.Compliance automation tools are designed to assist organizations in streamlining the rigorous demands of cybersecurity frameworks such as SOC 2, ISO 27001, and HITRUST. These platforms can help address the heavy lifting involved in preparing, undergoing, and ...

The Need for Continuous Assurance and Compliance Automation

Blog Published: 10/15/2024

A lot is said about “trust” in our industry, but trust is really a means to an end. For an organization, that “end” is the accomplishment of its mission. To achieve its mission, an organization must have healthy interactions with internal and external actors. Therefore, in this context, trust mea...

Unleashing the Power of Managed Endpoint Security: Crafting Effective SD-WAN and SASE Strategies

Blog Published: 10/15/2024

Written by Andrew Winney, General Manager and Global Head of SASE Business, Tata Communications.Originally published on CXOtoday.In today's digitally connected world, businesses face unprecedented challenges in securing their expanding network of endpoints. As Distributed Enterprises embrace remo...

AI and ML for Adopting, Implementing, and Maturing Zero Trust Network Access

Blog Published: 10/15/2024

Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.In today's evolving cyber threat landscape, traditional network security models are increasingly inadequate. More robust and dynamic security paradigms like zero trust network access (ZTNA) are needed. As...

App-Specific Passwords: Origins, Functionality, Security Risks and Mitigation

Blog Published: 10/11/2024

Originally published by Astrix on August 14, 2024.Written by Tomer Yahalom.Google announced it will terminate support for Less Secure Apps (LSAs) on September 30, which presents a great opportunity to dive into their evolution – App-Specific Passwords, and the security concerns that still remain....

Reflections on NIST Symposium in September 2024, Part 2

Blog Published: 10/10/2024

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR.1. Introduction and Background On September 24, 2024, I had the privilege of attending the NIST symposium "Unleashing AI Innovation, Enabling Trust." This event brought together leading experts, policymakers, and ind...

To Secure the AI Attack Surface, Start with Fundamental Cyber Hygiene

Blog Published: 10/10/2024

Originally published by Tenable. Written by Lucas Tamagna-Darr. Confusion and unknowns abound regarding the risks of AI applications. Many vendors are offering solutions to AI application security problems that aren't clearly defined. Here we explain that to boost AI application security and to ...

What is Session Hijacking? A Technical Overview

Blog Published: 10/10/2024

Originally published by AppOmni.Written by Justin Blackburn, Sr. Cloud Threat Detection Engineer, AppOmni.Sessions are a vital component of modern websites and SaaS applications because they enable streamlined communication between devices and servers. But adversaries frequently target sessions i...

Top Threat #3 - API-ocalypse: Securing the Insecure Interfaces

Blog Published: 10/09/2024

Written by CSA’s Top Threats Working Group.In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whethe...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.