Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
Forging Robust Cloud Defenses for Modern Businesses

Blog Published: 04/23/2025

Originally published by Reemo. Written by Florent Paret.   The wholesale adoption of cloud technology has become a cornerstone of digital transformation, empowering enterprises with unprecedented agility and scalability within today’s fiercely competitive landscape. Yet, this ev...

Implementing CCM: Data Protection and Privacy Controls

Blog Published: 04/22/2025

The Cloud Controls Matrix (CCM) is a framework of essential cloud security controls that follow CSA best practices. You can use CCM to assess and guide the security of any cloud implementation. CCM also provides guidance on which actors within the cloud supply chain should implement which...

A New Era for Compliance: Introducing the Compliance Automation Revolution (CAR)

Blog Published: 04/29/2025

Written by Daniele Catteddu, CTO, Cloud Security Alliance (CSA).   Introducing the Compliance Automation Revolution (CAR) Initiative In today’s rapidly evolving digital landscape, it is of strategic importance that technology providers are not only secure but can, at any time, demon...

New Cloud Security Alliance Certification Program Equips Professionals With Skills to Ensure Responsible and Safe Development and Management of Artificial Intelligence (AI)

Press Release Published: 04/28/2025

Partnership with Northeastern University to deliver critical education for the future of IT and cybersecurity SAN FRANCISCO (RSA Conference) and SEATTLE – April 28, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications,...

Threat Modeling Google's A2A Protocol with the MAESTRO Framework

Blog Published: 04/30/2025

Written by Ken Huang, CSA Fellow and Co-Chair of AI Working Groups, CEO of DistributedApps.ai, and AI Book Author; and Dr. Idan Habler, Staff AI Security Researcher at Intuit, specializing in AI application security.   1: Introduction Google's A2A (Agent-to-Agent) protocol holds i...

5 Steps of the Security Questionnaire Process to Automate Today

Blog Published: 05/01/2025

Originally published by Vanta. Written by Lucia Giles.   As organizations sell to more discerning buyers, scrutiny on security and compliance practices grows. It’s certainly warranted—the frequency of third-party breaches is on the rise. In our State of Trust Report, almost ...

Bridging the Gap: Using AI to Operationalize Zero Trust in Multi-Cloud Environments

Blog Published: 05/02/2025

Written by Advait Patel, Senior Site Reliability Engineer, Broadcom. Reviewed by Aparna Achanta, Principal Security Architect, IBM Federal Consulting.   Many businesses are integrating multi-cloud strategies today. The approach provides flexibility and eliminates dependence on ...

Why MFT Matters for Enterprise Compliance and Risk Reduction

Blog Published: 05/05/2025

Originally published by Axway. Written by Chandu Manda,  Field CTO, Axway.   Compliance is no longer just a checkbox—it’s a moving target. As organizations move toward automating and integrating B2B file transfers across cloud and hybrid environments, compliance is no ...

Phishing Tests: What Your Provider Should Be Telling You

Blog Published: 04/24/2025

Originally published by Schellman. Written by Austin Bentley. It's no secret: many organizations view and treat phishing as a periodic checkbox assessment. It’s often a basic email template sent to an entire organization. If someone clicks the link, they are recorded and possibly enr...

Implementing CCM: Enterprise Risk Management Controls

Blog Published: 04/25/2025

The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. It is created and updated by CSA and aligned to CSA best practices. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provides guid...

Understanding SAQ A and SAQ A-EP Eligibility: A Streamlined Approach to PCI DSS Compliance

Blog Published: 04/28/2025

Originally published by BARR Advisory.   For businesses that accept online payments, compliance with the Payment Card Industry Data Security Standard (PCI DSS) is essential, but it doesn’t have to be overwhelming. If your business does not store, process, or transmit cardho...

Cloud Security Alliance Honors CrowdStrike Founder and CEO George Kurtz with 2025 Philippe Courtot Leadership Award

Press Release Published: 04/28/2025

Kurtz recognized for outstanding efforts in advancing cloud security, cybersecurity worldwide SAN FRANCISCO (RSA Conference) and SEATTLE – April 28, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices ...

Why We’re Launching a Trusted AI Safety Knowledge Certification Program

Blog Published: 04/26/2025

Written by Anna Campbell Schorr, Training Program Director, Cloud Security Alliance.   Over the years, we’ve witnessed security paradigms evolve—from the early days of perimeter defense, to the rise of Zero Trust, and most recently, the challenges introduced by Artificial Intellig...

Cloud Security Alliance Issues Top Threats to Cloud Computing Deep Dive 2025

Press Release Published: 04/29/2025

Case studies articulate cloud computing’s most significant and pressing issues SAN FRANCISCO (RSA Conference) and SEATTLE - April 29, 2025 - The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a...

The Evolving Role of GDPR Auditors

Blog Published: 04/29/2025

Originally published by Scrut Automation. Written by Nicholas Muy.   The evolving role of GDPR Auditors As businesses continue to rely more on data, the need for strong privacy and compliance measures has never been greater. The General Data Protection Regulation (GDPR) ...

Cloud Security Alliance Transforms IT Compliance and Assurance with Launch of Compliance Automation Revolution (CAR)

Press Release Published: 04/29/2025

CAR to solve real-world compliance problems with practical and effective solutions SAN FRANCISCO (RSA Conference) and SEATTLE – April 29, 2025 – Today's organizations have to comply with hundreds of data security and privacy laws, while grappling with an influx of even more regulations tha...

Knowing the Difference Between the Two Types of Technical Challenges is the Key to Smarter Decisions

Blog Published: 04/30/2025

Originally published by CXO REvolutionaries. Written by Jay Patty, CTO in Residence, Zscaler.   Know the difference between vendor-related and technology-related problems to determine the fastest resolution. Thomas Jefferson famously proclaimed that all men are created equal, ...

Secure Vibe Coding: Level Up with Cursor Rules and the R.A.I.L.G.U.A.R.D. Framework

Blog Published: 05/06/2025

Written by Ken Huang, CSA Fellow; Youssef Harkati, BrightOnLABS; Jean-François Linteau Labonté, BrightOnLABS; and Albert Hui, Security Ronin.   1: Introduction As Code Agents such as Cursor, Windsurf, and Replit become widely used due to their capability to support fast proof of...

Building Identity Resilience for the Front Lines of Disruption

Blog Published: 05/07/2025

Written by Eric Olden, Strata Identity. Originally published on Forbes.   No group relies on reliability and predictability more than the military. Human lives and critical data depend on safe and secure systems. Yet, operations frequently occur under extremely challenging condit...

A CISO's Guide to Reporting on Cloud Security (Without Putting Everyone to Sleep)

Blog Published: 05/09/2025

Written by Sarah Elkaim, Sweet Security.   Let’s be honest—reporting isn't the most glamorous part of our job as CISOs. But it’s one of the most important. It’s the difference between “trust me, we’re secure” and actually proving it with data that matters. Today’s cloud environ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
198
199
200
202
Last »