Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersEventsBlog
Join us on September 3rd for The Evolution of Cloud Network Security webinar. Register now!

All Articles

Home
All Articles
A Business Guide to…Protecting Personal Information on Social Media

Blog Published: 07/30/2025

Written by Abel E. Molina, Cybersecurity Architect, Softchoice.   Today almost every business maintains a presence on social media. Platforms like Facebook, Instagram, Twitter, and LinkedIn are powerful tools for reaching new customers, building brand awareness, and stay...

Quishing is Here, and It’s Hiding in Plain Sight

Blog Published: 07/31/2025

Written by David Balaban.   I still remember when QR codes were novelty tech – quirky black-and-white boxes printed on event flyers or hidden on product packaging, waiting to be scanned for a quick surprise. These days, though, that innocent square can be a silent predator. Walk i...

The Hidden Cost of Trust: New Data Reveals Alarming Employee Engagement with Vendor Email Compromise

Blog Published: 08/01/2025

Originally published by Abnormal. Written by Callie Baron.   Your workforce is your greatest asset, and your vendors are integral to the success of the enterprise. It's no surprise, then, that cybercriminals are targeting both, exploiting the trust in these partnerships to deceiv...

Jurassic Access: What Jurassic Park Teaches Us About Identity and Access Management

Blog Published: 08/01/2025

This weekend, I watched Jurassic Park for the first time, and while most people might walk away from the film seeing it as a cautionary tale about the dangers of unchecked scientific ambition and the unpredictability of life, the cybersecurity professional in me saw something else entirely. I...

Inadequate Database Security: A Case Study of the 2023 Darkbeam Incident

Blog Published: 08/04/2025

CSA’s Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world security breaches. The report presents the narrative of each incident, as well as the relevant cloud security risks and mitigations. Today we’re reflecting on the fifth incident covered in the Deep Dive: ...

The Ethical and Societal Considerations of an AI Impact Analysis

Blog Published: 08/05/2025

Originally published by Schellman. Written by Charles Goss, SOC Senior Associate, Schellman.   The use of artificial intelligence is rapidly expanding across businesses and industries, driving innovation, improving efficiency, and unlocking new opportunities. However, as AI ...

Drift Happens: Why Continuous IaC Validation is Non-Negotiable

Blog Published: 08/05/2025

Alright, let's talk about promises. Infrastructure as Code (IaC) – Terraform, CloudFormation, you name it – promised us the holy grail: consistent, repeatable, controlled environments. And honestly? For the most part, it delivered. We waved goodbye (mostly) to snowflake servers and configurat...

Are Your Hypervisors SOC 2 Ready? Why Virtualization Security is Crucial for Compliance

Blog Published: 08/06/2025

Originally published by Vali Cyber.   As virtualization continues to shape enterprise IT environments, hypervisors have become foundational to infrastructure operations. But their central role also makes them a high-value target for cyber attackers. This blog explores how aligning hy...

The Treasury Access Incident: Five Critical Lessons for Modern Identity Security

Blog Published: 08/06/2025

Executive Summary The recent Treasury Department breach, caused by unauthorized access privileges, highlights the persistent risks organizations face with identity security and access governance. This breach was not the result of an advanced cyberattack but rather stemmed from simple misco...

Announcing RiskRubric.ai: A Clear Scorecard for Every AI Model

Blog Published: 08/04/2025

Originally published on RiskRubric.ai.   As data science and AI engineering teams mix general purpose LLMs from foundation model developers with dozens of specialist models like Mistral and Qwen, they leave their security leaders asking: “Can I trust this model for my data and my ...

From Aware to Actionable: Closing the Cloud Security Resilience Gap

Blog Published: 08/07/2025

At a period when cloud adoption is at an all-time high and the attack surface continues to expand, most organizations still have not turned cybersecurity awareness into action. According to PwC’s 2025 Global Digital Trust Insights, only 2% of businesses have implemented cyber resilience me...

Strategic Implementation of the CSA AI Controls Matrix: A CISO's Guide to Trustworthy AI Governance

Blog Published: 08/08/2025

The rapid proliferation of generative artificial intelligence (GenAI) across enterprise environments has created an unprecedented governance challenge for Chief Information Security Officers (CISOs) and GRC professionals. Traditional cybersecurity frameworks, while foundational, are insuff...

The Missing Piece in GRC

Blog Published: 08/11/2025

In our last post, we explored how the governance, risk, and compliance (GRC) landscape is evolving and how AI is reshaping its future. This next phase is what we call GRC 4.0. While Generative AI (GenAI) has been around for years, its widespread accessibility has only taken off recently, ...

Visibility ≠ Security: The SaaS Illusion That’s Putting Enterprises at Risk

Blog Published: 08/12/2025

The SaaS security reality check: What 800+ security leaders revealed about the true state of SaaS risks. At first glance, the SaaS story looks great: Dashboards are green, audits are clean, and executives feel safe. But dig a little deeper, and a different picture emerges. AppOmni’s 2025 ...

Cloud Security Alliance Names Google Cloud as First Company to be Valid-AI-ted, Setting New Benchmark for Data-driven Cloud Assurance

Press Release Published: 08/04/2025

Milestone recognizes Google Cloud’s leadership in transparent and trusted cloud computing services SEATTLE – August 4, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure clou...

Sunsetting Circle: Where CSA Communities Are Headed and How to Join

Blog Published: 08/07/2025

The Cloud Security Alliance (CSA) is evolving in how we connect, collaborate, and engage with our community. Over the past few years, our Circle community has served as a central hub for working groups, chapters, and training communities. While it’s been a valuable platform, we’re moving...

How to Secure and Manage Virtualized IT Environments the Right Way

Blog Published: 08/13/2025

Originally published by Reemo.   Virtualization brings undeniable flexibility and scalability to IT infrastructures. However, these advantages come with significant risks if security and management practices are not modernized accordingly.   Virtualized Environments: Specific ...

Why You Should Say Goodbye to Manual Identity Processes

Blog Published: 08/13/2025

As revealed in Cerby’s 2025 Identity Automation Gap Report, 46% of security and IT leaders say their organization has already experienced a security, compliance, or operational issue directly caused by manual identity workflow execution. Why do manual identity workflows continue to exist...

Assets Under Attack: Email Threats Targeting Financial Services Jump 25%

Blog Published: 08/14/2025

Money talks—and cybercriminals are listening. The financial services (FinServ) industry is becoming an increasingly popular target for advanced email attacks, as a single successful breach can unlock millions in assets and compromise the financial security of countless individuals. As artif...

Looking Back on a Successful Social Engineering Attack: Retool 2023

Blog Published: 08/18/2025

CSA’s Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world security breaches. The report presents the narrative of each incident, as well as the relevant cloud security risks and mitigations. Today we’re reflecting on the sixth incident covered in the Deep Dive: ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
205
206
207
209
Last »