Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
Powerful Cloud Permissions You Should Know: Part 2

Blog Published: 04/09/2024

Originally published by Sonrai Security.Written by Tally Shea and Deirdre Hennigar.MITRE ATT&CK Framework: PersistenceThis blog is the second publication in a series exploring the most powerful cloud permissions and how they map to the MITRE ATT&CK Framework. If you have not yet read the ...

Mapping the Impact of Cloud Remediation

Blog Published: 04/09/2024

Originally published by Tamnoon. Written by Michael St.Onge, Principal Security Architect, Tamnoon. What is impact analysis?Performing an impact analysis is a critical step in the cloud remediation process that employs methodical techniques to answer the questions: “What might go wrong if we impl...

Threats to Water: The Achilles’ Heel of Critical Infrastructure

Blog Published: 04/08/2024

Originally published by CXO REvolutionaries.Written by David Cagigal, Former CIO of the State of Wisconsin.Recent cyberattacks on the water industry raise the prospect of more frequent, widespread, damaging incidents that threaten disruption to lives and livelihoods. I know the chaos that stems f...

Why Do SOC Reports Have to Be Issued By a CPA Firm?

Blog Published: 04/08/2024

Originally published by MJD.Written by Chris Giles, CPA, Senior Manager, MJD.Q: Why do SOC reports have to be issued by a CPA firm?A: MJD AnswerThe simple answer is that SOC engagements are performed in accordance with standards set by the American Institute of Professional Accountants (AICPA). T...

Insider Data Breach at US Telecom Provider is a Wake-Up Call for HR Information Systems Security

Blog Published: 04/08/2024

Originally published by Adaptive Shield.Written by Hananel Livneh. A major player in the US telecommunications industry, with over 117,000 employees, recently experienced an insider data breach that has impacted nearly half of its workforce. The breach, discovered on December 12, 2023, occurred o...

Navigating Your Cloud Journey in 2024: Key Resources from the Cloud Security Alliance

Blog Published: 04/05/2024

Written by Nicole Krenz, Web Marketing Specialist, CSA.The cloud security landscape is ever-evolving, presenting new opportunities and challenges, especially in the realms of AI, compliance and governance, and continuous security education and advancement. The Cloud Security Alliance (CSA) is at ...

The Modern Data Stack Has Changed the Security Landscape

Blog Published: 04/05/2024

Written by Uday Srinivasan, CTO, Acante.The way businesses analyze, transform and share data has radically changed over the past few years. We are in the post-Hadoop era with the Apache Software Foundation retiring over 10 Hadoop-related projects over the last three years. The shift of enterprise...

How the Sys:All Loophole Allowed Us to Penetrate GKE Clusters in Production

Blog Published: 04/05/2024

Originally published by Orca Security. Written by Ofir Yakobi. Following our discovery of a critical loophole in Google Kubernetes Engine (GKE) dubbed Sys:All, we decided to conduct research into the real-world impacts of this issue. Our initial probe already revealed over a thousand vulnerable G...

CSA Turns 15: Kicking Off the Next 85 Years of Cloud Security Excellence

Blog Published: 04/04/2024

As we celebrate the 15th anniversary of the Cloud Security Alliance (CSA), I'm compelled to marvel at our journey from ambitious upstarts to a critical global stakeholder for cybersecurity. Our goal, audacious as it may sound, is not just to leave a mark on the cloud security landscape, but to et...

Runtime is the Way

Blog Published: 04/04/2024

Originally published by Sysdig. Written by James Berthoty. The cloud security market has been totally bizarre ever since it started. Why are we being given a python script to count our workloads? How do we handle sending alerts like “new unencrypted database” to a SOC? What’s the difference betwe...

Detecting Compromised Accounts in Microsoft 365

Blog Published: 04/04/2024

Originally published by InsiderSecurity.IntroductionIn today's digital age, cybersecurity is of paramount importance, with organizations facing an ever-evolving landscape of cyber threats and attacks. InsiderLab (our dedicated team of cybersecurity experts) conducts in-depth research and analysis...

CSA Community Spotlight: Establishing Cloud Security Standards with Dr. Ricci Ieong

Blog Published: 04/03/2024

CSA began establishing standards for cloud security assurance and compliance back in 2009, when the company was officially incorporated and we released the first version of our cloud security best practices. The following year, we developed the Cloud Controls Matrix (CCM), and in 2012, the CSA Se...

More Than Half of Organizations Plan to Adopt Artificial Intelligence (AI) Solutions in Coming Year, According to Report from Cloud Security Alliance and Google Cloud

Press Release Published: 04/03/2024

Significant Generative AI (GenAI) adoption expected in 2024, driven by C-suite prioritizationSEATTLE – April 3, 2024 – A new survey from the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure ...

Designed to Deceive: 6 Common Look-alike Domain Tactics

Blog Published: 04/03/2024

Originally published by Abnormal Security.Written by Mick Leach.With threat actors lurking around every digital corner, it can sometimes make scrolling through an inbox feel like traversing a minefield. Employing various strategies to deceive their targets, attackers count on end-user oversight t...

Key Findings from the 2024 State of Application Security Report

Blog Published: 04/03/2024

Originally published by CrowdStrike. As organizations shift their applications and operations to the cloud and increasingly drive revenues through software, cloud-native applications and APIs have emerged among the greatest areas of modern security risk. According to publicly available data, eigh...

Privacy Isn't Just About Data: It's About Dignity

Blog Published: 04/02/2024

Written by Dr. Chantal Spleiss, CSA AI Governance and Compliance Working Group Co-Chair.The consequences of a privacy breach extend far beyond data loss, potentially triggering deep feelings of shame. Less than 15% of countries do not have or are drafting a privacy law emphasizing the huge import...

How We Can Help Corporate Boards with Cybersecurity

Blog Published: 04/02/2024

Originally published by RegScale. Recently the Wall Street Journal featured an article titled Why Corporate Boards Need More Cybersecurity Experience, and it got me thinking about what we can do to help them; we can do a lot. What’s the situation you ask? According to the WSJ, “Directors currentl...

Cloud Security Alliance Artificial Intelligence (AI) Webinar Series Will Address Pivotal Cloud Computing Topics in Leadup to AI Summit at RSA

Press Release Published: 04/02/2024

Thought-leadership webinars to provide key insights on elevating organizations’ cybersecurity postureSEATTLE – April 2, 2024 – Throughout the month of April, the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to ...

“Toxic Combinations” are Inadequate: A Case Study

Blog Published: 04/02/2024

Originally published by Skyhawk Security.Written by Chen Burshan, CEO, Skyhawk Security.Posture management has turned into an exercise in prioritization, but this hasn’t made us safer.If a Tree Falls in the Forest…We all know the adage, “If a tree falls in the forest and nobody is there to hear i...

UN AI Resolution, EU AI Act, and Cloud Security Alliance's Recent Efforts: White Paper on AI Organizational Responsibility for Core Security

Blog Published: 04/01/2024

Updated 5/8/24.In a world where artificial intelligence (AI) is rapidly becoming an integral part of our lives, ensuring its secure and responsible development and deployment is more critical than ever. The Cloud Security Alliance (CSA) has taken a significant step forward in this direction with ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.