Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Help shape the future of cloud security! Take our quick survey on SaaS Security and AI.

All Articles

Home
All Articles
Zero Trust in the Cloud: Why Total Context Matters

Blog Published: 01/11/2024

Originally published by Reco.Written by Dr. Chase Cunningham. In recent years, the cloud has become the go-to platform for businesses of all sizes. The agility, scalability, and cost-effectiveness it offers are undeniable advantages. However, this rapid shift to the cloud has also exposed organiz...

How Malicious Insiders Use Known Vulnerabilities Against Their Organizations

Blog Published: 01/11/2024

Originally published by CrowdStrike. Between January 2021 and April 2023, CrowdStrike identified multiple incidents in which an internal user either exploited or sought to exploit a known vulnerability, or deploy offensive security tooling against their enterprise environment.Approximately 55% of...

Data Privacy Dilemmas Highlight Need for Comprehensive DLP

Blog Published: 01/10/2024

Originally published by CXO REvolutionaries. Written by Daniel Ballmer, Senior Transformation Analyst, Zscaler. Imagine you place an order for food delivery and shortly after it arrives you receive a text message. The delivery driver is asking you out on a date. This experience is a reality for 3...

Uncovering Hybrid Cloud Attacks Through Intelligence-Driven Incident Response: Part 1– Addressing the Speed of Cloud Attacks

Blog Published: 01/10/2024

Originally published by Gem Security. Written by Yotam Meitar. The rapid global migration to cloud environments has created unparalleled opportunities for scaling up IT operations, along with an increasingly high volume of sophisticated cyberattacks. Effectively responding to these attacks can be...

OAuth Token: What It Is, How It Works, and Its Vulnerabilities

Blog Published: 01/09/2024

Originally published by AppOmni. Written by Tamara Bailey, Content Marketing Specialist, AppOmni. Previous security breaches at Heroku and GitHub serve as stark reminders that OAuth token theft and inactive, overly permissive SaaS-to-SaaS connections represent significant security risks to any or...

NIST SP 800-171 R3: An Overview of the Changes

Blog Published: 01/09/2024

Originally published by Schellman. In the latest revision of documents pertinent to the ongoing CMMC countdown, NIST SP 800-171 R3 has been released. Though there were only a handful of changes in this new version, there were some significant ones regarding the assessment practices and their pres...

Gain Business Support for Your Zero Trust Initiative

Blog Published: 01/08/2024

Written by Alex Sharpe and Jason Garbis of the CSA Zero Trust Working Group.Zero Trust is a major industry trend that is being adopted and promoted by security teams within many organizations around the globe, and for good reason. Zero Trust mitigates cyber risk, allowing the business to create n...

Resilient Container Security: How Container Security Benefits Cybersecurity and DevOps

Blog Published: 01/08/2024

Written by Christina DePinto, Product Marketing Manager, Tenable Cloud Security. Securing containers across the entire software development life cycle is a huge win for cybersecurity teams and DevOps. Why? These two traditionally siloed entities can now congregate around a strategic approach to ...

Practical Ways to Combat Generative AI Security Risks

Blog Published: 01/05/2024

Originally published by Astrix.Written by Idan Gour. As many have come to realize in the cyber world, all that glitters is not gold. Generative AI, and its ability to automate work processes and boost productivity, is increasingly being used across all business environments. While it’s easy to ge...

5 Simple Ways Innovative Tech Decision-Makers Can Streamline DevOps Security

Blog Published: 01/05/2024

Originally published by Britive.DevOps has emerged in the last few years as the ultimate game-changer, driving agility and efficiency across the software development lifecycle. However, the fast-paced nature of DevOps can leave security teams struggling to keep up. Enter DevOps security, the vita...

Enhancing Access Control by Combining IGA and PAM

Blog Published: 01/05/2024

Written by Alex Vakulov. Some companies adopt IGA (Identity Governance & Administration) systems to protect against cyber threats by controlling user access. Others focus on PAM (Privileged Access Management) to secure accounts with extended rights. What would happen if these technologies wer...

Defensive AI, Deepfakes, and the Rise of AGI: Cybersecurity Predictions and What to Expect in 2024

Blog Published: 01/04/2024

Originally published by Abnormal Security on November 30, 2023. Written by Jade Hill. There is no denying that AI has been the buzzword of 2023, as this year professionals and cybercriminals alike discovered how to use it to their advantage. And as we look into the new year, that is not likely to...

Assistive vs Automatic Remediation: What to Consider

Blog Published: 01/04/2024

Originally published by Dazz. Written by Noah Simon, Head of Product Marketing, Dazz. Without any doubt, automation is growing in importance for security teams. No matter the size and resources - every company is grappling with the fact that attacks now happen in hours, but it takes most organiza...

Revolutionizing Enterprise Security Management with AIOps

Blog Published: 01/03/2024

Originally published by HCLTech. Written by Prashant Mishra, Sr Solutions Architect, Global Alliances, Palo Alto Networks and Amit Raj, Associate General Manager, Cybersecurity, HCLTech. In today’s rapidly evolving digital landscape, the complexity of managing enterprise security is a constant ch...

The Top 5 Third-Party Integration Risks

Blog Published: 01/03/2024

Originally published by Suridata. Written by Haviv Ohayon, Co-Founder & COO, Suridata. Businesses are embracing Software-as-a-Service (SaaS) applications with growing enthusiasm. The market for SaaS software has doubled over the last five years, from $85 billion in 2018 to $171 billion in 202...

How Do I Communicate My New SOC 2 Report? SOC 2 Certified?

Blog Published: 01/03/2024

Originally published by MJD. Written by Mike DeKock, CPA, Founder & CEO, MJD. Q: How do I communicate my new SOC 2® Report? SOC 2 Certified?A: MJD AnswerWe highly recommend you do not use the phrase “SOC 2 Certified”. Yes, you see it everywhere, and your competitors are celebrating their ce...

Scarleteel 2.0 and the MITRE ATT&CK Framework

Blog Published: 01/02/2024

Originally published by Sysdig. Written by Nigel Douglas. In this blog post, we will take a comprehensive dive into a real-world cyber attack that reverberated across the digital realm – SCARLETEEL. Through an in-depth analysis of this notorious incident using the MITRE ATT&CK framework, we a...

New SEC Rules Push Cybersecurity to the Top of the Inbox

Blog Published: 01/02/2024

Originally published by Synack on September 11, 2023. Written by Stephen Soper. If you had the U.S. Securities and Exchange Commission on your bingo card for shaking up the cybersecurity sector this year, congratulations! Through its new cybersecurity disclosure requirements, which took effect Tu...

2024: A Critical Year for the Cloud Security Teenager

Blog Published: 12/29/2023

2024 marks the 15th anniversary of the Cloud Security Alliance. We have seen so many changes in our world, shifts in the tech scene, and several cloud security ventures come and go during that time. In a world that is so dynamic, corporations don’t have the same longevity they once had, but as a ...

WinRAR CVE-2023-38831 Vulnerability Draws Attention from APTs

Blog Published: 12/28/2023

Originally published by Uptycs. Written by Shilpesh Trivedi and Nisarga C M. In April 2023, the cybersecurity community faced a significant challenge with the discovery of CVE-2023-38831, a vulnerability affecting versions of WinRAR prior to 6.23. This security flaw has become a critical concern ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
21
22
23
25
27
28
29
Last »