Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Help shape the future of cloud security! Take our quick survey on SaaS Security and AI.

All Articles

Home
All Articles
Securing Cloud Infrastructure: Cloud Security Training Bundle

Blog Published: 12/27/2023

Whether you're a seasoned IT professional or just embarking on your cloud journey, continuous education is the key to staying on top of the latest security advancements. CSA’s Cloud Infrastructure Security Training Bundle serves as a reliable guide in your cloud security journey. Instead of bomba...

Applying the AIS Domain of the CCM to Generative AI

Blog Published: 12/22/2023

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR. 1. Introduction The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing that's developed by the Cloud Security Alliance (CSA). It's designed to provide organizations with the necessary...

2024 SaaS Security Predictions: A Look at the SaaS Threat Landscape in the Year Ahead

Blog Published: 12/22/2023

Originally published by AppOmni. Written by Beverly Nevalga. Breaches of consumer health, credit data, and military systems were among the most devastating in 2023 – evidence that no SaaS applications are immune from being compromised. To find out what next year holds, we asked 5 cybersecur...

Resilient Container Security: How to Achieve it in Three Steps

Blog Published: 12/22/2023

Written by Christina DePinto, Product Marketing Manager, Tenable Cloud Security. As your organization grows its cloud adoption, chances are its use of containers is rapidly increasing, too, and with it the need to secure your container infrastructure. But how do you properly and effectively prot...

How to Build a Third-Party Risk Management Strategy

Blog Published: 12/21/2023

Originally published by BARR Advisory. Written by Brett Davis. Today’s modern enterprise is often fragmented, with businesses relying extensively on third-party vendors and partners. While these relationships are critical for the success of organizations of all sizes, the management of associated...

Securing CI/CD Pipelines: Why a Comprehensive Approach is Needed

Blog Published: 12/21/2023

Originally published by Dazz. Written by Noah Simon, Head of Product Marketing, Dazz. Continuous Integration and Continuous Deployment (CI/CD) pipelines have become the backbone of modern software development, enabling teams to deliver code faster and more reliably. However, in the rush to accele...

Traditional Privileged Access Management is Antiquated; Modernize with the 5 Advantages of JIT

Blog Published: 12/21/2023

Originally published by Britive.Forward-thinking DevSecOps professionals know that when it comes to privileged access, innovation and adaptability are the name of the game. Privileged Access Management (PAM) solutions have long served as the guardians of critical systems and data, essential for c...

The 2023 OMB Draft Memorandum on FedRAMP Explained: The Road to Modernization

Blog Published: 12/20/2023

Originally published by Schellman. On October 27, 2023, the Office of Management and Budget (OMB) released a draft memorandum titled Modernizing the Federal Risk Authorization Management Program (FedRAMP). Savvy readers may have noticed the parallelism of the 2011 and 2023 FedRAMP memorandums to ...

5 Security Risks of Collaboration Tools

Blog Published: 12/20/2023

Originally published by Abnormal Security. Written by Mick Britton. Today’s business tech ecosystems are rapidly evolving. Many employees take advantage of remote work, SaaS environments continue to expand, and collaboration tools increase in popularity. Common examples of these tools include Sla...

The Difference Between Securing Custom-Developed vs. Commercial Off-the-Shelf Software

Blog Published: 12/20/2023

Originally published by CrowdStrike. Modern applications are designed to process, use and store vast amounts of sensitive data. As adversaries seek to infiltrate these applications, IT and security teams must ensure the software they use has the strongest possible security. The first step to impl...

What Controls are Required for SOC 2 Reports?

Blog Published: 12/19/2023

Originally published by MJD.Written by Mike DeKock, CPA, Founder & CEO, MJD.Q: What controls are required for SOC 2®?A: MJD AnswerThere is nuance to this question, and other well-meaning and very smart people that I respect might give a different answer. But within the volumes of literature...

Identifying SaaS App Risks

Blog Published: 12/19/2023

Originally published by Suridata. Written by Haviv Ohayon. SaaS vendors tend not to enforce strong security settings by default. Rather, they leave the details up to the client’s discretion. They do this mostly to reduce their responsibility for security. They also want to make their services les...

When a Breach Isn't All Bad: Making the Most of Adverse Cyber Circumstances

Blog Published: 12/19/2023

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler.Would you do business with a company that’s recently been in the headlines for a data breach? I would. Let me tell you why.High-profile incidents are one of the most surefire ways to get companies to tak...

What’s Logs Got to Do With It?

Blog Published: 12/18/2023

Leveraging the cross-cutting capability of visibility and analytics for Zero Trust implementationWritten by Shruti Kulkarni, Cyber Security Architect at 6point6. Visibility and analytics is a cross-cutting capability for Zero Trust. In simple terms, visibility is achieved based on logging and mon...

Behind the Curtain with a CCZT Developer: Director Zenith Law

Blog Published: 12/18/2023

The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The winner of Cyber Defense Magazine’s 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training, the cer...

eBPF Offensive Capabilities – Get Ready for Next-Gen Malware

Blog Published: 12/18/2023

Originally published by Sysdig. Written by Daniele Linguaglossa. It’s not a mystery that eBPF (Extended Berkeley Packet Filter) is a powerful technology, and given its nature, it can be used for good and bad purposes. In this article, we will explore some of the offensive capabilities that eBPF...

Unraveling CVE-2023-46214: A Deep Dive into Splunk RCE Vulnerability

Blog Published: 12/15/2023

Originally published by Uptycs. Written by Siddartha Malladi. Cybersecurity experts have uncovered a critical Remote Code Execution (RCE) vulnerability in Splunk, the data analytics platform that forms the backbone of many corporate IT infrastructures. Identified as CVE-2023-46214, this flaw coul...

Comments on Draft NIST Special Publication 800-92r1 “Cybersecurity Log Management Planning Guide”

Blog Published: 12/15/2023

Originally published by Gigamon. Written by Orlie Yaniv, Ian Farquhar, and Josh Perry. Editor’s note: the mechanisms by which organizations derive observability and visibility generally fall under the title of telemetry, and the most prevalent form of telemetry is logging. As we see increased thr...

AI: Both a Help and a Hindrance for the Public Sector

Blog Published: 12/15/2023

Originally published by Synack on October 27, 2023. Written by Luke Luckett. Last week, we hosted the Synack Security Symposium in Washington, D.C. In an open forum, Wade Lance, Synack’s Global Field CISO, facilitated a lively discussion on cybersecurity in the age of AI. Several themes c...

An Update on EU Cybersecurity: NIS2, EU Cybersecurity Schemes, and the Cyber Resilience Act

Blog Published: 12/14/2023

Originally published by Schellman.The European Union (EU) has made significant strides lately in shaping cybersecurity regulation—new developments include those related to the NIS2 Directive, the EU Cybersecurity Act, the EU Cloud Services Cybersecurity Scheme (EUCS), and the EU Cyber Resilience ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
22
23
24
26
28
29
30
Last »