Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
Other Practices Are Placing Greater Trust in AI... When Will Cybersecurity?

Blog Published: 02/22/2024

Originally published by Dazz.Written by Noah Simon, Head of Product Marketing, Dazz.In 2023, we saw AI adoption rates soar—particularly for large language learning models (LLMs). Many industries are now incorporating AI into common processes and are seeing positive results—and not just in cost sa...

5 Takeaways from a CISO Focus Group: Strategies for Managing Security and Compliance in Today’s Digital Business Landscape

Blog Published: 02/22/2024

Originally published by RegScale.Everyone recognizes that in today’s rapidly evolving business landscape, security AND compliance have become central to the success and sustainability of organizations. In an effort to gain an understanding of the customers we serve, RegScale made the decision to ...

From Security Evolution to Generative AI: A Q&A with an Industry Leader

Blog Published: 02/21/2024

Tim Chase, Field CISO at Lacework, recently sat down with Rahul Gupta, Head of Security and Governance, Risk, and Compliance (GRC) at Sigma Computing. The two discussed a wide range of topics, including Gupta’s perspective on the evolving security industry, how to attract and retain talent, thing...

What's Required After My First SOC 2 Report?

Blog Published: 02/21/2024

Originally published by MJD.Written by Mike DeKock, CPA, CEO, MJD.Q: What is required after my first SOC 2 report?A: MJD AnswerYou’ve completed your SOC 2 report. That first-time report can be a lot of work, and it’s worth celebrating while you hang the new AICPA logo on the website. So what’s ne...

Latest DevSecOps Guidance from Cloud Security Alliance and SAFECode Emphasizes Value of Collaboration, Integration in DevSecOps Landscape

Press Release Published: 02/21/2024

Document provides practical insights for seamlessly embedding security in DevOps processes and workflow and examines convergence of DevSecOps with Zero Trust, MLSecOps, and AIOps SEATTLE – Feb. 21, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining st...

AI & Software Security: How to Implement AI Responsibly and Successfully

Blog Published: 02/21/2024

Originally published by ArmorCode. Generative AI (GenAI) dominated the technology landscape in 2023 prompting many technology companies to formulate an AI strategy – from adopting AI-enabled tools for performance and productivity gains to developing and building upon large language models (LLM) t...

Trust Model: The First Step to Ensure Your IT Network

Blog Published: 02/20/2024

Originally published by Devoteam.What is Zero Trust? Zero Trust is a security approach that mandates verification, employs least privilege, and operates under the assumption of a breach for every access request to a private network, irrespective of its origin or destination. Its foundation rests...

CVE-2023-38545: High Severity cURL Vulnerability Detection

Blog Published: 02/20/2024

Originally published by Sysdig on October 12, 2023. Written by Miguel Hernández. On Oct. 11, a new version of curl (8.4.0) was released where a couple of new vulnerabilities were fixed (CVE-2023-38545 with severity HIGH and CVE-2023-38546 with severity LOW). These issues were previously announced...

AI in the SOC: Enhancing Efficiency Without Replacing Human Expertise

Blog Published: 02/20/2024

Originally published by Abnormal Security. Written by Mick Leach.The quickened pace of AI development and release of tools like ChatGPT mark a fundamental shift in the AI conversation—moving from “what could happen” to “what will happen.”One topic that gets a significant amount of attention is wh...

The CSA Cloud Controls Matrix and Consensus Assessment Initiative Questionnaire: FAQs

Blog Published: 02/17/2024

Two essential tools in the world of cloud computing are CSA’s Cloud Controls Matrix (CCM) and the Consensus Assessment Initiative Questionnaire (CAIQ). These tools are the backbone of the CSA Security, Trust, Assurance, and Risk (STAR) program, the largest cloud assurance program in the world. Be...

Book Introduction: Generative AI Security: Theories and Practices

Blog Published: 02/16/2024

Written by Ken Huang, Co-Chair of Two CSA AI Safety Working Groups, VP of Research of CSA GCR, and CEO of Distributedapps.ai. In this blog, I would like to talk about my upcoming book Generative AI Security: Theories and Practices. I started this book project in January 2023. The project ended...

Data Governance in the Cloud

Blog Published: 02/16/2024

Written by Ashwin Chaudhary, CEO, Accedere. As all organizations are moving towards the digitization of data and cloud computing, it is important to protect and ensure data governance by all organizations. New data security solutions are needed considering data digitization and cloud computing. A...

Zero Trust Messaging Needs a Reboot

Blog Published: 02/16/2024

Written by Daniel Ballmer, Senior Transformation Analyst, CXO REvolutionaries, Zscaler.It’s 2024, and Zero Trust adoption across industries remains somewhere below 33%. For reference, de-perimeterization, a stepping-stone to Zero Trust, was first discussed on the Jericho Forums twenty years ago. ...

The Latest Microsoft Midnight Blizzard Breach is a Wakeup Call for SaaS Security

Blog Published: 02/15/2024

Originally published by Valence. Microsoft recently published new guidance on the nation-state attack that they initially disclosed on January 19. According to Microsoft, the Russian state-sponsored threat actor Midnight Blizzard (also known as NOBELIUM or APT29) was able to leverage a test tenan...

The Return of the Notorious Qakbot Threat Campaign

Blog Published: 02/15/2024

Previous tactics from the dismantled QakBot Trojan now fuel wide-ranging phishing campaignsOriginally published by Skyhigh Security. Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. Remember the QakBot cyberthreat (otherwise known as Qbot or Pinkslipbot)? This threat wa...

Addressing Microsoft Teams Phishing Threats

Blog Published: 02/15/2024

Originally published by Adaptive Shield.Written by Hananel Livneh. AT&T Cybersecurity recently discovered phishing attacks conducted over Microsoft Teams. During a group chat, threat actors distributed malicious attachments to employees, which led to the installation of DarkGate malware on th...

A CISO Primer for Staying on the Right Side of the SEC’s Cyber Materiality Rules

Blog Published: 02/14/2024

Originally published by CXO REvolutionaries.Written by David Cagigal, Former CIO, State of Wisconsin.When the SEC charged SolarWinds CISO Tim Brown and his employer with fraud and internal control failure that led to the 2020 supply chain cyberattack, CISOs of public companies collectively shudde...

Cloud Security Alliance Survey Finds 77% of Respondents Feel Unprepared to Deal with Security Threats

Press Release Published: 02/14/2024

Results highlight the importance of unified visibility across code-to-cloud environments to counter risks effectivelySEATTLE – Feb. 14, 2024 – A new survey and report on The State of Security Remediation from the Cloud Security Alliance (CSA), the world’s leading organization dedicated to definin...

Preparing for the Era of Post-Quantum Cryptography

Blog Published: 02/14/2024

Originally published by HCLTech. Written by Girish Kumar Vaideeswaran, Data Security Consultant, Data Security and Data Privacy, Cybersecurity, HCLTechComputers! What an innovation it has been, incepting from the general-purpose ENIAC, which was approximately housed in a 2000 square foot space we...

Ransomware Unveiled: The Business Impact and Prevention Strategies

Blog Published: 02/13/2024

Originally published by Schellman. In the ever-evolving digital landscape, the sophistication of cybersecurity advances runs in parallel with the advancing cyberattacks. Among these varied threats, ransomware, and what can be its devastating impact, remains a prominent concern as it becomes clear...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.