Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Help shape the future of cloud security! Take our quick survey on SaaS Security and AI.

All Articles

Home
All Articles
The Difference Between CSPM and SSPM

Blog Published: 11/20/2023

Originally published by Suridata. Written by Lee Kappon, Co-Founder & CEO, Suridata. Years ago, a marvelous cartoon in The New Yorker featured one bearded college professor yelling at another, “Wait, all this time, I was talking macro and you were talking micro?” This is how conversations unf...

Cloud Identity and Access Management Game Changers: Top 3 Innovations in Cloud Security for 2023

Blog Published: 11/20/2023

Originally published by Britive. As multi-cloud business operations proliferated throughout 2023, it became clear that the future of cloud security favors those committed to staying on the cutting edge of access management. 2023 delivered an arsenal of innovative trends and strategies to navigate...

Behind the Curtain with a CCZT Developer: Security Solution Architect Bernard Coetzee

Blog Published: 11/18/2023

The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The winner of Cyber Defense Magazine’s 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training, the cer...

Generative AI in the Workplace: Striking a Balance Between Innovation and Risk

Blog Published: 11/17/2023

Originally published by CXO REvolutionaries. Written by Christopher Jablonski, Director, CXO REvolutionaries & Community, Zscaler. Given what we’ve observed since the launch of OpenAI’s ChatGPT last Fall, generative AI and large language models look poised to eventually make every employee an...

Building an Effective User Identity Ecosystem Through Secure Digital Access

Blog Published: 11/17/2023

Written by Sanjay Karandikar, Director & Global Practice Head for IAM, Cybersecurity, HCLTech. In today's rapidly evolving digital landscape, user identity and cybersecurity concepts have emerged as pivotal concerns. With the widespread adoption of cloud technology and the ever-expanding atta...

Google’s Vertex AI Platform Gets Freejacked

Blog Published: 11/17/2023

Originally published by Sysdig. Written by Michael Clark. The Sysdig Threat Research Team (Sysdig TRT) recently discovered a new Freejacking campaign abusing Google’s Vertex AI platform for cryptomining. Vertex AI is a SaaS, which makes it vulnerable to a number of attacks, such as Freejacking an...

My Reflections on OpenAI DevDay 2023: Security of New Features

Blog Published: 11/16/2023

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR. Image generated by DALL.E 3 of OpenAI 1: Introduction On November 6th, 2023, I had the opportunity to attend the inaugural OpenAI Developer Day. This event was a significant gathering, unveiling a variety of new,...

Who Can Access My Sensitive Data?‍

Blog Published: 11/16/2023

Originally published at Dig Security. Written by Sharon Farber. Data serves as the lifeblood of organizations, fueling insights, driving decision-making, and nurturing customer relationships. However, the challenge lies in effectively managing this valuable asset, particularly when it resides in ...

CSA STAR CCM Lite

Blog Published: 11/16/2023

Written by Ashwin Chaudhary, CEO, Accedere. The Cloud Security Alliance (CSA) STAR CCM Lite is a streamlined version of the CSA Cloud Controls Matrix (CCM) v4, a cybersecurity controls framework for cloud computing developed by CSA. CCM v4 was released in September 2021. The CCM Lite is a compreh...

Top 3 Reasons to Replace Your SEG

Blog Published: 11/15/2023

Originally published by Abnormal Security. Written by Lane Billings. By manipulating generative AI and other forms of new technology, highly skilled cybercriminals have made defending email an ever-evolving uphill battle. Traditional secure email gateways (SEGs) are no longer an effective means o...

Cloud Security Alliance Launches the Industry’s First Authoritative Zero Trust Training and Credential, the Certificate of Competence in Zero Trust (CCZT)

Press Release Published: 11/15/2023

Uniquely positions CSA as the authoritative source to deliver the industry’s first holistic benchmark for measuring Zero Trust knowledgeSEATTLE – Nov. 15, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices...

Behind the Curtain with a CCZT Developer: Head of Identity Security Sesh Ramasharma

Blog Published: 11/14/2023

The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The winner of Cyber Defense Magazine’s 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training, the cer...

CCZT: A Major Milestone on the Zero Trust Journey

Blog Published: 11/14/2023

My personal history in cybersecurity began in the very early days of the commercialization of the nascent Internet. I started out as a firewall guy in 1992, primarily because my customers relied on firewalls to protect their network perimeters. Firewall implementation was underpinned by a simple ...

More on Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan

Blog Published: 11/14/2023

Originally published by Mitiga. Written by Ariel Szarf and Or Aspir. Imagine that you’re a SOC (Security Operations Center) analyst receiving an alert about suspicious behavior from a binary on an EC2 instance. After checking the binary on VirusTotal, you find it was an AWS-developed software sig...

The Windows Restart Manager: How It Works and How It Can Be Hijacked, Part 2

Blog Published: 11/14/2023

Originally published by CrowdStrike. In the first part of this series, we provided a brief overview of the Windows Restart Manager. In this blog post, we examine how these mechanisms can be exploited by adversaries.Opportunities for RansomwareThe Restart Manager preempts unwelcome reboots by shut...

Understanding Data Inventory and Why It Matters to CISOs

Blog Published: 11/13/2023

Originally published by Symmetry Systems. Written by Claude Mandy, Chief Evangelist, Symmetry Systems. In a modern organization, you cannot overstate the role of data. It is the largest, distributed and most valuable asset they have. Data influences everything from revenue growth to security risk...

Understanding and Enhancing the Values of ISO/IEC 27001 Internal Audit

Blog Published: 11/13/2023

Originally published by CAS Assurance. What is the ISO 27001 Internal Audit?Generally, internal audit is defined as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization achieve its objectives by brin...

Nonprofit Cyber Launches World More Than a Password Day

Press Release Published: 11/10/2023

Coalition of nonprofit organizations releases groundbreaking Common Guidance on Passwords with 90 signatories globallyNew York, Nov. 10, 2023: Safeguarding your online identity and data has never been more critical. “World More Than a Password Day” is a global movement to emphasize the importance...

I’m Implementing Generative AI Into My Company’s Cybersecurity Product. Here’s What I’ve Learned.

Blog Published: 11/09/2023

Originally published by Dazz. Written by Eshel Yaron, Software Engineer, Dazz. AI is ubiquitously on everyone’s minds today – from large corporations to middle school classrooms. And it’s no wonder—this technology is transformative in the speed of creation and innovation.When ChatGPT came out, I ...

Navigating Compliance Requirements for Businesses Collecting Consumer Health Information

Blog Published: 11/09/2023

Originally published by BARR Advisory.The Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services (HHS) recently released an updated joint publication for organizations that collect consumer health information. The publication provides businesses guidance for complying...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
25
26
27
29
31
32
33
Last »