Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Streamlining Cloud Security: Integrating CSA CCM Controls into Your ISO/IEC 27001 Framework

Blog Published: 10/29/2024

In today’s rapidly evolving security landscape, it can be overwhelming to manage multiple frameworks, especially for organizations striving for excellence in cloud security. The CSA Cloud Controls Matrix (CCM) is a gold standard in cloud security governance, providing a detailed map of best pract...

New Paper from Cloud Security Alliance Examines Considerations and Application of Zero Trust Principles for Critical Infrastructure

Press Release Published: 10/29/2024

Paper bridges gap between traditional information technology security methodologies and the unique demands of critical infrastructure sectorsSEATTLE – Oct. 29, 2024 – In today's interconnected world, critical infrastructure (CI) sectors face an ever-evolving landscape of cyber and physical threat...

Elevating Security Standards with AI Cloud Security Compliance Tools

Blog Published: 10/28/2024

Written by Ashwin Chaudhary, CEO, Accedere.Organizations are quickly moving to cloud environment in today's digital landscape due to it’s potential for cost savings, scalability, and flexibility. But this change also brings a complicated new set of compliance and security issues. Here are AI clou...

Democracy at Risk: How AI is Used to Manipulate Election Campaigns

Blog Published: 10/28/2024

From spreading disinformation to facilitating voter manipulation, AI can be used for unethical election practicesOriginally published by Enkrypt AI.Written by Satbir Singh, Product Manager and Engineer, Enkrypt AI.It's election season in the United States once again. As political candidates ramp ...

Are Companies Becoming More Transparent About Cyber Incidents?

Blog Published: 10/28/2024

Originally published by CXO REvolutionaries.Written by Nat Smith, Sr. Director, Product Management, Zscaler.Not long ago, companies were hesitant to disclose cyber incidents, fearing a backlash and damage to their reputations, and a loss of customer trust. In 2017, Equifax waited six weeks to dis...

How CSA Research Uses the Cloud Controls Matrix to Address Diverse Security Challenges

Blog Published: 10/25/2024

CSA extensively leverages the Cloud Controls Matrix (CCM) to enhance security practices across various domains of cloud research. The CCM is a comprehensive cloud security framework consisting of 197 security control objectives. The main purpose of the framework is to help organizations address t...

Unpacking the Cloud Security Best Practices from CISA and the NSA

Blog Published: 10/25/2024

Originally published by Tenable. Written by Zan Liffick. Recent cloud security guidance from CISA and the NSA offers a wealth of recommendations to help organizations reduce risk. This blog highlights key takeaways, provides further insights from CIS, and explores how utilizing cloud securi...

Elevating Alert Readiness: A People-First Approach for CISOs

Blog Published: 10/25/2024

Originally published by Devoteam.The Gartner Security & Risk Management Summit 2024 hammered home the need for a proactive and resilient approach to cybersecurity. Sure, there were plenty of shiny new technologies and strategies on display, but the biggest takeaway for me was the resounding e...

The CSA Triangle Chapter’s Year of Growth and Collaboration: 2023-2024 Highlights

Blog Published: 10/24/2024

Over the past year, under the leadership of Co-founder & President Shankar Chebrolu, the CSA Triangle Chapter has played a pivotal role in advancing cloud security education, building partnerships with local chapters and leading academic institutions, and fostering community engagement. The t...

Shadow AI Prevention: Safeguarding Your Organization’s AI Landscape

Blog Published: 10/24/2024

Written by CSA's AI Organizational Responsibility Working Group.In today’s rapidly evolving technological landscape, the rise of Shadow AI poses a significant challenge to organizations. Shadow AI refers to unauthorized or undocumented AI systems within an organization, which can compromise secur...

How to Simulate Session Hijacking in Your SaaS Applications

Blog Published: 10/24/2024

Originally published by AppOmni.Written by Justin Blackburn, Sr. Cloud Threat Detection Engineer, AppOmni.In our recent post on session hijacking, we examined how sessions work and discussed how sessions can be compromised. We also outlined mitigations that practitioners implement to thwart sessi...

The Cybersecurity Landscape in the Benelux Region and Beyond

Blog Published: 10/23/2024

Written by Matthew Robertson, Benelux Cyber Summit Program Manager.In today’s rapidly evolving digital landscape, staying informed is critical. In order to help you stay ahead of the growing cyber threat landscape, we are excited to introduce the Benelux Cyber Summit 2024 Annual Report—an in-dept...

Six Key Use Cases for Continuous Controls Monitoring

Blog Published: 10/23/2024

Originally published by RegScale.Written by Esty Peskowitz.Maintaining a strong security posture and ensuring compliance are critical challenges for organizations. Are you looking for ways to address these challenges more effectively? Continuous Controls Monitoring (CCM) offers an effective solut...

7 Ways Data Access Governance Increases Data ROI

Blog Published: 10/23/2024

Originally published by Normalyze.Written by Vamsi Koduru.Data is the backbone of your organization’s success—fueling informed decision-making, streamlining operations, enhancing customer experiences, and driving innovation. But without proper governance, you may not achieve these benefits. That’...

The Current Landscape of Global AI Regulations

Blog Published: 10/22/2024

Originally published by Truyo.As artificial intelligence (AI) continues to permeate various aspects of our lives, understanding the regulatory frameworks governing its development and application is becoming increasingly important. From the United States to China, different countries are adopting...

Cloud Security Alliance Releases Second Paper Delineating Organizational Responsibilities for Successfully and Ethically Implementing Artificial Intelligence

Press Release Published: 10/22/2024

Paper provides comprehensive, industry-neutral guidelines and best practices for various stakeholders, from CISOs and AI developers to business leaders and policymakersSEATTLE – Oct. 22, 2024 – Driven by the need to address the evolving landscape of Artificial Intelligence (AI) and its associated...

Optimizing Secrets Management to Enhance Security and Reduce Costs

Blog Published: 10/22/2024

Written by Itzik Alvas, Entro Security.Cyber threats are evolving rapidly. Organizations must navigate the delicate balance between robust security measures and cost-efficiency. One critical aspect of this balancing act is Non-Human identities & secrets management; secrets management is how o...

Top Threat #4 - Cloudy with a Chance of Breach: The Cloud Security Strategy Storm

Blog Published: 10/21/2024

Written by CSA’s Top Threats Working Group.In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whethe...

5 Behaviors for Transforming Your Cybersecurity Leadership

Blog Published: 10/21/2024

Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.As an enterprise cybersecurity leader, your role is pivotal in safeguarding your organization's assets, data, people, and reputation. You likely have a very capable team to help with each of these tasks, ...

File-Sharing Fraud: Data Reveals 350% Increase in Hard-to-Detect Phishing Trend

Blog Published: 10/21/2024

Originally published by Abnormal Security.Phishing has long remained a favorite strategy among cybercriminals, and as security awareness has evolved, so have their tactics. According to our H2 2024 Email Threat Report, which was released today, phishing makes up nearly 72% of all advanced attacks...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
1
3
5
6
7
Last »