Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Help shape the future of cloud security! Take our quick survey on SaaS Security and AI.

All Articles

Home
All Articles
Bad Zero Trust is Not Good Security

Blog Published: 11/08/2023

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler. As an advocate and veteran practitioner of zero trust, I was intrigued by a recent article decrying its "vulnerability.” In fact, seeing zero trust and vulnerability in the same headline had me wonderin...

MOVEit Exploit & Ransomware Attack: Why SaaS Security Is Critical During a Cyberattack

Blog Published: 11/08/2023

Originally published by Reco. Written by Gal Nakash. IntroductionIn the ever-changing landscape of cybersecurity threats, the MOVEit zero-day exploit and ransomware attack has been a reminder why a security program can’t be limited to just endpoint security & cloud security. Earlier in 2023, ...

The Windows Restart Manager: How It Works and How It Can Be Hijacked, Part 1

Blog Published: 11/07/2023

Originally published by CrowdStrike. Malware utilizes a multitude of techniques to avoid detection, and threat actors are continuously uncovering and exploiting new methods of attack. One of the less common techniques includes the exploitation of the Windows Restart Manager. To stay ahead of mali...

Quarterly Threat Bulletin: WinRAR Zero-Day Vuln and More

Blog Published: 11/07/2023

Originally published by Uptycs.Written by Dan Verton. The Uptycs Threat Research Team released its latest Quarterly Threat Bulletin today, covering the tactics, techniques and procedures (TTPs) of the most prevalent malware and threat actor groups. The Q3 Threat Bulletin highlighted the active ex...

Embracing a Cloud-Native Mindset

Blog Published: 11/06/2023

Written by Eyal Estrin. The use of the public cloud has become the new norm for any size organization. Organizations are adopting cloud services, migrating systems to the cloud, consuming SaaS applications, and beginning to see the true benefits of the public cloud. In this blog post, I will ex...

SaaS and the Shared Security Model

Blog Published: 11/06/2023

Originally published by Suridata.Written by Haviv Ohayon, Co-Founder & COO, Suridata. Who is responsible for securing digital assets in the public cloud, the customer, or the cloud service provider (CSP)? Most of the time, it’s both. CSPs require their customers to agree to what’s known as a ...

News of Note: Finding Solutions to Cybersecurity Impacts

Blog Published: 11/03/2023

We’re hitting that time of year where many of us are finalizing or fine-tuning annual strategies. We’re in the midst of framing top goals, priorities, and needs within the context of the plentiful challenges that we’re facing.As we despair over the number of lives lost and the unceasing destructi...

CSA STAR Certifications: What are They?

Blog Published: 11/03/2023

The CSA Security, Trust, Assurance, and Risk (STAR) program is the largest cloud assurance program in the world that constitutes an ecosystem of the best practices, standards, technology, and auditing partners. Any organization operating or providing cloud services can benefit from completing the...

The Current State of Cloud Data Security

Blog Published: 11/02/2023

Originally published by Dig Security. Written by Sharon Farber. Cloud computing has become a go-to solution for businesses worldwide. While cloud services offer several benefits, such as flexibility, scalability, and cost-effectiveness, they also bring in several challenges, especially when handl...

Navigating the AI Landscape: A Security Professional’s Guide to Enhancing Data Security Posture

Blog Published: 11/02/2023

Originally published by BigID. Written by Sarah Hospelhorn, Chief Marketing Officer, BigID. Artificial Intelligence (AI) often evokes a mix of enthusiasm, confusion, and skepticism, particularly among those in cybersecurity leadership roles such as Chief Information Security Officers (CISOs). AI ...

Shift Left is Only Part of Secure Software Delivery in Financial Services

Blog Published: 11/01/2023

Originally published by Sysdig. Written by Eric Carter, Sysdig and Effi Goldstein, Snyk. The way we manage our money has changed dramatically. In little more than a decade, we’ve gone from branch-led services to feature-rich apps offering 24/7 access to our money. Open Banking is driving product ...

3 Cybersecurity Threats Caused by Generative AI

Blog Published: 11/01/2023

Originally published by Abnormal Security. Written by Jade Hill. New technologies invite a spectrum of reactions. On the extreme ends are the people who, perhaps naively, think that novel tech will solve all humanity's problems or lead us to our collective doom. But reality is always more nuanced...

Discovering and Blocking a Zero-Day Exploit: The Case of CVE-2023-36874

Blog Published: 10/31/2023

Originally published by CrowdStrike. In July 2023, CrowdStrike discovered an unknown exploit kit leveraging a still-unknown vulnerability affecting the Windows Error Reporting (WER) component. Our team prepared to report this newly discovered vulnerability to Microsoft — only to discover that the...

Unnatural Selection: Why Cybercriminals are Turning to Encryption-less Ransomware

Blog Published: 10/31/2023

Originally published by CXO REvolutionaries. Written by Sam Curry, VP & CISO in Residence, Zscaler. There is a form of decidedly unnatural selection happening online, but it is nevertheless a selective process in an evolutionary sense. It is unnatural because it is online and driven by humans...

Why the Implementation of CIRA is So Important for Incident Response

Blog Published: 10/30/2023

Originally published by Mitiga. Written by Tal Mozes. Incident response for cloud and SaaS (Software as a Service) requires new capabilities. Gartner® has released its recent report entitled “Emerging Tech: Security — Cloud Investigation and Response Automation Offers Transformation Opportunities...

What is the Business Value of Zero Trust?

Blog Published: 10/27/2023

Written by the CSA Zero Trust Working Group.Zero Trust requires an ongoing investment of time, resources, and budget, but in return results in security, technical, and business benefits. This blog will take a look at the many ways Zero Trust delivers business value.Cost Reduction and Optimization...

Three Cloud Security Remediation Mistakes Companies Keep Making (And What to Do About Them)

Blog Published: 10/26/2023

Originally published by Dazz. Written by Eshel Yaron, Software Engineer, Dazz. In the fast-paced world of cloud-delivered software, security remediation is critical to the success of your organization. Investing in tools to detect application vulnerability and infrastructure misconfigurations is ...

Penetration Testing vs. Red Teaming

Blog Published: 10/25/2023

Originally published by Schellman.Penetration testing and red team assessments are often conflated or confused—though they’re both advantageous cybersecurity solutions, there are distinct differences between them that any organization considering either should know. Just to be clear, a penetratio...

Charting the Future of AI in Cybersecurity

Blog Published: 10/24/2023

Upon the conclusion of this year’s SECtember event, CSA put together an AI Think Tank Day in order to bring together interested attendees to discuss the current and future state of AI in relation to cybersecurity. We wanted an event where everyone in attendance would be given an opportunity to he...

The State of Cybersecurity Compliance in 2023 – Part 1

Blog Published: 10/24/2023

Originally published by Coalfire. Written by Adam Shnider, EVP, Compliance Services, Coalfire. Key Takeaways: Costs are rising, and many industries, including retail, financial services, tech, and healthcare, report rising compliance costs. Evolving framework requirements and revisions are inc...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
26
27
28
30
32
33
34
Last »