Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
How Malicious Insiders Use Known Vulnerabilities Against Their Organizations

Blog Published: 01/11/2024

Originally published by CrowdStrike. Between January 2021 and April 2023, CrowdStrike identified multiple incidents in which an internal user either exploited or sought to exploit a known vulnerability, or deploy offensive security tooling against their enterprise environment.Approximately 55% of...

Data Privacy Dilemmas Highlight Need for Comprehensive DLP

Blog Published: 01/10/2024

Originally published by CXO REvolutionaries. Written by Daniel Ballmer, Senior Transformation Analyst, Zscaler. Imagine you place an order for food delivery and shortly after it arrives you receive a text message. The delivery driver is asking you out on a date. This experience is a reality for 3...

Uncovering Hybrid Cloud Attacks Through Intelligence-Driven Incident Response: Part 1– Addressing the Speed of Cloud Attacks

Blog Published: 01/10/2024

Originally published by Gem Security. Written by Yotam Meitar. The rapid global migration to cloud environments has created unparalleled opportunities for scaling up IT operations, along with an increasingly high volume of sophisticated cyberattacks. Effectively responding to these attacks can be...

OAuth Token: What It Is, How It Works, and Its Vulnerabilities

Blog Published: 01/09/2024

Originally published by AppOmni. Written by Tamara Bailey, Content Marketing Specialist, AppOmni. Previous security breaches at Heroku and GitHub serve as stark reminders that OAuth token theft and inactive, overly permissive SaaS-to-SaaS connections represent significant security risks to any or...

NIST SP 800-171 R3: An Overview of the Changes

Blog Published: 01/09/2024

Originally published by Schellman. In the latest revision of documents pertinent to the ongoing CMMC countdown, NIST SP 800-171 R3 has been released. Though there were only a handful of changes in this new version, there were some significant ones regarding the assessment practices and their pres...

Gain Business Support for Your Zero Trust Initiative

Blog Published: 01/08/2024

Written by Alex Sharpe and Jason Garbis of the CSA Zero Trust Working Group.Zero Trust is a major industry trend that is being adopted and promoted by security teams within many organizations around the globe, and for good reason. Zero Trust mitigates cyber risk, allowing the business to create n...

Resilient Container Security: How Container Security Benefits Cybersecurity and DevOps

Blog Published: 01/08/2024

Written by Christina DePinto, Product Marketing Manager, Tenable Cloud Security. Securing containers across the entire software development life cycle is a huge win for cybersecurity teams and DevOps. Why? These two traditionally siloed entities can now congregate around a strategic approach to ...

Practical Ways to Combat Generative AI Security Risks

Blog Published: 01/05/2024

Originally published by Astrix.Written by Idan Gour. As many have come to realize in the cyber world, all that glitters is not gold. Generative AI, and its ability to automate work processes and boost productivity, is increasingly being used across all business environments. While it’s easy to ge...

5 Simple Ways Innovative Tech Decision-Makers Can Streamline DevOps Security

Blog Published: 01/05/2024

Originally published by Britive.DevOps has emerged in the last few years as the ultimate game-changer, driving agility and efficiency across the software development lifecycle. However, the fast-paced nature of DevOps can leave security teams struggling to keep up. Enter DevOps security, the vita...

Enhancing Access Control by Combining IGA and PAM

Blog Published: 01/05/2024

Written by Alex Vakulov. Some companies adopt IGA (Identity Governance & Administration) systems to protect against cyber threats by controlling user access. Others focus on PAM (Privileged Access Management) to secure accounts with extended rights. What would happen if these technologies wer...

Defensive AI, Deepfakes, and the Rise of AGI: Cybersecurity Predictions and What to Expect in 2024

Blog Published: 01/04/2024

Originally published by Abnormal Security on November 30, 2023. Written by Jade Hill. There is no denying that AI has been the buzzword of 2023, as this year professionals and cybercriminals alike discovered how to use it to their advantage. And as we look into the new year, that is not likely to...

Assistive vs Automatic Remediation: What to Consider

Blog Published: 01/04/2024

Originally published by Dazz. Written by Noah Simon, Head of Product Marketing, Dazz. Without any doubt, automation is growing in importance for security teams. No matter the size and resources - every company is grappling with the fact that attacks now happen in hours, but it takes most organiza...

Revolutionizing Enterprise Security Management with AIOps

Blog Published: 01/03/2024

Originally published by HCLTech. Written by Prashant Mishra, Sr Solutions Architect, Global Alliances, Palo Alto Networks and Amit Raj, Associate General Manager, Cybersecurity, HCLTech. In today’s rapidly evolving digital landscape, the complexity of managing enterprise security is a constant ch...

The Top 5 Third-Party Integration Risks

Blog Published: 01/03/2024

Originally published by Suridata. Written by Haviv Ohayon, Co-Founder & COO, Suridata. Businesses are embracing Software-as-a-Service (SaaS) applications with growing enthusiasm. The market for SaaS software has doubled over the last five years, from $85 billion in 2018 to $171 billion in 202...

How Do I Communicate My New SOC 2 Report? SOC 2 Certified?

Blog Published: 01/03/2024

Originally published by MJD. Written by Mike DeKock, CPA, Founder & CEO, MJD. Q: How do I communicate my new SOC 2® Report? SOC 2 Certified?A: MJD AnswerWe highly recommend you do not use the phrase “SOC 2 Certified”. Yes, you see it everywhere, and your competitors are celebrating their ce...

Scarleteel 2.0 and the MITRE ATT&CK Framework

Blog Published: 01/02/2024

Originally published by Sysdig. Written by Nigel Douglas. In this blog post, we will take a comprehensive dive into a real-world cyber attack that reverberated across the digital realm – SCARLETEEL. Through an in-depth analysis of this notorious incident using the MITRE ATT&CK framework, we a...

New SEC Rules Push Cybersecurity to the Top of the Inbox

Blog Published: 01/02/2024

Originally published by Synack on September 11, 2023. Written by Stephen Soper. If you had the U.S. Securities and Exchange Commission on your bingo card for shaking up the cybersecurity sector this year, congratulations! Through its new cybersecurity disclosure requirements, which took effect Tu...

2024: A Critical Year for the Cloud Security Teenager

Blog Published: 12/29/2023

2024 marks the 15th anniversary of the Cloud Security Alliance. We have seen so many changes in our world, shifts in the tech scene, and several cloud security ventures come and go during that time. In a world that is so dynamic, corporations don’t have the same longevity they once had, but as a ...

WinRAR CVE-2023-38831 Vulnerability Draws Attention from APTs

Blog Published: 12/28/2023

Originally published by Uptycs. Written by Shilpesh Trivedi and Nisarga C M. In April 2023, the cybersecurity community faced a significant challenge with the discovery of CVE-2023-38831, a vulnerability affecting versions of WinRAR prior to 6.23. This security flaw has become a critical concern ...

Securing Cloud Infrastructure: Cloud Security Training Bundle

Blog Published: 12/27/2023

Whether you're a seasoned IT professional or just embarking on your cloud journey, continuous education is the key to staying on top of the latest security advancements. CSA’s Cloud Infrastructure Security Training Bundle serves as a reliable guide in your cloud security journey. Instead of bomba...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.