Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
Applying the AIS Domain of the CCM to Generative AI

Blog Published: 12/22/2023

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR. 1. Introduction The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing that's developed by the Cloud Security Alliance (CSA). It's designed to provide organizations with the necessary...

2024 SaaS Security Predictions: A Look at the SaaS Threat Landscape in the Year Ahead

Blog Published: 12/22/2023

Originally published by AppOmni. Written by Beverly Nevalga. Breaches of consumer health, credit data, and military systems were among the most devastating in 2023 – evidence that no SaaS applications are immune from being compromised. To find out what next year holds, we asked 5 cybersecur...

Resilient Container Security: How to Achieve it in Three Steps

Blog Published: 12/22/2023

Written by Christina DePinto, Product Marketing Manager, Tenable Cloud Security. As your organization grows its cloud adoption, chances are its use of containers is rapidly increasing, too, and with it the need to secure your container infrastructure. But how do you properly and effectively prot...

How to Build a Third-Party Risk Management Strategy

Blog Published: 12/21/2023

Originally published by BARR Advisory. Written by Brett Davis. Today’s modern enterprise is often fragmented, with businesses relying extensively on third-party vendors and partners. While these relationships are critical for the success of organizations of all sizes, the management of associated...

Securing CI/CD Pipelines: Why a Comprehensive Approach is Needed

Blog Published: 12/21/2023

Originally published by Dazz. Written by Noah Simon, Head of Product Marketing, Dazz. Continuous Integration and Continuous Deployment (CI/CD) pipelines have become the backbone of modern software development, enabling teams to deliver code faster and more reliably. However, in the rush to accele...

Traditional Privileged Access Management is Antiquated; Modernize with the 5 Advantages of JIT

Blog Published: 12/21/2023

Originally published by Britive.Forward-thinking DevSecOps professionals know that when it comes to privileged access, innovation and adaptability are the name of the game. Privileged Access Management (PAM) solutions have long served as the guardians of critical systems and data, essential for c...

The 2023 OMB Draft Memorandum on FedRAMP Explained: The Road to Modernization

Blog Published: 12/20/2023

Originally published by Schellman. On October 27, 2023, the Office of Management and Budget (OMB) released a draft memorandum titled Modernizing the Federal Risk Authorization Management Program (FedRAMP). Savvy readers may have noticed the parallelism of the 2011 and 2023 FedRAMP memorandums to ...

5 Security Risks of Collaboration Tools

Blog Published: 12/20/2023

Originally published by Abnormal Security. Written by Mick Britton. Today’s business tech ecosystems are rapidly evolving. Many employees take advantage of remote work, SaaS environments continue to expand, and collaboration tools increase in popularity. Common examples of these tools include Sla...

The Difference Between Securing Custom-Developed vs. Commercial Off-the-Shelf Software

Blog Published: 12/20/2023

Originally published by CrowdStrike. Modern applications are designed to process, use and store vast amounts of sensitive data. As adversaries seek to infiltrate these applications, IT and security teams must ensure the software they use has the strongest possible security. The first step to impl...

What Controls are Required for SOC 2 Reports?

Blog Published: 12/19/2023

Originally published by MJD.Written by Mike DeKock, CPA, Founder & CEO, MJD.Q: What controls are required for SOC 2®?A: MJD AnswerThere is nuance to this question, and other well-meaning and very smart people that I respect might give a different answer. But within the volumes of literature...

Identifying SaaS App Risks

Blog Published: 12/19/2023

Originally published by Suridata. Written by Haviv Ohayon. SaaS vendors tend not to enforce strong security settings by default. Rather, they leave the details up to the client’s discretion. They do this mostly to reduce their responsibility for security. They also want to make their services les...

When a Breach Isn't All Bad: Making the Most of Adverse Cyber Circumstances

Blog Published: 12/19/2023

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler.Would you do business with a company that’s recently been in the headlines for a data breach? I would. Let me tell you why.High-profile incidents are one of the most surefire ways to get companies to tak...

What’s Logs Got to Do With It?

Blog Published: 12/18/2023

Leveraging the cross-cutting capability of visibility and analytics for Zero Trust implementationWritten by Shruti Kulkarni, Cyber Security Architect at 6point6. Visibility and analytics is a cross-cutting capability for Zero Trust. In simple terms, visibility is achieved based on logging and mon...

Behind the Curtain with a CCZT Developer: Director Zenith Law

Blog Published: 12/18/2023

The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The winner of Cyber Defense Magazine’s 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training, the cer...

eBPF Offensive Capabilities – Get Ready for Next-Gen Malware

Blog Published: 12/18/2023

Originally published by Sysdig. Written by Daniele Linguaglossa. It’s not a mystery that eBPF (Extended Berkeley Packet Filter) is a powerful technology, and given its nature, it can be used for good and bad purposes. In this article, we will explore some of the offensive capabilities that eBPF...

Unraveling CVE-2023-46214: A Deep Dive into Splunk RCE Vulnerability

Blog Published: 12/15/2023

Originally published by Uptycs. Written by Siddartha Malladi. Cybersecurity experts have uncovered a critical Remote Code Execution (RCE) vulnerability in Splunk, the data analytics platform that forms the backbone of many corporate IT infrastructures. Identified as CVE-2023-46214, this flaw coul...

Comments on Draft NIST Special Publication 800-92r1 “Cybersecurity Log Management Planning Guide”

Blog Published: 12/15/2023

Originally published by Gigamon. Written by Orlie Yaniv, Ian Farquhar, and Josh Perry. Editor’s note: the mechanisms by which organizations derive observability and visibility generally fall under the title of telemetry, and the most prevalent form of telemetry is logging. As we see increased thr...

AI: Both a Help and a Hindrance for the Public Sector

Blog Published: 12/15/2023

Originally published by Synack on October 27, 2023. Written by Luke Luckett. Last week, we hosted the Synack Security Symposium in Washington, D.C. In an open forum, Wade Lance, Synack’s Global Field CISO, facilitated a lively discussion on cybersecurity in the age of AI. Several themes c...

An Update on EU Cybersecurity: NIS2, EU Cybersecurity Schemes, and the Cyber Resilience Act

Blog Published: 12/14/2023

Originally published by Schellman.The European Union (EU) has made significant strides lately in shaping cybersecurity regulation—new developments include those related to the NIS2 Directive, the EU Cybersecurity Act, the EU Cloud Services Cybersecurity Scheme (EUCS), and the EU Cyber Resilience ...

How to Integrate CSA STAR Level 2 Into Your Compliance Strategy

Blog Published: 12/14/2023

Originally published by BARR Advisory. Written by Kyle Cohlmia. According to the Cloud Security Alliance (CSA), the Security, Trust, Assurance, and Risk (STAR) program encompasses “key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Mat...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.