Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Human Discretion is Great, Right? Not When it’s the Lifeblood of Social Engineering Attacks

Blog Published: 12/04/2023

Originally published by CXO REvolutionaries. Written by Brett James, CTO in Residence, Zscaler. Fight social engineering attacks with zero trust principlesWhen people talk about zero trust, the first thing that comes to mind is the network, the infrastructure, or the architecture of the enterpris...

Mastering Data Flow: Enhancing Security and Compliance in the Cloud

Blog Published: 12/01/2023

Originally published by Dig Security. Written by Sharon Farber. Many organizations face challenges in determining their data’s precise locations and pathways. Without understanding where data flows, an organization cannot ensure that it remains appropriately secure and compliant throughout its li...

What is Cloud Security: 15 Essential Cloud Security Terms

Blog Published: 12/01/2023

Cloud computing is a model for enabling on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal effort. A cloud can consist of nearly any computing resources, ranging from processors and memory to networks, storage, a...

Microsoft 365 and Azure AD: Addressing Misconfigurations and Access Risks

Blog Published: 11/30/2023

Originally published by Reco.Written by Gal Nakash. In this blog post, we'll explore a real-world use case involving a SaaS Threat Detection module and its revelation of a common threat within Office 365: disabled users retaining access to sensitive company data. Disabled users can continue to ac...

Telehealth and HIPAA Compliance: What You Need to Know Now

Blog Published: 11/30/2023

Originally published by CyberGuard Compliance. In the early days of the COVID-19 pandemic, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued a Notification of Enforcement Discretion which announced that the OCR would would be exercising it enforcement discretion to...

How to Modernize Permissioning with the Cross-Cloud Solution Shaping the Future of IDaaS

Blog Published: 11/30/2023

Originally published by Britive. Businesses rely more today than ever before on cloud-based services and multi-cloud infrastructures to power their operations. Managing identity and access across these diverse environments can be challenging, and that’s where Identity as a Service (IDaaS) comes i...

A People-Centric Approach to Patching the Human Firewall

Blog Published: 11/29/2023

Originally published by CXO REvolutionaries.When an attacker scans your environment for entryways, what’s the most promising vulnerability they will discover?Verizon's 2023 Data Breach Investigations Report found that over 74% of breaches required human exploitation to be successful. That means h...

Not Just Code Vulnerabilities: The Overlooked Cause of Software Supply Chain Attacks

Blog Published: 11/29/2023

Originally published by Astrix. According to Gartner: “Software supply chain attacks have added a new dimension to software security problems because the software delivery pipelines and the tools used to build and deploy software are the new attack vectors.” While the software supply chain has be...

Don’t Fear the Audit—4 Ways to Prepare for SOC 2

Blog Published: 11/28/2023

Originally published by BARR Advisory. Written by Kyle Cohlmia. If you’ve made the commitment to achieve a SOC 2 report, you know the outcome will help differentiate your organization as one who takes the security of your customer data seriously. Even if this isn’t your first SOC 2 engagement, th...

How ISO 42001 “AIMS” to Promote Trustworthy AI

Blog Published: 11/28/2023

Originally published by Schellman.The regulation and responsible use of artificial intelligence (AI) has been a hot topic of 2023, prompting the release of NIST’s AI Risk Management Framework to help organizations secure this emerging tech. More standards are on the way that will address the need...

Artificial Intelligence and Cybersecurity

Blog Published: 11/27/2023

Originally published by CyberGuard Compliance.AI has the potential to greatly enhance cybersecurity capabilities, but it also introduces new concerns and challenges. Here are some of the key AI-related cybersecurity concerns:Adversarial Attacks: Malicious actors can use AI to craft sophisticated ...

5 Tips to Defend Against Access Brokers This Holiday Season

Blog Published: 11/27/2023

Originally published by CrowdStrike. Access brokers are decking the halls with advanced social engineering scams and vulnerability exploits to blend in with normal users and make a quick profit by selling credentials and other access methods.The holiday season brings a shift in how people and bus...

Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications

Blog Published: 11/22/2023

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR. Introduction Retrieval augmented generation (RAG) is an effective technique used by AI engineers to develop large language model (LLM) powered applications. However, the lack of security controls in RAG-based LLM ...

Behind the Curtain with a CCZT Developer: Cybersecurity Expert Omoruyi Osagiede

Blog Published: 11/22/2023

The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The winner of Cyber Defense Magazine’s 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training, the cer...

Optimizing Your Security Posture: Harnessing the Cloud Controls Matrix (CCM) for Comprehensive Framework Mapping

Blog Published: 11/22/2023

IntroductionIn today's complex and rapidly evolving cloud security landscape, cloud organizations are under considerable pressure to comply with numerous international, national, and sector-specific standards. Such proliferation of security standards and compliance requirements has been a dauntin...

UPI is an Indian Success Story. Zero Trust Architecture Can Help Ensure It Stays That Way

Blog Published: 11/21/2023

Originally published by CXO REvolutionaries. Written by Sudip Banerjee, CTO in Residence, Zscaler. If you want to make an Indian beam with national pride, you need only mention the country’s Unified Payments Interface (UPI) success. This homegrown interbank digital payments infrastructure has mad...

Kubernetes Security Companies: 10 Considerations for Business Leaders

Blog Published: 11/21/2023

Originally published by Uptycs. Written by Dan Verton. Kubernetes security may not be part of the everyday interactions of non-technical business leaders, but it directly affects their responsibilities and the organization’s overall health. The security risks associated with Kubernetes environmen...

You’ve Tackled Shadow IT - Now It’s Time to Tackle Shadow DevOps

Blog Published: 11/21/2023

Originally published by Dazz. Written by Noah Simon, Head of Product Marketing, Dazz. For years, companies have been solving Shadow IT - the use of software, hardware, or SaaS services without the knowledge or approval of the IT team. While Shadow IT remains an evolving challenge, IT and Security...

Accelerating Zero Trust Maturity: Strategic Quick Wins

Blog Published: 11/20/2023

Written by Chris Hogan, Vice President, Enterprise Security Architecture and Innovation, Mastercard. In the evolving landscape of cybersecurity, Zero Trust has transformed from a buzzword to become a pivotal framework for modernizing security practices. It’s a structured journey that many organiz...

The Difference Between CSPM and SSPM

Blog Published: 11/20/2023

Originally published by Suridata. Written by Lee Kappon, Co-Founder & CEO, Suridata. Years ago, a marvelous cartoon in The New Yorker featured one bearded college professor yelling at another, “Wait, all this time, I was talking macro and you were talking micro?” This is how conversations unf...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
30
31
32
34
36
37
38
Last »