Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
What to Look for (And Avoid) with Zero Trust Solutions

Blog Published: 10/11/2023

Originally published by CXO REvolutionaries. Written by Sanjit Ganguli, VP & CTO in Residence; Nathan HoweVP, Emerging Technology & 5G; and Daniel Ballmer, Senior Transformation Analyst, Zscaler. Zero trust architecture is part of a transformation journey that involves both technology and...

Moving Past MOVEit

Blog Published: 10/10/2023

Originally published by Coalfire. Written by Priti Patel, Security Consultant, FedRAMP/NIST Advisory and Dr. Stephanie Carter, Principal, FedRAMP Advisory Services. The MOVEit hack resembles successful cyberattacks from the past, leading us to ask if federal agencies and contractors are using all...

Top 5 Cybersecurity Trends in the Era of Generative AI

Blog Published: 10/06/2023

The landscape of cybersecurity is undergoing a seismic shift in the era of Generative AI (GenAI), redefining the frameworks and paradigms that have traditionally been in place. With the increasing deployment of GenAI technologies, we're stepping into an age where security measures need to be as d...

Architecting Cloud Instrumentation

Blog Published: 10/05/2023

Originally published by Sysdig.Written by Daniel Simionato. Architecting cloud instrumentation to secure a complex and diverse enterprise infrastructure is no small feat. Picture this: you have hundreds of virtual machines, some with specialized purposes and tailor-made configurations, thousands ...

The 5 SOC 2 Trust Services Criteria Explained

Blog Published: 10/05/2023

Originally published by BARR Advisory. Written by Christine Falk. So what goes into a SOC 2 report, anyway?There are five trust services criteria (TSC) that can be included in a SOC 2 report: security, availability, confidentiality, processing integrity, and privacy. Amanda Parnigoni, senior cons...

Insider Risk Management and IP Security: If It Were Easy, Everyone Would Be Doing It (Well)

Blog Published: 10/04/2023

Originally published by Code42.Written by Eric Ewald, Insider Risk Lead, Cyber Technology Solutions Group, Booz Allen Hamilton. Current challenges & risksAt this point, we can all admit that Insider Risk Management and IP security programs are difficult for many organizations to operationaliz...

From Compliance to Confidence: SEC’s New Cybersecurity Rules

Blog Published: 10/04/2023

Originally published by BigID. Written by Neil Patel, Director of Product Marketing, BigID. SEC’s New Cybersecurity RegulationThe Securities and Exchange Commission (SEC) has adopted new rules that require companies to disclose material cybersecurity incidents and information about their cybersec...

The Impact of Blockchain on Cloud Security

Blog Published: 10/03/2023

Written by Sayali Paseband, Senior Security Consultant, Verisk. We live in an era where cloud computing has become the backbone of all our business operations. Ensuring the security of data and transactions in the cloud has become more important than ever. Cyberattacks and data breaches are perva...

Protect Data Security When Deploying LLMs

Blog Published: 10/03/2023

Originally published by Dig Security. Written by Sharon Farber. Large language models (LLMs) and generative AI are undoubtedly the biggest tech story of 2023. These technologies, which power OpenAI’s headline-dominating ChatGPT, are now broadly available to be used as building blocks for new soft...

The Booming Demand for Cybersecurity & Cloud Professionals

Blog Published: 10/03/2023

Written by Ashwin Chaudhary, CEO, Accedere.IntroductionIn today's increasingly digital world, where almost every organization is transitioning to the cloud, the demand for cybersecurity and cloud security training has never been greater. With the rapid advancement of technology and the ever-prese...

Connected Third-Party Applications Widen Attack Surface Area

Blog Published: 10/02/2023

Originally published by Abnormal Security. Written by Jade Hill. Inbound email attacks are a mainstay for cybercrooks, but criminals are shifting tactics to exploit third-party applications as a new method for gaining entry into an organization’s email environment. This is getting easier due to t...

Empowering Financial Transformation: The Significance of GRC Solutions for BFSI and vCISOs

Blog Published: 10/02/2023

Written by Anand Srinivasan, AuditCue. In an era marked by rapid digital transformation and evolving cybersecurity threats, the financial sector faces unprecedented challenges. Banks, mortgage institutions, and virtual Chief Information Security Officers (vCISOs) play pivotal roles in safeguardin...

What is Zero Trust Security?

Blog Published: 09/29/2023

Written by the CSA Zero Trust Working Group. Zero Trust, as defined by NIST, is a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromise...

The Cloud Flaw Magnification Effect

Blog Published: 09/29/2023

Originally published by Dazz.Written by Barak Bercovitz, Director of Innovation, Dazz. Cloud Development is Becoming More AutomatedCompanies are developing software in the cloud in a big way. Cloud tools and continuous integration processes help developers write, compile, and test their code, and...

A Mindset Shift for Cloud Security Resilience: Assume Breach

Blog Published: 09/29/2023

Originally published by MitigaWritten by Ariel Parnes. Cloud environments offer tremendous advantages in agility, scalability, and cost efficiency. However, their dynamic nature also introduces new security challenges compared to traditional on-premises IT. To build true resilience for the inevit...

Compliance Options for Healthcare Business Associates (and Why You Need Them)

Blog Published: 09/28/2023

Originally published by Schellman. Service providers—e.g., SaaS, IaaS, PaaS—are currently seeing significant growth in the healthcare vertical, where they’re classified as “business associates” to the healthcare providers, insurers, and clearinghouses that are collectively referred to as “covered...

The Consequences of Expired Payment Info

Blog Published: 09/28/2023

Originally published by TokenEx. Written by Valerie Hare. Ecommerce businesses lose $18 billion in sales revenue every year due to cart abandonment. 30 percent of shoppers will abandon their cart if they have to re-enter their credit card details. Since most credit cards expire after three to fi...

Cloud Controls Matrix (CCM) Now Mapped to OpenCRE, Cloud Security Alliance Announces

Press Release Published: 09/28/2023

Mapping serves to strengthen security landscape by cross-linking CCM to multiple other standards in one repositorySEATTLE – Sept. 28, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a sec...

Reducing IT Complexity with Cloud Options

Blog Published: 09/28/2023

Originally published by Sangfor. Written by Nicholas Tay Chee Seng, CTO, Sangfor Cloud. AbstractToday’s business landscape is constantly changing in response to digital transformation. Against this backdrop, efficient and cost-effective IT infrastructure, namely cloud computing, is critical to gi...

Basic Cyber Hygiene Prevents 98% of Attacks

Blog Published: 09/27/2023

Originally published by Microsoft. In today’s digital age, companies are increasingly reliant on technology and online systems to conduct their business. As a result, meeting the minimum standards for cyber hygiene is essential for protecting against cyber threats, minimizing risk, and ensuring t...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.