Cloud 101CircleEventsBlog
Join CSA's Virtual FinCloud Security Summit to explore cloud security solutions, emerging fintech trends, and best practices for secure, compliant financial services.

All Articles

All Articles
AI-Enhanced Penetration Testing: Redefining Red Team Operations

Blog Published: 12/06/2024

Written by Umang Mehta, Global Delivery Head and Member of the CSA Bangalore Chapter. In the ever-evolving world of cybersecurity, penetration testing has long been a cornerstone for identifying vulnerabilities and assessing the resilience of systems. Traditional penetration testing involves simu...

Systems Analysis for Zero Trust: Understand How Your System Operates

Blog Published: 12/05/2024

If you’re excited about building a Zero Trust architecture for your organization, we understand! Zero Trust is pretty much the ultimate security strategy. However, before diving headfirst into building out your architecture, you need to perform a comprehensive systems analysis.This analysis shoul...

Cyber Essentials Certification Cost and Related Expenses: A Detailed Breakdown

Blog Published: 12/05/2024

Originally published by Vanta.The Cyber Essentials assurance scheme is one of the best accreditations you can obtain for improving your organization's cybersecurity posture and reducing the risk of cyberattacks. It offers a robust set of controls you can implement to fortify the security of your ...

Evolutionary vs. Revolutionary Growth: Striking a Balance at Sunbelt Rentals

Blog Published: 12/05/2024

Originally published by CXO REvolutionaries.Written by JP Saini, CTO, Sunbelt Rentals, Inc.Every enterprise knows the importance of extending seamless connectivity to customers and employees without compromising security. The objectives seem – and sometimes are – at odds with one another. Best pr...

Upcoming CPPA Meeting and Proposed Data Broker Rulemaking Made Public

Blog Published: 12/04/2024

Originally published by Truyo. Written by Dan Clarke, President, Truyo. The California Privacy Protection Agency (CPPA) remains actively engaged, not only in the prominent new rulemaking on automated decision-making but also in the ongoing refinement of existing policies. The CPPA will host a vir...

Lifecycle Management in SaaS Security: Navigating the Challenges and Risks

Blog Published: 12/04/2024

Originally published by Valence Security.Written by Jason Silberman.The rapid rise of Software-as-a-Service (SaaS) has transformed business operations, offering unprecedented flexibility and scalability. However, this shift brings its own set of security challenges, particularly when it comes to ...

Phishing Attacks on State and Local Governments Surge 360%

Blog Published: 12/04/2024

Originally published by Abnormal Security.Written by Mike Britton.A successful email attack on a private organization can undoubtedly have costly consequences. But a single successful attack on a government agency can be absolutely devastating—putting public utilities, emergency services, and eve...

What 2024’s SaaS Breaches Mean for 2025 Cybersecurity

Blog Published: 12/03/2024

Originally published by AppOmni.Written by Julia Benson, Technical Content Marketing Manager, AppOmni.In 2024, we witnessed a significant evolution in SaaS-based TTPs, which enabled bad actors to bypass traditional entry points, exploit SaaS misconfigurations and identity systems, and compromise ...

Legacy MFT Solutions Might Not Look Broken, But They Are

Blog Published: 12/03/2024

Originally published by Axway.Written by Shari Lava, Senior Director, AI and Automation at IDC.Introduction by Emmanuel Verge, Senior Product & Solutions Marketing Director at Axway.IntroductionAxway is happy to contribute to the discussion within the CSA community about new emerging trends w...

Top Threat #6 - Code Confusion: The Quest for Secure Software Development

Blog Published: 12/02/2024

Written by CSA’s Top Threats Working Group.In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whethe...

Defining Identities, Accounts, and the Challenge of Privilege Sprawl

Blog Published: 12/02/2024

Originally published by Britive.Identity and access management (IAM) has always been crucial for maintaining security within organizations. Traditionally, IAM and other identity-focused solutions prioritize managing these identities and permissions within on-premises environments.However, the rap...

Readiness Assessments: A Crucial Part of Your SOC Engagement

Blog Published: 12/02/2024

Originally published by BARR Advisory.In the world of data security, a readiness assessment is your organization’s first step toward completing a successful SOC engagement. Readiness assessments test the controls that will be examined during your audit, which will provide recommendations for any ...

CSA Community Spotlight: Creating Globally-Recognized Cybersecurity Assessments with Willy Fabritius

Blog Published: 11/27/2024

Celebrating 15 years of innovation, the Cloud Security Alliance (CSA) has established itself as the premier organization shaping the future of cloud security through the development of transformative security frameworks. Since the release of our inaugural Security Guidance for Critical Areas of F...

AI in Cybersecurity - The Double-Edged Sword

Blog Published: 11/27/2024

Written by Jithu Joseph, Information Security Analyst and Member of the CSA Bangalore Chapter.Artificial Intelligence (AI) is revolutionizing cybersecurity, providing tools and techniques that can detect, prevent, and respond to cyber threats with unimaginable speed and precision. While AI empowe...

A Wednesday in the Life of a Threat Hunter

Blog Published: 11/27/2024

Written by Chandra Rajagopalan, Principal Software Engineer, Netskope. Imagine you have a role in making sure your enterprise is secure and on a typical Wednesday, you suddenly suspect that something is amiss or you come to know of a new threat intelligence about a specific technique or tool o...

Bringing the Security vs. Usability Pendulum to a Stop

Blog Published: 11/26/2024

Originally published by CXO REvolutionaries.Written by Jay Patty, CTO in Residence, Zscaler.Like death and taxes, the tradeoff between robust security and a seamless user experience has long been a challenge for organizations across industries. On the one side, stringent security measures are cri...

Cyber Essentials vs. Cyber Essentials Plus: Key Differences

Blog Published: 11/26/2024

Originally published by Vanta.If you wish to fortify your organization’s cybersecurity posture, obtaining a Cyber Essentials certification is a good idea. It enables IT managers to be more aware of the cybersecurity risks in their environment and take actionable steps to mitigate them. Before you...

What Can We Learn from Recent Cloud Security Breaches?

Blog Published: 11/26/2024

Originally published by Skyhawk Security.Over the past year there have been several prominent cyber incidents involving the cloud. These incidents have illustrated the dependency of organizations on the cloud, the vulnerability of the cloud, and the motivation of attackers to utilize this to thei...

How the Alert Readiness Framework Supports Augmented Cybersecurity

Blog Published: 11/25/2024

Originally published by Devoteam.Traditional cybersecurity models that focus solely on prevention are no longer enough. Gartner’s “Augmented Cybersecurity“ whitepaper highlights the urgent need for organisations to adopt a more balanced approach—one that prioritises response and recovery as well ...

What Are the ISO 42001 Requirements?

Blog Published: 11/25/2024

Originally published by Schellman. Written by Megan Sajewski. When seeking ISO 42001:2023 certification, you must ensure that your artificial intelligence management system (AIMS) aligns with the standard’s key clauses (4-10), each of which focuses on a specific facet—context, leadership, planni...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.