Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Strengthening Cloud Security: Mapping the Cloud Controls Matrix (CCM) 4.0 to PCI DSS 4.0

Blog Published: 09/19/2023

Written by Sully Perella, Dan Stocker, and Kerry Steele. Assessing the security of a cloud service provider can be a challenge. That's why the Cloud Security Alliance (CSA) is excited to announce the release of the latest mapping of the Cloud Controls Matrix (CCM) version 4.0 to the latest versio...

Data Security Platforms: 9 Key Capabilities and Evaluation Criteria

Blog Published: 09/19/2023

Originally published by Dig Security. Written by Yotam Ben Ezra. What makes a cloud data security platform?Recent years have seen a flurry of new technologies and vendors - first in CSPM, then DSPM. Dozens of products have emerged, in addition to existing DLP vendors releasing cloud features and ...

Cloud Security Alliance Maps Cloud Controls Matrix (CCM) to Payment Card Industry Data Security Standard (PCI DSS) v4.0

Press Release Published: 09/19/2023

Mapping highlights areas of congruence and misalignment between CCM and PCI DSS standards, making it easier for payment processing services to mitigate riskBELLEVUE, WA – SECtember – Sept. 19, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standar...

IoT Security and the Infinite Game

Blog Published: 09/19/2023

Originally published by CXO REvolutionaries. Written by Sam Curry, VP & CISO in Residence, Zscaler. A finite game, like a football game or a single game of chess, has a termination or metaphorical finish line where we can declare a winner or loser. An infinite game, however, is one where ther...

SOC 2 and ISO Certifications vs CSA STAR

Blog Published: 09/18/2023

I already have a SOC 2 Type 2 and ISO/IEC 27001 certification. Why would I want to upgrade to STAR?First, let’s set the stage with a discussion on scope and focus:STAR: The STAR certification is specifically designed for CSPs and assesses the security controls and practices related to cloud servi...

Digital Trust for Connected Medical Devices

Blog Published: 09/18/2023

Originally published by DigiCert. Written by Robyn Weisman. Connected medical devices, also known as IoMT (Internet of Medical Things), can dramatically improve patient health while minimizing the potential for harm. Infusion pumps illustrate this in a stark fashion. In 2010, Reuters reported mor...

Exploring the Intersection of IAM and Generative AI in the Cloud

Blog Published: 09/15/2023

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR. As generative AI (GenAI) becomes more prevalent, new challenges are emerging around identity and access management (IAM) within cloud environments. In this post, we explore the intersection of IAM and GenAI, how IAM en...

Reshaping Security Landscapes: The Essence of Cyber Transformation

Blog Published: 09/15/2023

Written by S Sreekumar, Vice President and Global Practice Head, Infra & Cloud Security, Cybersecurity & GRC Services, HCLTech and Andy Carelli, Senior Director, Ecosystems, GSI Solutions Management, Palo Alto Networks.Reshaping Security Landscapes: The Essence of Cyber TransformationTran...

How to Choose a Tokenization Solution

Blog Published: 09/14/2023

Originally published by TokenEx. Delivering payments security, compliance, and risk reduction via tokenizationThe power of tokenization continues to evolve—but not all approaches are equal.If you’re reading this, you’re likely researching solutions for your organization’s risk, PCI compliance, or...

Understanding the Shared Responsibility Model for Cloud Security: How To Avoid Coverage Gaps and Confusion

Blog Published: 09/14/2023

Originally published by Tenable. Written by Tom Croll, Advisor at Lionfish Tech Advisors. Cloud security’s shared responsibility model (SRM) concept is key for cloud adoption, yet it’s very confusing. In this post, you’ll learn how to use this model, what its limitations are and how to improv...

Ensuring Cloud Compliance Excellence with ISO Standards and CSA STAR

Blog Published: 09/14/2023

Originally published by MSECB. Written by Varun Prasad. Introduction Almost two decades since the advent of public cloud services, cloud computing continues to be a foundational building block that drives enterprise digital transformations and accelerates the delivery of new features to users. Ac...

How Great CISOs Make SaaS Security a Priority for Business Leaders

Blog Published: 09/13/2023

Originally published by AppOmni. Written by Harold Byun, Chief Product Officer, AppOmni. CISOs and security leaders have wrestled with SaaS security program and policy adoption for decades. This perennial topic resurfaced in a recent podcast episode I participated in, where I shared how CISOs can...

5 Reasons Why Just-in-Time Cloud Access is Pioneering the Future of CIEM

Blog Published: 09/13/2023

Originally published by BritiveAs the digital landscape evolves, businesses face unprecedented challenges in securing sensitive data and critical resources stored within their cloud environments. The rise of cloud infrastructure and the proliferation of remote work has significantly expanded the ...

Maximizing Effectiveness with Incident Response Platforms

Blog Published: 09/13/2023

Written by Alex Vakulov. Over recent years, there has been an escalating number of cyber incidents, with the complexity of these attacks also on the rise. This growing menace has prompted both governments and businesses to place greater emphasis on bolstering their information security. In lig...

Strategic IoT Security Considerations for CISOs and the C-Suite

Blog Published: 09/13/2023

An Evolution of Enterprise Infrastructure Cloud computing has evolved beyond enhancing traditional IT frameworks, positioning organizations at the forefront of innovation and expansion within the enterprise ecosystem. For today's C-suite, the integration and management of the vast realm of Intern...

5 Things You Need to Look for in CSPM

Blog Published: 09/12/2023

Written by Lena Fuks, Product Marketing Manager, Aqua Security. In a world increasingly reliant on cloud services, the protection of cloud environments is more critical than ever before. However, as these environments grow in complexity, and the risk of misconfiguration grows exponentially, s...

Intelligent Augmentation: The Future of Human-AI Collaboration

Blog Published: 09/12/2023

Originally published by CXO REvolutionaries. Written by Greg Simpson, Former Chief Technology Officer, Synchrony. With the hype around large language models (LLMs) like Chat-GPT, knowing what a business should do can take time. Here’s my take on what every business needs to do regarding artificia...

What is SOC 2?

Blog Published: 09/12/2023

Originally published by CyberGuard Compliance. Written by Tim Roncevich. Protecting against data breaches and maintaining compliance require constant vigilance and consistent analysis.A SOC 2 report can help your organization protect and comply by confirming that you handle customer data properly...

Health3PT and HITRUST Solutions for Healthcare Risk Management

Blog Published: 09/08/2023

Originally published by BARR Advisory. A recently released survey conducted by Health3PT confirms 72% of vendors believe today’s third-party risk management practices are not effective. Health3PT and HITRUST Assurance Program have partnered together to provide capabilities and efficiencies to sol...

Behind the Eight-Ball: Why Companies Struggle with Penetration Risk

Blog Published: 09/08/2023

Originally published by Coalfire. Written by Adam Kerns, Managing Principal, Commercial Services: Product Development, Coalfire. Key takeaways:Cloud migration has exposed organizations to new risks such as misconfiguration, injection and encryption issues.To stay ahead of cybercrime in the new er...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
36
37
38
40
42
43
44
Last »