Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
Cloud Security Threats to Watch Out for in 2023: Predictions and Mitigation Strategies

Blog Published: 06/29/2023

Written by Ashwin Chaudhary, CEO, Accedere. As we move forward into the future, cloud computing is expected to become even more universal. With that comes an increased risk of cyber threats that could compromise sensitive data, systems, and networks. Here are some predictions on some of the most ...

Unmasking SaaS Security: Illuminating Insights from the Adaptive Shield-CSA Survey 2023

Blog Published: 06/28/2023

In the increasingly digitalized world, Software as a Service (SaaS) applications play a pivotal role in businesses of all sizes. As these applications become increasingly important so too does the security. This is the basis for Adaptive Shield and CSA's joint annual survey, providing crucial ins...

Movin’ Out: Identifying Data Exfiltration in MOVEit Transfer Investigations

Blog Published: 06/28/2023

Originally published by CrowdStrike. Summary Points Organizations around the globe continue to experience the fallout of the MOVEit Transfer exploit CVE-2023-34362 CrowdStrike incident responders have identified evidence of mass file exfiltration from the MOVEit application, as a result of the we...

CISA’s Cyber Performance Goals for Better Security

Blog Published: 06/28/2023

Originally published by Orca Security. Written by Doug Hudson. Last year, the Cybersecurity and Infrastructure Security Agency (CISA) released its 2022 Cross-Sector Cybersecurity Performance Goals in order to provide guidance for improving cybersecurity across government and private secto...

Launching a Corporate SaaS Security Program

Blog Published: 06/28/2023

Originally published by Obsidian Security. Written by Kelsey Brazill. As organizations increasingly rely on SaaS applications to conduct business, the importance of a thorough SaaS security program cannot be overstated for protecting the business and its sensitive data. Over 30% of busine...

Strong Winds Behind Financial Service Adoption of Cloud (As Long as We Stay Between the Buoys)

Blog Published: 06/27/2023

This month we released the findings from our research into the current use of cloud services by financial service organizations and the data suggests a growing comfort with leveraging the technology to manage critical workloads. In fact, 98% of respondents said their financial company is using cl...

Overcome Cloud Migration Challenges with Professional Cloud Services

Blog Published: 06/27/2023

Originally published by Sangfor Technologies. Written by Nicholas Tay Chee Seng, CTO, Sangfor Cloud. Cloud Migration Challenges are Showstoppers for Cloud Adoption Cloud computing is a major driver of digital transformation. The global cloud computing market is expected to grow from USD$272 bil...

Should You Implement the NIST Cybersecurity Framework?

Blog Published: 06/27/2023

Originally published by Schellman. Anyone who has ever chosen a workout program likely started with the same goal—to improve their physical health or strength. But in exercise, different people will choose to address different things—some may opt for a comprehensive workout like CrossFit, some ma...

Why You Should Use the Principle of Least Privilege to Secure Serverless Applications

Blog Published: 06/27/2023

Originally published by Contino. Written by Mark Faiers, AWS Practice Lead, Contino. Serverless is a really interesting concept—it allows you to build scalable applications while simultaneously reducing your costs and decreasing your management overheads.During my time at Contino, I've helped a r...

Three Cloud Security Use Cases Best Solved With Cloud Governance

Blog Published: 06/26/2023

Originally published by Secberus. Written by Fausto Lendeborg. Maybe you’re migrating to the cloud and about to hire a System Integrator, maybe you’ve recently merged with another business or company and have no idea what’s actually in your cloud, or maybe you are drowning in false positives with...

Situational Awareness for Detection and Analysis: Go with the Flow

Blog Published: 06/26/2023

Originally published by Netography. Written by Martin Roesch, CEO, Netography. When we look at the threat continuum, the preparation of the assets and infrastructure in a modern network to resist an attack, including discovering, configuring, and hardening, requires major investment in tools and ...

HITRUST CSF Assessments: e1, i1, r2—What’s the Difference?

Blog Published: 06/26/2023

Originally published by BARR Advisory. Written by Kyle Cohlmia. HITRUST CSF is the most widely-adopted cybersecurity framework for healthcare organizations in the U.S. HITRUST CSF provides broad assurance for different risk levels and compliance requirements with greater reliability than other as...

Navigating the Top 10 Challenges in Cloud Identity and Access Management

Blog Published: 06/23/2023

Written by Alon Nachmany, CISM and Shruti Kulkarni, CISA, CRISC, CISSP, CCSK of the CSA IAM Working Group. Introduction Identity and Access Management (IAM) is a critical component of cloud security and one that organizations are finding challenging to implement effectively. The rise of cloud com...

A Catastrophic Cyber Event in the Next Two Years. Are You Ready?

Blog Published: 06/23/2023

Originally published by Avanade. Written by Rajiv Sagar. Over the last few years, cybersecurity has become a board-level imperative. Geopolitical instability, ongoing military conflicts, and a wide-spread economic downturn, have all increased cybersecurity threats, which need to be tackled rapidl...

How to Travel (Cyber) Securely This Summer

Blog Published: 06/23/2023

Originally published by DigiCert. Written by Dean Coclin. As the COVID-19 pandemic subsides and travel restrictions globally have been lifted, global tourism is estimated to rise by 30% in 2023. Seeking business and pleasure abroad, the increase of travelers is likely to also draw an increase of ...

Perspectives on AI: A Conversation with Torq's CTO

Blog Published: 06/22/2023

This interview with Leonid Belkind, Co-Founder & CTO, Torq, is the first in a series of many conversations with experts operating at the nexus of artificial intelligence and cybersecurity. AI seems to be the top boardroom topic today according to my network. Heavily hyped topics often confuse...

Passkeys & Zero Trust

Blog Published: 06/22/2023

Written by Dario Salice of the CSA Zero Trust Identity Pillar Working Group. In this article we’re going to discuss how passkeys, based on the FIDO2 standard in combination with WebAuthn (W3C), will allow for passwordless authentication, what benefits they offer, and their current limitations. Pa...

Six Steps to Prepare Your Application Security Team for a Penetration Test

Blog Published: 06/22/2023

Originally published by Coalfire. Written by Dave Randleman, Field CISO, Penetration Testing, Coalfire. This blog post will show step-by-step how an application security team should prepare for a penetration test. Key takeaways: A common misstep in deploying a penetration test is a lack of prepar...

DSPM: The Missing Piece of the Cloud Data Security Puzzle

Blog Published: 06/22/2023

Originally published by Dig Security. Written by Sharon Farber. As organizations increasingly move their data to public cloud environments, the need for robust data security posture management (DSPM) solutions becomes more apparent. With the rapid growth of the number and size of data assets in t...

SEC Cybersecurity Rules: How To Prepare For The Coming Changes Now

Blog Published: 06/21/2023

Originally published by Code42. Written by Carlos Carpio, Insider Risk Advisor, Code42. Cybersecurity risk management, strategy, governance and incident disclosure are a growing concern for investors and a top priority for the U.S. Securities and Exchange Commission (SEC). In 2022, publicly-trade...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.