Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
The CCSK v5 and Security Guidance v5 are now available!

All Articles

Home
All Articles
Artificial Intelligence (AI) in Risk Assessment and Mitigation

Blog Published: 06/06/2024

Written by Ashwin Chaudhary, CEO, Accedere.The advancement of generative AI technologies like GPT has led to rapid growth in AI adoption worldwide. While companies adopt AI with the intention of being competitive in the market, they often overlook the security risks that come with AI that can aff...

The Risks of Relying on AI: Lessons from Air Canada’s Chatbot Debacle

Blog Published: 06/05/2024

Originally published by Truyo.In the era of artificial intelligence (AI), companies are increasingly relying on automated systems to streamline operations and enhance customer service. However, a recent incident involving Air Canada’s AI-powered chatbot serves as a stark reminder of the risks ass...

CSA Community Spotlight: Advancing Thought Leadership with Cybersecurity Architect Shruti Kulkarni

Blog Published: 06/05/2024

For the last 15 years, CSA has been disseminating expert-led thought leadership to the cybersecurity community at large. Our offerings have included research publications, trainings, blogs, in-person and virtual webinars and events, and many other initiatives based on top-of-mind security concern...

Cloud Security Alliance Announces Implementation Guidelines v2.0 for Cloud Controls Matrix (CCM) in Alignment with Shared Security Responsibility Model

Press Release Published: 06/04/2024

Update strengthens CCM’s position as the cloud security industry’s preferred control frameworkSEATTLE – June 4, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing en...

CSA STAR: Securing the Cloud and Beyond

Blog Published: 06/04/2024

CSA’s Security, Trust, Assurance and Risk (STAR) program is in its 13th year and is one of the offerings we have developed that I am most proud of. I would even go so far as to say we are the gold standard for cloud provider assurance, as our public registry contains listings for over 2,500 cloud...

3 Ways AI Can Streamline Your Regulatory Compliance

Blog Published: 06/04/2024

Originally published by RegScale.In an era where regulatory changes are fast and frequent, organizations have a difficult time keeping up. They fall behind on compliance and jeopardize passing their audits or inspections. To avoid falling behind even further, organizations need to speed up the co...

Cloud Security Alliance Survey Finds 70% of Organizations Have Established Dedicated SaaS Security Teams

Press Release Published: 06/04/2024

Despite economic uncertainty, organizations are prioritizing SaaS security investmentGartner Security and Risk Management Summit, National Harbor, Maryland – June 4, 2024 – Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, d...

Unmasking Vendor Fraud: Detecting Suspicious Activity in Email Communications

Blog Published: 06/04/2024

Originally published by Abnormal Security. Written by Jake Shulman. Not all email attacks involve the use of malicious links, malware, or attachments. Increasingly, attackers rely on social engineering tactics to exploit unsuspecting employees. One of the highest value and most pernicious forms o...

Why a Serverless Architecture Improves the Security of Cloud-Native Applications

Blog Published: 06/03/2024

Originally published by Tenable. Cloud-native architecture has revolutionized developer practices, decentralizing components from monolithic server setups into easily consumable services. Consequently, organizations have migrated to the cloud at an accelerated pace, decreasing development time, ...

Cloud Threats Deploying Crypto CDN

Blog Published: 06/03/2024

Originally published by Sysdig.Written by Stefano Chierici.The Sysdig Threat Research Team (TRT) discovered a malicious campaign using the blockchain-based Meson service to reap rewards ahead of the crypto token unlock happening around March 15th. Within minutes, the attacker attempted to create ...

Decommissioning Orphaned and Stale Non Human Identities

Blog Published: 06/03/2024

Originally published by Oasis Security.Written by Yonit Glozshtein, Director of Product Management, Oasis Security.Unmanaged non-human identities (NHIs) pose a significant security risk in today's digital landscape. NHIs often operate outside traditional IT security reviews, making them vulnerabl...

Learn How to Navigate Ransomware Attacks in a Digital World

Blog Published: 05/31/2024

Written by LRQA.In an increasingly digital world, ransomware attacks have become a prevalent threat, disrupting businesses and causing significant financial losses. The increasing volume and impact of ransomware attacks - which encrypt victims’ computer files until they pay a fee - poses a signi...

What is Agile Compliance? | Continuous Monitoring for Enhanced Risk Reduction

Blog Published: 05/31/2024

The CSA Security Update podcast is hosted by John DiMaria, Director of Operations Excellence at CSA. The podcast explores the CSA STAR program, cloud security best practices, and associated technologies. In this blog series, we edit key podcast episodes into shorter Q&As. Today’s post feature...

What are the ISO 9001 Requirements?

Blog Published: 05/31/2024

Originally published by Schellman. When seeking ISO 9001 certification, part of that road to compliance will be aligning your required quality management system (QMS) with the key clauses (4-10) within the standard, each of which focuses on a specific facet of that management system—context, lead...

The Path to SOC 2 Compliance for Startups

Blog Published: 05/30/2024

I've worked for some notable early-stage startup companies that sought to do business with Fortune 500 companies. I clearly remember the challenges of demonstrating how you can protect their customer data. SOC 2 compliance for startups can be a massive undertaking.When you have a compelling solut...

Level Up Your Security Strategy with Cyber Resilience

Blog Published: 05/30/2024

Originally published by BARR Advisory.Even with strong cybersecurity programs in place, companies can still become victims of a security breach. While it may seem unfair or frustrating, especially if you’ve spent time, money, and energy working to reduce your risk, unfortunately it’s impossible t...

Mastering Least Privilege: Cutting Unused Access

Blog Published: 05/30/2024

Written by StrongDM.It’s an irrefutable fact: You can't defend your total attack surface without visibility into privileged access. The Principle of Least Privilege emphasizes that individuals within your environment should only have the necessary access and permissions essential for their roles....

The Shift to SDP: A Business Imperative for Enhanced Cybersecurity

Blog Published: 05/29/2024

Written by Cetark.A revolution is underway in cybersecurity. As businesses grapple with an escalating wave of cyber threats and the realities of a mobile workforce, the traditional cybersecurity infrastructure, epitomized by Virtual Private Networks (VPNs), is scrutinized. The emerging paradigm? ...

How Cybersecurity and AI Will Influence Global Elections in 2024

Blog Published: 05/29/2024

Originally published by CXO REvolutionaries.Written by Rob Sloan, VP, Cybersecurity Advocacy, Zscaler.2024 is a big year for elections. Dozens of parliamentary and presidential elections take place, including in the United States, the United Kingdom, India, Brazil, Indonesia, and Mexico, and the ...

Cloud Security Assessment Fundamentals in 2024

Blog Published: 05/29/2024

Written by David Balaban.The indisputable benefits of cloud computing for organizations are the tip of the iceberg. Beneath it lies an oft-overlooked multitude of unique threats and vulnerabilities that might erode the environment unless kept in check. The challenges run the gamut from cloud spra...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
1
2
3
5
7
8
9
Last »