Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Help shape the future of cloud security! Take our quick survey on SaaS Security and AI.

All Articles

Home
All Articles
How to Avoid a Costly Data Breach in AWS with Automated Privileges

Blog Published: 03/31/2023

Originally published by Britive. An AWS data breach can have significant consequences, damaging an organization’s reputation and triggering an unpredictable and costly chain of events. Although AWS offers a highly secure cloud infrastructure, it operates on a shared responsibility model. For most...

The Big Guide to Data Security Posture Management (DSPM)

Blog Published: 03/31/2023

Originally published by Dig Security. Written by Sharon Farber. DSPM is a crucial piece of your cloud security puzzle. Learn what it is, why it matters, and how to choose the best solution to protect your sensitive data while growing your business. What is DSPM? Data security posture management (...

Understanding Identity and Access Management (IAM) and Authorization Management

Blog Published: 03/30/2023

Written by Alon Nachmany and Shruti Kulkarni of the CSA IAM Working Group. Introduction Identity and Access Management (IAM) is a crucial aspect of cybersecurity that ensures that only authorized individuals have access to sensitive information and resources. Within IAM, authorization management ...

Compliance in Italy: Navigating the New Cloud Italy Strategy

Blog Published: 03/30/2023

Originally published by Schellman. As the world becomes increasingly digital, governments around the world are taking measures to ensure the safety and security of their citizens' data. One such example is the recent Cloud Italy Strategy, initiated by the Italian Agency for National Cybersecurity...

Assessing The Maturity of Your SaaS Security Program

Blog Published: 03/30/2023

Originally published by Grip Security. Written by Lior Yaari, CEO, Grip Security. Buying something as a service has clear benefits over the traditional method of purchasing software that are undeniable: no setup, lower costs, faster ROI, scalability, fast upgrades and universal accessibility. Pur...

News of Note: Building Bridges for Business and Beyond

Blog Published: 03/29/2023

One of my CISO friends and I met recently to catch up and discuss the current cybersecurity challenges and priorities at the organization he moved to six to eight months ago. His company is fully embracing cloud services and trying to wed these with some existing on-prem operations. However, they...

Focusing on Endpoints Distracts from Effective Security

Blog Published: 03/29/2023

Originally published by CXO Revolutionaries. Written by Gary Parker, Field CTO - AMS, Zscaler. Endpoint security is a pivotal aspect of cybersecurity, but should it be a primary focus for CISOs? During the early days of networking (and through the early 2010s), focusing security efforts on endpoi...

EmojiDeploy: Smile! Your Azure Web Service Just Got RCE’d ._.

Blog Published: 03/29/2023

Originally published by Ermetic. Written by Liv Matan. The EmojiDeploy vulnerability is achieved through CSRF (Cross-site request forgery) on the ubiquitous SCM service Kudu. By abusing the vulnerability, attackers can deploy malicious zip files containing a payload to the victim's Azure applicat...

MITRE ATT&CK® Mitigations: Thwarting Cloud Threats With Preventative Policies and Controls

Blog Published: 03/28/2023

Originally published by Rapid7. Written by James Alaniz. As IT infrastructure has become more and more sophisticated, so too have the techniques and tactics used by bad actors to gain access to your environment and sensitive information. That’s why it's essential to implement robust security meas...

Survey Says: Leaders are Doubling Down on Cloud for Stability and Financial Resilience

Blog Published: 03/28/2023

Originally published by Google Cloud. Written by Blair Franklin, Contributing Writer, Google Cloud. While the future is uncertain, one thing is clear: decision makers are looking to the cloud to help prepare for whatever lies ahead. Cloud computing has come a long way since 2012, when one in t...

What Does the M-21-31 Requirement Mean for Federal Agencies?

Blog Published: 03/28/2023

Originally published by Axonius. Written by Tom Kennedy. The cybersecurity memorandum M-21-31, from the Office of Management and Budget, provides guidance on how to stop this type of leapfrogging before it can begin. M-21-31 focuses on visibility and incident response, and establishes a four-...

Your Cloud SDLC is a Goat Rodeo. Here are 6 Steps to Wrangle It.

Blog Published: 03/27/2023

Originally published by Dazz. Written by Julie O’Brien, CMO and Matt Brown, Solutions Engineer, Dazz. Companies are developing software in the cloud in a big way. The cloud has opened up a world of possibilities for application makers, enabling flexible architectures and ever more efficient ways ...

What is Microsegmentation?

Blog Published: 03/27/2023

Originally published by TrueFort. Written by Nik Hewitt. Microsegmentation: The Zero Trust “best practice” becoming “standard practice.” Often described by the broader term ‘Zero Trust,’ which is the name given to the overall security model, microsegmentation is the industry-recognized best pract...

How To Achieve InfoSec When Your Tools Do InfraSec

Blog Published: 03/27/2023

Written by Ravi Ithal, Cofounder and Chief Technology Officer, Normalyze. Originally published by Forbes. “Brings a knife to a gunfight,” sneers Sean Connery while aiming a sawed-off shotgun at the knife-wielding intruder. Since that line in the 1987 movie The Untouchables, we’ve heard the same a...

The 5 Stages to DevSecOps

Blog Published: 03/25/2023

Written by the DevSecOps Working Group. Organizations have a wide array of tools and solutions to choose from when implementing security into their Software Development Lifecycle (SDLC). Since every SDLC is different in terms of structure, processes, tooling, and overall maturity, there is no one...

Cascading and Concentration Risk: How do They Impact Your Digital Supply Chain?

Blog Published: 03/24/2023

Originally published by Black Kite. Written in part by Jeffrey Wheatman, Cyber Risk Evangelist. Within the world of third party risk, cascading and concentration risk have been the buzz of conversation as large events are frequently tied back to this explanation of risk. It is becoming increasing...

Understanding Data Protection Needs in a Cloud-Enabled Hybrid Work World

Blog Published: 03/24/2023

Originally published by Netskope. Written by Carmine Clementelli. Netskope partnered with the Cloud Security Alliance to release the Data Loss Prevention (DLP) and Data Security Survey Report, a survey focused on data protection needs in cloud and hybrid work environments. Unsurprisingly, the...

The Future of Cloud

Blog Published: 03/24/2023

Originally published by ManTech. Written by Sandeep Shilawat, Vice President, Cloud and Edge Computing, ManTech. Stock analysts and meteorologists are in the business of making predictions. IT professionals… not so much. But when we think about the cloud and the vast changes it has facilitated ac...

Insights from the Uber Breach: Ways to Prevent Similar Attacks

Blog Published: 03/23/2023

Originally published by InsiderSecurity on December 9, 2022. Uber Technologies disclosed it was investigating a cybersecurity incident after reports that hackers had breached the company’s network. An in-depth analysis of the attack reveals how the attack occurred and ways organizations can preve...

Becoming Cyber Resilient—Cybersecurity Trends to Watch in 2023

Blog Published: 03/23/2023

Originally published by BARR Advisory. Written by Kyle Cohlmia. According to the 2022 IBM Cost of Data Breach report, 83% of organizations surveyed experienced more than one data breach with an average total cost of $4.35 million. This cost was an all-time high for 2022 and a 2.6% increase from t...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
47
48
49
51
53
54
55
Last »