Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads

Blog Published: 04/26/2023

Originally published by CrowdStrike. Self-extracting (SFX) archive files have long served the legitimate purpose of easily sharing compressed files with someone who lacks the software to decompress and view the contents of a regular archive file. However, SFX archive files can also contain hidden...

Security is Only as Good as Your Threat Intelligence

Blog Published: 04/25/2023

Now even stronger with AI Originally published by Microsoft Security. Written by John Lambert, Corporate Vice President, Distinguished Engineer, Microsoft Security Research. Longtime cybersecurity observers know how frustrating the fight for progress can be. Our profession demands constant vigila...

Lessons from Blockbusters: What Hollywood Can Teach Us About Cyber Security

Blog Published: 04/25/2023

Originally published by NCC Group. Written by Sourya Biswas, Technical Director, NCC Group. “Everything I learned I learned from the movies.”-Audrey Hepburn, Oscar-winning actress and humanitarianFew things capture the imagination like movies. From epic dramas to tearful romances, from everyday t...

Migration to the Public Cloud: What You Need to Know and Some Best Practices

Blog Published: 04/25/2023

Written by Bindu Sundaresan, Director, AT&T Cybersecurity. Many organizations are turning to public cloud environments for their IT infrastructure expansion and enhancement. Cloud-based solutions offer many advantages, including cost-effectiveness, scalability, and ease of use. Organizations ...

The CxO Trust Cloud Change Notification Project

Blog Published: 04/24/2023

In the two years since we kicked it off, the Cloud Security Alliance’s CxO Trust Initiative has provided valuable guidance as to the key strategies necessary to advance cloud and cybersecurity within the C-Suite. We consult the CxO Trust Advisory Council regularly on issues that arise in the indu...

Why the Cloud Security Alliance Needs to Help Secure AI (And You Do, Too)

Blog Published: 04/24/2023

When I frame a very big technology trend, I have a somewhat annoying habit of paraphrasing a quote that revolutionary Leon Trotsky may or may not have ever said. In this case it goes:You may not be interested in artificial intelligence, but artificial intelligence is interested in you.Artificial ...

Cloud Security Alliance Releases First ChatGPT Guidance Paper and Issues Call for Artificial Intelligence Roadmap Collaboration

Press Release Published: 04/24/2023

RSA Conference (San Francisco) – April 24, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, released Security Implications of ChatGPT, a whitepaper re...

From Cloud Data Sprawl to Cloud Data Security: Navigating the Complexities

Blog Published: 04/24/2023

Originally published by Dig Security. Written by Sharon Farber. More than 60% of enterprise data is now stored in the cloud. And as this number grows, it is becoming increasingly important to ensure complete data security. Cloud computing offers greater efficiency for storing, analyzing, and shar...

How to Support Agile Development with Zero Trust Best Practices

Blog Published: 04/24/2023

Originally published by TrueFort. Written by Nik Hewitt. What is agile development? Agile software development is the practice of delivering small pieces of working software quickly to fix bugs, add features, enhance usability, and generally improve the customer experience. It lets development te...

CSA’s Enterprise Architecture: Business Operation Support Services

Blog Published: 04/22/2023

Written by CSA’s Enterprise Architecture Working Group. The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects, and risk management professionals to leverage a common set of solutions and controls. It can be used to assess oppor...

Report Shows Cloud Adoption is Higher Than Ever and So is Risk

Blog Published: 04/21/2023

Originally published by Skyhigh Security. Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. — Here’s What You Can Do About ItWith massive global changes rocking the status quo of how organizations operate and secure data, it’s no wonder that 2022 saw some pretty huge chang...

HITRUST CSF Releases v11 to Increase Efficiencies and Stay Threat-Adaptive

Blog Published: 04/21/2023

Originally published by BARR Advisory. Written by Kyle Cohlmia. HITRUST CSF recently released version 11, which includes important updates to the framework that will help streamline the process to greater healthcare assurance and protect against new and emerging threats. As a single framework, HI...

From Code to Cloud, the Case for Cloud-Native App Protection

Blog Published: 04/21/2023

Originally published by CXO REvolutionaries. Written by Rich Campagna, SVP & GM, Posture Control, Zscaler. A Cloud Native Application Protection Platform (CNAPP) is far more than just another buzz-acronym in an industry already chock full of them. It’s the next logical stage of security evolu...

The Discovery of the First-Ever Dero Cryptojacking Campaign Targeting Kubernetes

Blog Published: 04/20/2023

Originally published by CrowdStrike. CrowdStrike discovers the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure. Dero is a cryptocurrency that claims to offer improved privacy, anonymity and higher and faster monetary rewards compared to Monero, which is a commonly used...

Solving the Tower of Babel Challenge

Blog Published: 04/20/2023

Originally published by Netography. Written by Martin Roesch, CEO, Netography. Today’s Atomized Networks, which are dispersed, ephemeral, encrypted, and diverse (DEED), pose numerous network monitoring and security challenges for the teams responsible for defending and managing them. Here, I’m go...

DevOps Threat Matrix

Blog Published: 04/20/2023

Originally published by Microsoft Security. Written by Ariel Brukman, Senior Security Researcher, Microsoft Defender for Cloud. The use of DevOps practices, which enable organizations to deliver software more quickly and efficiently, has been on the rise. This agile approach minimizes the time-to...

Google Proposal To Reduce TLS Certificates Validity To 90 Days Puts Focus On Automated Certificate Lifecycle Management

Blog Published: 04/19/2023

Originally published by AppViewX. On March 3, in a move that’s meant to reinforce better Internet security, Google announced a proposal called “Moving Forward, Together,” outlining some of the key policy changes it plans to introduce in future versions of its Chrome Root Program.One of the signif...

Cloud Visibility and Port Spoofing: The Known Unknown

Blog Published: 04/19/2023

Originally published by Gigamon. Written by Stephen Goudreault. As with all technology, new tools are iterations built on what came before, and classic network logging and metrics are no different. Tooling, instrumenting, and monitoring of network traffic are virtually unchanged across the privat...

A Brief Overview of the CPRA for Data Security and Privacy Professionals

Blog Published: 04/19/2023

Originally published by Laminar. Written by Orin Israely, Product Manager, Laminar. The new year brought in new changes to the California Consumer Privacy Act (CCPA) under the California Privacy Rights Act (CPRA). What does that mean for data security and privacy professionals? Here are the perti...

The Cloud Monitoring Journey

Blog Published: 04/18/2023

Originally published by Sysdig. Written by Emanuela Zaccone. Monitoring is not a goal, but a path. Depending on the maturity of your project, it can be labeled in one of these six steps of the cloud monitoring journey. You will find best practices for all of them and examine what companies get fr...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.