Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Five Steps to Mitigate the Risk of Credential Exposure

Blog Published: 04/10/2023

Originally published by Pentera. Written by Eli Domoshnitsky. Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breac...

Microsegmentation Needs to Isolate All Lateral Movement – Including Service Account Abuse

Blog Published: 04/10/2023

Originally published by TrueFort. Written by Matt Hathaway. The devastating part of a cyber attack is when it reaches application environments with sensitive data to steal or encrypt. While microsegmentation is recognized as the best way to minimize the spread of the initial compromise, it cannot...

How Zero Trust in AWS Can Be Achieved with Ephemeral JIT Access

Blog Published: 04/10/2023

Originally published by Britive. Implementing a Zero Trust model is crucial to preventing privileged access attacks. Zero Trust is a security framework that eliminates implicit trust, requiring users to be continuously validated as they request and gain access to network resources. As businesses ...

CCSK Success Story: From a Financial Services Cloud Security Architect

Blog Published: 04/07/2023

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

Configuration and Monitoring of IAM

Blog Published: 04/07/2023

By Shruti Kulkarni and Alon Nachmany of the CSA Identity and Access Management Working Group. Introduction Identity and Access Management (IAM) is a critical component in maintaining the security and integrity of an organization's information systems. The role of IAM is to manage the authenticati...

Everything You Need to Know About the New HITRUST e1 Assessment

Blog Published: 04/07/2023

Originally published by BARR Advisory. Written by Claire McKenna. HITRUST CSF recently added a new assessment to their portfolio: the HITRUST e1 Assessment. Included in the HITRUST CSF v11 release, the e1 Assessment was designed to cover foundational cybersecurity practices. Let’s take a closer l...

Reduce Your Payment Processing Costs with a Multi-PSP Strategy

Blog Published: 04/06/2023

Originally published by TokenEx. Written by Anni Burchfiel. Choosing a payment processor can be difficult as a merchant must juggle the unique needs of their business against the rigid turnkey solutions offered by PSPs (Payment service providers). Transaction processing costs may skyrocket for bu...

Definitive Guide to Hybrid Clouds, Chapter 6: Examining Network Visibility, Analytics, and Security Use Cases

Blog Published: 04/06/2023

Originally published by Gigamon. Written by Stephen Goudreault. Editor’s note: This post explores Chapter 6 of the “Definitive Guide™ to Network Visibility and Analytics in the Hybrid Cloud.” Read Chapter 1, Chapter 2, Chapter 3, Chapter 5, and check back for a future post covering Chapter 7.Your...

The Data on the Danger of Publicly Exposed S3 Buckets

Blog Published: 04/06/2023

Originally published by Laminar. TL;DRWe recently released a post summarizing our findings that 21% of all publicly exposed buckets contained sensitive data. In this post we drill down much further on exactly how we made this determination, add more details on our findings, illustrate why we beli...

International Women’s Day: The Power of Diversity to Build Stronger Cybersecurity Teams

Blog Published: 04/05/2023

Originally published by Microsoft Security. Written by Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management, Microsoft. Women’s History Month is a special time for me as I reflect on all the great innovations women have made over the years. Women have driven t...

Exploiting CVE-2021-3490 for Container Escapes

Blog Published: 04/05/2023

Originally published by CrowdStrike. Today, containers are the preferred approach for deploying software or creating build environments in CI/CD lifecycles. However, since the emergence of container solutions and environments like Docker and Kubernetes, security researchers have consistently foun...

MFA for Hospitals: Password Sharing, Workstations, and Other Challenges

Blog Published: 04/05/2023

Written by Thales. Healthcare organizations today face an evolving cyber threat landscape, and a range of attacks such as phishing and ransomware that continue to grow in sophistication, leaving patients, doctors, and hospitals nervous. The healthcare industry is one of the most targeted critical...

Cloud Misconfigurations Are Not Cloud Vulnerabilities. Stop Treating Them That Way.

Blog Published: 04/04/2023

Originally published by Secberus. Written by Fausto Lendeborg. As organizations increasingly move data to the cloud, they face some rather big security challenges. We all realize whenever we migrate data to the cloud, adding additional data sources or creating new cloud applications, there is ris...

Kubernetes OOM and CPU Throttling

Blog Published: 04/04/2023

Originally published by Sysdig. Written by Javier Martínez. IntroductionWhen working with Kubernetes, Out of Memory (OOM) errors and CPU throttling are the main headaches of resource handling in cloud applications. Why is that?CPU and Memory requirements in cloud applications are ever more import...

The Do’s and Don’ts of Cyber Security Insurance

Blog Published: 04/04/2023

Originally published by NCC Group. Written by Sourya Biswas, Technical Director, NCC Group. Cyber security does not exist for its own sake; it’s ultimate aim is to help businesses manage risk. Risk Management 101 tells us there are four possible ways to respond to a risk.Risk avoidance - avoid th...

Is PQC Broken Already? Implications of the Successful Break of a NIST Finalist

Blog Published: 04/03/2023

Written by Jim Gable, Shannon Gray, and Denis Mandich of the CSA Quantum-Safe Security Working Group. Reviewed by Mehak Kalsi and Bruno Huttner. The cybersecurity industry was shocked recently by a paper from a Swedish team that broke one of the four NIST algorithms for Post-Quantum Cryptography ...

Fortify Your SD-WAN With SSE Integration

Blog Published: 04/03/2023

Originally published by Lookout. Written by Balaji Prasad, Head of Product, Endpoint and SASE, Lookout. Many of today’s security tools are built to secure cloud services. But we need to keep in mind that many organizations still require configurations that don’t have direct connection to the clou...

Combating Ransomware: Don't Let Your Data Be Held Hostage

Blog Published: 04/03/2023

Written by Srinivasan CR, Executive Vice President, Cloud and Cybersecurity Services & Chief Digital Officer, Tata Communications. Originally published on TechRadar. Enterprises today operate in a digitally connected world, where technology and connectivity are the core of their digital trans...

Best Practices in Data Tokenization

Blog Published: 03/31/2023

Originally published by Titaniam. Tokenization is the process of replacing sensitive data with unique identifiers (tokens) that do not inherently have any meaning. Doing this helps secure the original underlying data against unauthorized access or usage.Tokenization was invented in 2001 to secure...

How to Avoid a Costly Data Breach in AWS with Automated Privileges

Blog Published: 03/31/2023

Originally published by Britive. An AWS data breach can have significant consequences, damaging an organization’s reputation and triggering an unpredictable and costly chain of events. Although AWS offers a highly secure cloud infrastructure, it operates on a shared responsibility model. For most...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
52
53
54
56
58
59
60
Last »