Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Help shape the future of cloud security! Take our quick survey on SaaS Security and AI.

All Articles

Home
All Articles
Your Guide to IAM – and IAM Security in the Cloud

Blog Published: 01/27/2023

Originally published by Ermetic. As user credentials become a coveted target for attackers, IAM (Identity Access Management) technologies are gaining popularity among enterprises. IAM tools are used in part to implement identity-based access security practices in the cloud. But is IAM security en...

Everything You Need to Know About ISO 27001 Certification

Blog Published: 01/27/2023

Originally published by A-LIGN. With bad actors targeting sensitive data, many organizations are looking for new ways to monitor and improve their data security. Enter: ISO/IEC 27001:2013. A useful way to establish credibility with stakeholders, customers, and partners, ISO 27001 can help demon...

5 Timely SaaS Security Recommendations for 2023

Blog Published: 01/27/2023

Written by Jesse Butts, Head of Content & Communications, AppOmni. While our colleagues were winding down for the holidays, cybersecurity professionals spent the tail-end of 2022, and first week of 2023, responding to major SaaS breaches. Late December ushered in disclosures of Okta, ...

Herding Cats: How to Lead a Digital Transformation in a Federated Organization

Blog Published: 01/26/2023

Originally published by CXO REvolutionaries. Written by Yves Le Gelard, Former Group CIO and Chief Digital Officer, ENGIE. A tale of two types of organization Organizations embarking on digital transformations typically fall somewhere on a spectrum between rigidly hierarchical – in which leaders’...

What Are the DoD Cloud Computing Security Assessment Requirements?

Blog Published: 01/26/2023

Originally published by Schellman. Written by Jon Coffelt, Schellman. When you compare the two tallest mountains in the world—K2 and Everest—some of the facts might surprise you. For instance, did you know that K2’s climbing route is more technical than that of the tallest mountain in the world? ...

On the Criticality of SDLC Context for Vulnerability Remediation

Blog Published: 01/25/2023

Originally published by Dazz. Written by Eyal Golombek, Director of Product Management, Dazz. Risk can go undetected when full context of the SDLC is missing Risk to cloud environments originates from multiple possible sources. Managing cloud risk requires a deep understanding of how that risk en...

If You Could Only Ask One Question About Your Data, It Should be This

Blog Published: 01/25/2023

Originally published by Sentra. Written by Guy Spilberg, VP R&D, Sentra. When security and compliance teams talk about data classification, they speak in the language of regulations and standards. Personal Identifiable Information needs to be protected one way. Health data another way. Employ...

Egress URL Filtering: The Most Important Cloud Security Control You’re Probably Missing

Blog Published: 01/25/2023

Originally published by Valtix. Written by Vijay Chander, Valtix. As we work with enterprise cloud security architects daily, it’s abundantly clear that one of the top priorities in 2023 is how to standardize security policy enforcement through improved network architecture across project teams a...

Oops, I Leaked It Again — PII in Exposed Amazon RDS Snapshots

Blog Published: 01/24/2023

Originally published by Mitiga on November 16, 2022. Written by Ariel Szarf, Doron Karmi, and Lionel Saposnik. TL; DR: The Mitiga Research Team recently discovered hundreds of databases being exposed monthly, with extensive Personally Identifiable Information (PII) leakage. Leaking PII in this ...

Cloud Economics: A Federal Perspective

Blog Published: 01/24/2023

Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. Migration to the cloud ecosystem has had a profound impact on all aspects of business, as the cloud provides many benefits and gives an enterprise a strategic advantage. The application of...

What is an Access Control Server in 3DS?

Blog Published: 01/24/2023

Originally published by TokenEx. Written by Anni Burchfiel, TokenEx. Quick Hits 3DS is a form of multifactor authentication used to reduce card-not-present fraud by verifying cardholder identities. The 3DS Access Control Server is a tool used by issuing banks to confirm the identity of the cardh...

Designing for Recovery: Infrastructure in the Age of Ransomware

Blog Published: 01/23/2023

Originally published by Nasuni. Written by Joel Reich, Nasuni. The menace of ransomware is driving increased security spending as organizations try to harden their systems against potential attacks, but ransomware is a new kind of threat. You can’t simply deploy tools to defend against the malwar...

Who Has Control: The SaaS App Admin Paradox

Blog Published: 01/23/2023

Originally published by Adaptive Shield. Written by Eliana Vuijsje, Adaptive Shield. Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization's external admin attempts to disable MFA for themselves. They don't think to consult with the security team and d...

To Secure the Atomized Network, Don’t Bring a Knife to a Gunfight

Blog Published: 01/23/2023

Originally published by Netography. Written by Martin Roesch, CEO, Netography. You don’t bring a knife to a gunfight. Yet, that’s exactly what we’re doing when we try to secure today’s atomized networks with piecemeal approaches and network security architectures designed decades ago. To fully ap...

5 Steps to Managing Third-Party Risk in the Healthcare Industry

Blog Published: 01/21/2023

Written by the Health Information Management Working Group. Healthcare organizations are struggling to identify, protect, detect, respond, and recover from third-party or vendor-related data breaches, vulnerabilities, and threat events. The number of third-party vendors that handle sensitive data...

Why Your Cloud Services Need the CSA STAR Registry Listing

Blog Published: 01/20/2023

Originally published by CAS Assurance. What is the CSA STAR Registry? The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry maintained by CSA and it documents the security, privacy and compliance postures of the cloud services off...

Double Trouble for Cyberinsurers

Blog Published: 01/20/2023

Originally published by Ericom Software. Written by Stewart Edelman, Ericom Software. Read Part 1 of this blog, "How Well Will Cyberinsurance Protect You When You Really Need It?," here. Times are tough for insurers, who face two distinct types of cybersecurity challenges: profiting from the cy...

Enabling Secure Cloud Migration to Enterprise Cloud Environments

Blog Published: 01/20/2023

Written by Andy Packham, Chief Architect and Senior Vice President, Microsoft Business Unit, and Syam Thommandru, Global Alliances and Product Management, Cybersecurity & GRC Services, HCLTech. Global enterprises are at an exciting new threshold of possibilities in the new normal. As remote w...

Social Engineering Tactics are Changing. Awareness Training Must Too.

Blog Published: 01/19/2023

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO - Americas, Zscaler. After hardening my corporate environment and improving our device management as CISO with previous organizations, I noticed that the would-be fraudsters quickly evolved their attack methods in response. I...

Proxying Your Way to SaaS Security? There’s a Better Approach!

Blog Published: 01/19/2023

Originally published by DoControl. Written by John Newsome, DoControl. Over the course of my 20 plus years in cybersecurity, I’ve had the opportunity to work for some outstanding companies and thought leaders in the industry. One of the most controversial and debated topics throughout this time h...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
53
54
55
57
59
60
61
Last »