Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Empowering BFSI with Purpose-Built Cloud Solutions

Blog Published: 10/01/2024

Originally published by Tata Communications. Written by Rajesh Awasthi, VP & Global Head of Managed Hosting and Cloud Services, Tata Communications. India's financial sector is undergoing a profound transformation, driven by a confluence of technological advancements, regulatory changes, an...

When Walls Crumble: A CISO's Guide to Post-Breach Recovery

Blog Published: 09/30/2024

Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.Let's face it, folks – breaches happen. As a CISO (as much as it pains me to say), this is unlikely to change in the near future. Even organizations with the "best" defenses are occasionally overwhelmed b...

How Multi-Turn Attacks Generate Harmful Content from Your AI Solution

Blog Published: 09/30/2024

A simple yet powerful way to break Generative AI chatbots Written by Satbir Singh, Enkrypt AI.Generative AI models have improved detecting and rejecting malicious prompts. And most models have basic safety alignment training to avoid responding to queries such as: “How can I commit financi...

Implementing the Shared Security Responsibility Model in the Cloud

Blog Published: 09/27/2024

CSA's Cloud Trust Summit 2024 featured an expert panel discussion about v2 of our CCM v4.0 Implementation Guidelines. Led by CSA's Lefteris Skoutaris, the panelists included:David Skrdla, Senior IT Auditor, Internal Audit, American Fidelity Corp/CamGen PartnersKerry Steele, Principal, Payments an...

Massive NHI Attack: 230 Million Cloud Environments Were Compromised

Blog Published: 09/27/2024

Originally published by Astrix.Massive NHI Attack: Insecure AWS Stored Credentials Lead to Compromise of 230 Million Cloud Environments. Researchers from Unit 42 have uncovered a sophisticated and large-scale cyberattack targeting over 230 million AWS, cloud and SaaS environments. The attack expl...

How to Prepare for Inevitable Risks to Your SaaS Data

Blog Published: 09/26/2024

Written by Mike Melone, Sr. Content Marketing Manager, Own Company.The phrase "it's not if, it's when" has been echoed in cybersecurity circles for years, but it’s never rang truer than it does now. In Q2 2024, Check Point Research saw a 30% YoY increase in cyber attacks globally, reaching 1,636 ...

How to Set Up Your First Security Program

Blog Published: 09/26/2024

Originally published by Vanta.There's no one size fits all when it comes to setting up your organization’s first security program. Each organization has a unique set of business needs, guardrails to implement, and data it needs to protect, which is why it’s important to remember that every securi...

CSA Community Spotlight: Promoting Data Security Best Practices with Compliance Officer Rocco Alfonzetti, Jr.

Blog Published: 09/25/2024

Celebrating 15 years of advancing cloud security, CSA has established itself as a leader in defining best practices and fostering collaboration within the industry. Since its founding in 2009, CSA's success has been deeply rooted in the innovative work of its research working groups, which drive ...

Betting on the Bank: Why People Trust Banks with Their Data

Blog Published: 09/25/2024

Written by Anastasios Arampatzis. Building and maintaining trust in data handling practices is critical for businesses in every industry. Trust is the foundation of long-lasting relationships between companies and consumers, directly impacting consumer loyalty, brand reputation, and, ultimately,...

What are the Benefits of a Social Engineering Campaign?

Blog Published: 09/25/2024

Originally published by Schellman.For as long as the concept of cybersecurity has been around, much of the focus has centered on sophisticated technical controls—firewalls, password strength, network segmentation, endpoint protection, encryption, etc. And while implementation and regular testing ...

What is the CSA STAR Program? An Intro for Beginners

Blog Published: 09/24/2024

Has someone brought up the CSA STAR Program or the CSA Cloud Controls Matrix and you have no idea what that means? This blog is the place to start for all of you non-IT professionals and cloud newbies.Cloud computing is a way to access computer resources (including networks, servers, storage, app...

AI Regulation in the United States: CA’s ADMT vs American Data Privacy and Protection Act

Blog Published: 09/24/2024

Originally published by Truyo.In the evolving landscape of artificial intelligence (AI) regulation, the United States finds itself at a crossroads, with two significant pieces of legislation vying to shape the future of AI governance: the California Automated Decisionmaking Technology law and the...

8 Ways to Reduce Data Storage Costs

Blog Published: 09/24/2024

Originally published by Normalyze.Written by Vamsi Koduru.Many organizations don’t store their data. They hoard data.Too often, organizational data accumulates in a never-ending cycle of unnecessary duplication and hoarding. As a result, they suffer ever-growing data storage fees and significant ...

Is Your Production Data Secure? That’s a Hard NO.

Blog Published: 09/23/2024

Originally published by Paperclip.Written by Mike Bridges.The culture of cybersecurity and data protection is broken. Let’s look at it from a unique point of view. You’ve got an employee who is terrible at their job, consistently makes mistakes, and puts the company in harm’s way. Even worse, whe...

Continuous Compliance Monitoring: A Must-Have Strategy

Blog Published: 09/23/2024

Originally published by BARR Advisory. Written by Cody Hewell and Brett Davis. A report by Proofpoint indicated that nearly 70% of CISOs feel their organization is at risk of experiencing a material cyber attack in the next 12 months. While annual assessments and audits will help your organizati...

Building a Resilient Manufacturing Environment Through Zero Trust OT Cybersecurity Controls

Blog Published: 09/23/2024

Originally published by CXO REvolutionaries.Written by Suvabrata Sinha, CISO in Residence, Zscaler.IntroductionIn the past five years, multiple crises and disruptions have introduced a new word to the lexicon: “resilient manufacturing.” This is an approach not pivoted on cost, productivity, or pr...

Leveraging Zero-Knowledge Proofs in Machine Learning and LLMs: Enhancing Privacy and Security

Blog Published: 09/20/2024

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR.I recently attended Cloud Security Alliance's AI Controls Working Group's face-to-face meetings in Seattle. One interesting question was asked by one of our participants on if zero-knowledge proofs (ZKPs) are used in ma...

The Metadata Minefield: Protecting All Your Sensitive Data

Blog Published: 09/20/2024

Originally published by Symmetry Systems.Written by Claude Mandy, Chief Evangelist for Data Security, Symmetry Systems.When determining the sensitivity of data, it’s easy to focus solely on the content itself. However, the metadata associated with data can potentially expose other just as sensiti...

Building a Comprehensive Trust Center

Blog Published: 09/20/2024

Originally published by Vanta.In today's digital landscape, trust is paramount. Customers want to know that their data is secure and that they can rely on the companies they do business with. ‍One of the best ways to provide this assurance is through a well-crafted, up-to-date Trust Center. But w...

FedRAMP Moderate Equivalency for Cloud Service Providers Explained

Blog Published: 09/19/2024

Originally published by Schellman.Looking back, December 2023 was a big month for the Department of Defense (DoD). Not only did they release the 32 CFR Part 170 - Cybersecurity Maturity Model Certification (CMMC) Proposed Rule, but they also published a memorandum titled Federal Risk and Authoriz...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
2
3
4
6
8
9
10
Last »