Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Could A Data Breach Land Your CISO In Prison?

Blog Published: 03/03/2023

Originally published by F5. Written by Gail Coury. On November 9, 2022 Twitter CISO Lea Kissner resigned along with the company’s chief privacy officer and its chief compliance officer. The Washington Post and other media outlets reported that internal Slack messages at Twitter revealed serious c...

5 Key Findings for Cloud Data Security Professionals from ESG's Survey

Blog Published: 03/02/2023

Originally published by Sentra. Securing sensitive cloud data is a key challenge and priority for 2023 and there's increasing evidence that traditional data security approaches are not sufficient. Recently, Enterprise Strategy Group surveyed hundreds of IT, Cloud Security, and DevOps professional...

Definitive Guide to Hybrid Clouds, Chapter 5: Threat Detection and Response in the Hybrid Cloud

Blog Published: 03/02/2023

Originally published by Gigamon. Written by Stephen Goudreault, Gigamon.Editor’s note: This post explores Chapter 3 of the “Definitive Guide™ to Network Visibility and Analytics in the Hybrid Cloud.” Read Chapter 1, Chapter 2, Chapter 3, and check back for future posts covering Chapters 6 and 7.F...

Protecting Data and Promoting Collaboration During Times of Change

Blog Published: 03/01/2023

Originally published by Lookout. Written by Hank Schless, Senior Manager, Security Solutions, Lookout. When it comes to the way we work, change is now the status quo — and it often happens so quickly that security teams have a tough time keeping up. Organizations that try to keep using their ...

OWASSRF: New Exploit Method Identified for Exchange Bypassing ProxyNotShell Mitigations

Blog Published: 03/01/2023

Originally published by CrowdStrike. CrowdStrike recently discovered a new exploit method (called OWASSRF) consisting of CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access (OWA). The new exploit method bypasses URL rewrite mitigations for the Autod...

Modernizing Assurance for Cloud and Beyond

Blog Published: 02/28/2023

Since we launched in 2009, organizations around the world have looked to the Cloud Security Alliance to see what we might be able to offer to assist them in addressing assurance issues with the cloud services they were beginning to use. Fast forward to 2023, this has grown into a critical aspect ...

Why Making Ransomware Payments Illegal Could Backfire

Blog Published: 02/28/2023

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO - Americas, Zscaler. A debate swirling since at least last summer – about the wisdom of banning compromised companies from making payments to ransomware actors – was sparked again recently when Australia broached the possibil...

Save Your Data and Your Sanity

Blog Published: 02/28/2023

Originally published by Rubrik. Written by Jeff Inouye, Rubrik. I recently read a technology forum post where a system administrator described symptoms of post-traumatic stress disorder after their company was attacked by ransomware. The recent State of Data Security report from Rubrik Zero Labs ...

Cloud CISO Perspectives: January 2023

Blog Published: 02/27/2023

Originally published by Google Cloud. Written by Phil Venables, VP and Chief Information Security Officer, Google Cloud. Welcome to January’s Cloud CISO Perspectives. This month, we’re going to catch up with a few of the cloud security megatrends that I described a year ago, and see how they and ...

Key Facts and Benefits of ISO 27018

Blog Published: 02/27/2023

Originally published by Schellman & Co. Written by Jordan Hicks. "Even when clouds grow thick, the sun still pours its light earthward." The poet Mark Nepo wasn’t speaking about cloud security when he wrote that, but it makes for a lyrical way to consider the landscape. As a cloud provider, y...

Zero Trust Security: The Guide to Zero Trust Strategies

Blog Published: 02/27/2023

Originally published by Titaniam. Companies today face more and more security risks. Ransomware is on the rise, and cybercriminals are beginning to breach critical infrastructure with new techniques. In an effort to reduce the frequency and severity of these attacks, the United States government ...

5 Ways Compliance Technology Improves Audit Processes

Blog Published: 02/24/2023

Originally published by A-LIGN. Compliance is alluring to clients, as they are often drawn to organizations that show a dedication to established security frameworks. However, the process of becoming (and remaining) compliant can be time-consuming and expensive. With limited resources restricting...

The Changing Role of the CISO in 2023

Blog Published: 02/24/2023

Originally published by TrueFort. Written by Nik Hewitt, TrueFort. It’s the year of the water rabbit. It’s also the year of the nation-state ransomware attack. The role of the Chief Information Security Officer (CISO) has gone through a significant evolution in recent years. As technology and bus...

Protecting Source Code in the Cloud with DSPM

Blog Published: 02/23/2023

Originally published by Sentra. Written by Daniel Suissa, Software Engineer, Sentra. Source code lies at the heart of every technology company’s business. Aside from being the very blueprint upon which the organization relies upon to sell its products, source code can reveal how the business op...

The Advantages of eBPF for CWPP Applications

Blog Published: 02/23/2023

Originally published by SentinelOne. Written by Rick Bosworth, SentinelOne. Extended Berkeley Packet Filter (eBPF) is a framework for loading and running user-defined programs within the Linux OS kernel, to observe, change, and respond to kernel behavior without the destabilizing impact of ke...

CISO Survival Guide: Vital Questions to Help Guide Transformation Success

Blog Published: 02/22/2023

Originally published by Google Cloud. Written by Anton Chuvakin, Security Solution Strategy, and David Stone, Office of the CISO, Google Cloud. Part of being a security leader whose organization is taking on a digital transformation is preparing for hard questions – and complex answers – on how t...

Not All Sandboxes Are for Children: How to Secure Your SaaS Sandbox

Blog Published: 02/22/2023

Originally published by Adaptive Shield. Written by Hananel Livneh, Adaptive Shield. When creating a Sandbox, the mindset tends to be that the Sandbox is considered a place to play around, test things, and there will be no effect on the production or operational system. Therefore, people don’t ac...

How to Implement CIEM – A Checklist

Blog Published: 02/22/2023

Originally published by Ermetic. CIEM solutions provide visibility into cloud identities to secure access management. With cloud adoption growing and entitlements taking center stage as the security boundary in the cloud, more organizations are looking for the right security solution for their id...

5 Data Security Trends You Might Be Missing

Blog Published: 02/21/2023

Originally published by Rubrik. Written by Atul Ashok, Rubrik. Malware is becoming more sophisticated, and it would be impossible to prevent and defend from every single cyber threat out there. As the digital dependence of enterprises grows in tandem with the enterprise’s growth, we are seeing so...

A Closer Look at BlackMagic Ransomware

Blog Published: 02/21/2023

Originally published by Cyble on December 7, 2022. New Ransomware disrupting Transportation and Logistics Industry in Israel During a routine threat-hunting exercise, Cyble Research and Intelligence Labs (CRIL) came across a new ransomware group named “BlackMagic” ransomware. This ransomware gro...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
56
57
58
60
62
63
64
Last »