Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Help shape the future of cloud security! Take our quick survey on SaaS Security and AI.

All Articles

Home
All Articles
Redshift Security: Attack Surface Explained

Blog Published: 12/15/2022

Originally published by Dig Security. Written by Ofir Shaty and Ofir Balassiano, Dig Security. We have previously discussed (Access and Data Flows, Data Backups and Encryption) security best practices to implement least privileged access on Redshift and reduce the static risk associated with your...

Advanced BEC Scam Campaign Targeting Executives on O365

Blog Published: 12/15/2022

Originally published by Mitiga on August 27, 2022. Mitiga spotted a sophisticated, advanced business email compromise (BEC) campaign, directly targeting relevant executives of organizations (mostly CEOs and CFOs) using Office 365. The attackers combine high-end spear-phishing with an adversary-in...

AWS Security Groups Guide

Blog Published: 12/15/2022

Originally published by Sysdig. Written by Brett Wolmarans, Sysdig. AWS Security Groups (and Network ACLs and VPCs) are some of the fundamental building blocks of security in your cloud environment. They are similar to firewalls, but are ultimately different. You have to understand this topic ve...

Don’t Keep Us in the Dark: Addressing the Cloud Change Management Gap

Blog Published: 12/14/2022

Sean Heide, Research Technical Director at CSA Jez Goldstone, Director of Security Architecture, Cloud & Innovation | CSO Cyber Security Assurance at Barclays Hillary Baron, Sr. Research Technical Director at CSA John Yeoh, Global VP of Research at CSA The innovation in cloud services and pla...

How to Detect Cloud Storage Misconfigurations to Protect Valuable Data

Blog Published: 12/14/2022

Originally published by CrowdStrike. Written by Ciaran O'Brien and Matt Johnston, CrowdStrike. Cloud storage misconfigurations continue to become more prevalent and problematic for organizations as they expand their cloud infrastructure, driving the importance of technologies such as cloud secur...

SANS 2022 Cloud Security Survey, Chapter 2: What Security and Compliance Worries Do IT Pros Have About the Cloud?

Blog Published: 12/14/2022

Originally published by Gigamon. Written by Chris Borales, Gigamon. Editor’s note: This post explores Chapter 2 of the SANS 2022 Cloud Security Survey. Chapter 1 is available here. Check back for future posts covering Chapters 3 and 4.The cloud is sold more and more as the answer to what ails IT,...

CyberThreats Mushrooming Over Global Nuclear Facilities

Blog Published: 12/14/2022

Originally published by Cyble. Cyble Research & Intelligence Labs (CRIL) has been observing and reporting about parallel cyber hostilities extending among various nations since the beginning of the Russia-Ukraine conflict in February 2022.Apparently, Threat Actors (TAs), Hacktivist Groups, an...

SASE to SSE: Understanding the Shift

Blog Published: 12/13/2022

Written by Prakhar Singh, Business Development Manager, Cybersecurity & GRC Services, HCLTech. IntroductionIn a previous blog post, I highlighted the importance of Zero Trust and Zero Trust Network Access and how organizations can cultivate the same within their ecosystems. While the term Zer...

How State CIOs Can Elevate Priorities Above Personalities

Blog Published: 12/13/2022

Originally published by CXO REvolutionaries. Written by David Cagigal, Former CIO of the State of Wisconsin. If we continue to develop technology without wisdom or prudence, our servant may prove to be our executioner." - General Omar N. Bradley Earlier this month, the National Association of Sta...

Altruism in Information Security, Part 3: Effort (and Sacrifice) in Execution

Blog Published: 12/13/2022

Originally published by Tentacle. Written by Matt Combs, Tentacle. I could not wrap up this blog series without at least taking some time to acknowledge and speak to the amount of effort that is truly required to pull off a proper information security program. There are so many InfoSec profession...

Unpatched ERP Vulnerabilities Haunt Organizations

Blog Published: 12/12/2022

Originally published by Onapsis. The challenge of how to identify vulnerabilities, prioritize patches, and prevent cyberattacks targeting business-critical Enterprise Resource Planning (ERP) data and systems is keeping cybersecurity professionals up at night. Don’t let unpatched ERP vulnerabilit...

The Latest PKI and IoT Trends Study from Ponemon is Out, and Here's What We Found

Blog Published: 12/12/2022

Originally published by Entrust. Written by Samantha Mabey, Entrust. The 2022 PKI and IoT Trends Study conducted by the Ponemon Institute is out, and Entrust is pleased to be the sponsor for the 8th consecutive year. Just to recap, the survey collects feedback from over 2,500 IT professionals aro...

5 Common Problems in ISO 27701 Certifications

Blog Published: 12/12/2022

Originally published by Schellman. Written by James Hunter, Schellman. If you’ve ever been in a car with someone who takes a speedbump anywhere above 10mph, at the time, you’ve probably thought, “didn’t you see that coming?!” Or maybe, “why didn’t they avoid that giant bump in the road?”Speedbump...

The Four Horsemen of Network Security

Blog Published: 12/09/2022

Originally published by Netography. Written by Martin Roesch, CEO, Netography. One of the fundamental organizing principles for network security is that we have four fundamental things to secure—users, applications, data, and devices. I sometimes jokingly refer to them as the four horsemen of net...

New Kiss-a-Dog Cryptojacking Campaign Targets Vulnerable Docker and Kubernetes Infrastructure

Blog Published: 12/09/2022

Originally published by CrowdStrike on October 26, 2022. Written by Manoj Ahuje, CrowdStrike. CrowdStrike has uncovered a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “dog...

The Role Of ITSM In The Cloud, DevSecOps, And Container Era

Blog Published: 12/09/2022

Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. Over the last two decades, ITIL has become the de-facto industry standard for managing IT services. IT service management tools and processes were developed and implemented to execute ITIL...

Data States Security Experts Unhappy With Traditional Tokenization

Blog Published: 12/08/2022

Originally published by Titaniam. Titaniam’s 2022 State of Enterprise Tokenization Survey shows that the vast majority of cybersecurity experts are dissatisfied with their current tokenization tools. In fact, despite spending 1 million dollars annually on tokenization security tools, 99% of respo...

Preventing Unauthorized Usage of Non-Person Entities (NPEs)

Blog Published: 12/08/2022

Originally published by TrueFort. Written by Trish Reilly, TrueFort. What is an “NPE”? For those of you not working at a Federal agency, the acronym ‘NPE’ may be foreign. Or you may know it as service accounts for non-federal organizations. Like any other industry, the US Federal government oft...

What Is eBPF and What Are Its Use Cases?

Blog Published: 12/08/2022

Originally published by Tigera. Written by Reza Ramezanpour, Tigera. With the recent advancements in service delivery through containers, Linux has gained a lot of popularity in cloud computing by enabling digital businesses to expand easily regardless of their size or budget. These advancements ...

Security Program Management (SPM) and Governance, Risk and Compliance (GRC): What’s the Difference?

Blog Published: 12/07/2022

Originally published by Blue Lava. Written by Emily Shipman, Blue Lava. Compliant but not Secure: The Differences Between Governance, Risk and Compliance (GRC) and Security Program Management (SPM) and Why it Matters Security programs bear many responsibilities, but chief among them is the duty t...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
57
58
59
61
63
64
65
Last »