Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Data Privacy Week - A Commitment for the Entire Year

Blog Published: 02/07/2023

Originally published by Skyhigh Security on January 23, 2023. Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. Nowadays, when you download a new app, open a new online account, join a new social media platform or use a majority of online services—you will typically be ask...

Overview of Digital Transformation Security: What, How, and Why?

Blog Published: 02/06/2023

A version of this blog was originally published by ScaleSec. By Justin Travis, ScaleSec. Cloud Security Alliance and ScaleSec are pleased to co-publish this security deep dive into Digital Transformation as part of promoting the upcoming Virtual CSA FinCloud Security Summit. Cloud Security Alli...

Exposed Remote Desktop Protocol Actively Targeted by Threat Actors to Deploy Ransomware

Blog Published: 02/06/2023

Originally published by Cyble on December 2, 2022. Cyble Global Sensors Intelligence and Darkweb findings show TAs actively targeting RDP Cyble Research and Intelligence Labs (CRIL) discovered multiple ransomware groups targeting open Remote Desktop Protocol (RDP) ports. RDP allows users to acces...

Social Media Traffic Monitoring – From Thought Police to Security Priority

Blog Published: 02/06/2023

Originally published by Netography. Written by Mal Fitzgerald, Sales Engineer, Netography. It seems as though every week we hear about another government agency that has banned a specific social media platform from their government-issued devices. There are a multitude of reasons for banning soci...

CCSK Success Story: From the Head of IT Infrastructure and Security

Blog Published: 02/03/2023

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

Shift Left, Save Resources: DevSecOps and the CI/CD Pipeline

Blog Published: 02/03/2023

Originally published by CXO REvolutionaries. Written by Gary Parker, Field CTO - AMS, Zscaler. Reaching the final phase of the software development lifecycle only to discover a significant security flaw is a waste of time, money, and effort. That’s why integrating security checks into the continu...

Beyond BEC: How Modern Phishing Has Evolved Past Email

Blog Published: 02/02/2023

Originally published by Lookout. Written by Hank Schless, Lookout. Business email compromise (BEC) is big business for malicious actors. According to the 2021 FBI Internet Crime Report, BEC was responsible for nearly $2.4 billion in cyber crime losses in 2021. At its root, it’s a type of ph...

Reframing Password Management: What We Learned from the LastPass Breach

Blog Published: 02/02/2023

Originally published by BARR Advisory. In August of 2022, LastPass, the cloud-based password saver, was breached as bad actors stole information that would eventually lead them to access a copy of the data vaults of tens of thousands of customers. When the firm was hacked for a second time in Nov...

Does Cloud Log Management Shield You From Threats? CloudTrail vs CloudWatch

Blog Published: 02/01/2023

Originally published by Sysdig. Written by Brett Wolmarans, Sysdig. What is different about cloud log management versus on-premises? The answer may seem simple, but several elements such as CloudTrail vs. CloudWatch come into play. In this article, we will cover some of the most important differe...

A Checklist for CSA’s Cloud Controls Matrix v4

Blog Published: 02/01/2023

Originally published by NCC Group. Written by Nandor Csonka, Director of Cloud Security, NCC Group. The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) is an internationally recognized framework that helps cloud service providers (CSPs) and cloud service customers (CSCs) manage risk. Wh...

“Hi ChatGPT, please help Cybersecurity”

Blog Published: 01/31/2023

“Cloud is just a bunch of APIs,” said Mark Russinovich of Microsoft at CSA’s SECtember 2021 conference. Mark was simplifying the definition of cloud to get after the essential characteristic that has allowed it to flourish and conquer other forms of computing. The on-demand provisioning of comput...

FedRAMP Certification: An Overview of Why It Matters

Blog Published: 01/31/2023

Originally published by Titaniam. Cybersecurity is now in the spotlight as data breaches become a near-daily story. Organizations are consuming massive amounts of personal data that is directly tied to everyday people, and they’re often utilizing cloud-based services to help store them. This can ...

How to Avoid Cybersecurity Whack-a-Mole

Blog Published: 01/31/2023

Originally published by Nasuni on November 8, 2022. Written by Jason Patterson, Nasuni. Although Cybersecurity Awareness Month is behind us now, that is no reason to take the focus off the subject. This year’s theme – “See Yourself in Cyber” – highlighted the fact that strong security really come...

How Confident Are You in Your Security Posture?

Blog Published: 01/30/2023

Originally published by Contino. Written by Marcus Maxwell, Security Practice Lead, Contino. Comparison might be the thief of joy, but it can also be a vital sign that you’re on the right (or wrong) track. Our customers often ask us how their security postures compare to those of other organisati...

Securing Cloud Workloads in 5 Easy Steps

Blog Published: 01/30/2023

Originally published by Tigera. Written by Senthil Nithiyananthan, Tigera. As organizations transition from monolithic services in traditional data centers to microservices architecture in a public cloud, security becomes a bottleneck and causes delays in achieving business goals. Traditional sec...

CircleCI Cybersecurity Incident Hunting Guide

Blog Published: 01/30/2023

Originally published by Mitiga. Written by Doron Karmi, Deror Czudnowski, Ariel Szarf, and Or Aspir, Mitiga. On January 4, CircleCI published a statement announcing the investigation of a security incident. In this technical blog, we will share how to hunt for malicious behavior that may be cause...

What is a Cloud Incident Response Plan?

Blog Published: 01/28/2023

Written by the Cloud Incident Response Working Group. In today’s connected era, a comprehensive incident response strategy is an integral aspect of any organization aiming to manage and lower its risk profile. Many organizations and enterprises without a solid incident response plan have been rud...

Your Guide to IAM – and IAM Security in the Cloud

Blog Published: 01/27/2023

Originally published by Ermetic. As user credentials become a coveted target for attackers, IAM (Identity Access Management) technologies are gaining popularity among enterprises. IAM tools are used in part to implement identity-based access security practices in the cloud. But is IAM security en...

Everything You Need to Know About ISO 27001 Certification

Blog Published: 01/27/2023

Originally published by A-LIGN. With bad actors targeting sensitive data, many organizations are looking for new ways to monitor and improve their data security. Enter: ISO/IEC 27001:2013. A useful way to establish credibility with stakeholders, customers, and partners, ISO 27001 can help demon...

5 Timely SaaS Security Recommendations for 2023

Blog Published: 01/27/2023

Written by Jesse Butts, Head of Content & Communications, AppOmni. While our colleagues were winding down for the holidays, cybersecurity professionals spent the tail-end of 2022, and first week of 2023, responding to major SaaS breaches. Late December ushered in disclosures of Okta, ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
58
59
60
62
64
65
66
Last »