Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersEventsBlog
Get Free Early Access to TAISE Module 3! Sample the Certificate Experience Today!

All Articles

Home
All Articles
How to Share the Security Responsibility Between the CSP and Customer

Blog Published: 09/05/2019

By Dr. Kai Chen, Chief Security Technology Officer, Consumer BG, Huawei Technologies Co. Ltd. The behemoths of cloud service providers (CSPs) have released shared security responsibility related papers and articles, explaining their roles and responsibilities in cloud provisioning. Although th...

What Executives Should Know About the Capital One Breach

Blog Published: 09/09/2019

By Phillip Merrick, CEO of FugueMost enterprises are already using public cloud computing services at scale or are planning to adopt the cloud soon. As an executive, chances are you’re paying attention to the Capital One data breach and wondering how this event should impact your decision-maki...

Cloud Security Roadmap for 2019 & Beyond

Blog Published: 09/10/2019

By Amélie Darchicourt, Product Marketing Manager, ExtraHopHow to succeed under the shared responsibility modelCloud security is an evolving space where consumers and vendors must innovate quickly, not only to outpace attackers, but also to support rapid development while minimizing the risks ...

Open API Survey Report

Blog Published: 09/11/2019

By the Open API CSA Working GroupCloud Security Alliance completed its first-ever Open API Survey Report, in an effort to see exactly where the industry stood on the knowledge surrounding Open APIs as well as how business professionals and consumers were utilizing them day to day. The key trai...

Egregious 11 Meta-Analysis Part 3: Weak Control Plane and DoS

Blog Published: 09/12/2019

By Victor Chin, Research Analyst, CSAThis is the third blog post in the series where we analyze the security issues in the new iteration of the Top Threats to Cloud Computing report. Each blog post features a security issue that is being perceived as less relevant and one that is being perceiv...

The Four Pillars of CASB: Data Protection

Blog Published: 09/16/2019

By Will Houcheime, Product Marketing Manager, BitglassIn this blog series, we discuss the key capabilities of cloud access security brokers (CASBs), and why organizations are turning to them as they migrate to the cloud. One of the four pillars of CASBs is data protection, which focuses on sec...

CAIQ V3 Updates

Blog Published: 09/17/2019

Cloud Security Alliance (CSA) would like to present the next version of the Consensus Assessments Initiative Questionnaire (CAIQ) v3.1.The CAIQ offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It...

Sidechains, beacon chains and why we shouldn’t give up on Blockchain performance quite yet

Blog Published: 09/18/2019

By Kurt Seifried, Chief Blockchain Officer, CSAIf you’ve been in IT you’ve probably learned one of the simple lessons:Scaling out is hard and can be expensive, but scaling up is easy and even more expensive. In simple terms if you can scale out you can keep costs down, ideally at a linear grow...

Announcing the Security@ San Francisco 2019 Agenda

Blog Published: 09/25/2019

By the HackerOne TeamThe agenda for the third annual hacker-powered security conference, Security@ San Francisco, is live! Security@ is the only conference dedicated to the booming hacker-powered security industry, where hackers and leaders come together to build a safer internet. The conferen...

How Blockchain Might Save Us All

Blog Published: 09/27/2019

By Kurt Seifried, Chief Blockchain Officer, CSAI’ve been seeing a lot of articles claiming that Blockchain will save us from hackers, and ransomware, and all sorts of other Cyber-Shenanigans. So… will Blockchain save us all? Yes, well . . . sort of, it’s complicated. Let’s start with a story:T...

Cloud Security Posture Management: Why You Need It Now

Blog Published: 10/01/2019

By Samantha Nguyen, Product Manager, BitglassGartner recommends that security and risk management leaders invest in CSPM (cloud security posture management) processes and tools to avoid misconfigurations that can lead to data leakage. Although it is a relatively new class of tools, this recomm...

What to Expect at the 2019 Colorado Chapter Forum

Blog Published: 10/02/2019

Understanding the complexities of cloud security can be very challenging. Because of this, Cloud Security Alliance has membership opportunities, resources, certifications, and local chapters to help explain it. The Colorado Chapter of Cloud Security Alliance is pleased to announce its 4th annu...

Why you can't have backdoored crypto that is secure

Blog Published: 10/03/2019

By Kurt Seifried, Chief Blockchain Officer, CSASo as you have probably seen some parts of the US government are again making noise about end-to-end encryption. We’ve seen this before (clipper chip, key escrow, etc., etc.). The new twist is that they appear to be trying a thin end of the wedge ...

Guardians of the Cloud: The Latest Security Findings

Blog Published: 10/07/2019

By Juan Lugo from BitglassWith the emergence of cloud adoption and BYOD in the workplace, companies are experiencing an overwhelming amount of data breaches. This is largely because they are not taking the appropriate steps to secure data in the cloud. As such, Bitglass conducted a survey with...

It's all about the Data! - Preventative Security

Blog Published: 10/08/2019

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceI have always said I am a "data guy." Decisions made with data eliminate all bias, opinions, and ad hoc decisions that cause potential costly moves.In my most recent podcast interview with Phillip Merrick, CEO of Fugue, he...

Cloud Penetration Testing the Capital One Breach

Blog Published: 10/10/2019

By Alexander Getsin, Lead Author for Cloud Penetration Testing PlaybookAligning the Capital One breach with the CSA Cloud Penetration Testing PlaybookIn March 2019, Capital One suffered a unique cloud breach. 140,000 Social Security numbers and 80,000 linked bank account numbers were exposed, ...

Introducing Reflexive Security for integrating security, development and operations

Blog Published: 10/14/2019

By the CSA DevSecOps Working Group Organizations today are confronted with spiraling compliance governance costs, a shortage of information security professionals, and a disconnect between strategic security and operational security. Due to these challenges, more and more companies value agil...

Corporate Contractors and the Requirement for Zero-Trust Network Access

Blog Published: 10/21/2019

By Etay Bogner, VP, Zero-Trust Products Proofpoint and former CEO of Meta NetworksIt’s not a stretch to say that most industries and organizations today have contractors in the mix who need remote access to the company’s network. Yet the traditional virtual private network (VPN) method of enab...

CMMC – the New Protocol Droid for DoD Compliance

Blog Published: 11/06/2019

By Doug Barbin - Cybersecurity Practice Leader at Schellman & Company, LLCA long time ago in a galaxy exactly ours…There was 800-171. For some time, the US Department of Defense has been working to revise its funding procurement procedures referred to as the Defense Acquisition Regulat...

CSA Announces Advanced Cloud Security Practitioner Training, a Highly Technical Hands-on Course for Technical Security Professionals

Press Release Published: 11/04/2019

Program delves deep into practical cloud security, applied DevSecOps for enterprise-scale cloud deployments SEATTLE – Nov. 4, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud c...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
58
59
60
62
64
65
66
Last »