Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
How to Detect Cloud Storage Misconfigurations to Protect Valuable Data

Blog Published: 12/14/2022

Originally published by CrowdStrike. Written by Ciaran O'Brien and Matt Johnston, CrowdStrike. Cloud storage misconfigurations continue to become more prevalent and problematic for organizations as they expand their cloud infrastructure, driving the importance of technologies such as cloud secur...

SANS 2022 Cloud Security Survey, Chapter 2: What Security and Compliance Worries Do IT Pros Have About the Cloud?

Blog Published: 12/14/2022

Originally published by Gigamon. Written by Chris Borales, Gigamon. Editor’s note: This post explores Chapter 2 of the SANS 2022 Cloud Security Survey. Chapter 1 is available here. Check back for future posts covering Chapters 3 and 4.The cloud is sold more and more as the answer to what ails IT,...

CyberThreats Mushrooming Over Global Nuclear Facilities

Blog Published: 12/14/2022

Originally published by Cyble. Cyble Research & Intelligence Labs (CRIL) has been observing and reporting about parallel cyber hostilities extending among various nations since the beginning of the Russia-Ukraine conflict in February 2022.Apparently, Threat Actors (TAs), Hacktivist Groups, an...

SASE to SSE: Understanding the Shift

Blog Published: 12/13/2022

Written by Prakhar Singh, Business Development Manager, Cybersecurity & GRC Services, HCLTech. IntroductionIn a previous blog post, I highlighted the importance of Zero Trust and Zero Trust Network Access and how organizations can cultivate the same within their ecosystems. While the term Zer...

How State CIOs Can Elevate Priorities Above Personalities

Blog Published: 12/13/2022

Originally published by CXO REvolutionaries. Written by David Cagigal, Former CIO of the State of Wisconsin. If we continue to develop technology without wisdom or prudence, our servant may prove to be our executioner." - General Omar N. Bradley Earlier this month, the National Association of Sta...

Altruism in Information Security, Part 3: Effort (and Sacrifice) in Execution

Blog Published: 12/13/2022

Originally published by Tentacle. Written by Matt Combs, Tentacle. I could not wrap up this blog series without at least taking some time to acknowledge and speak to the amount of effort that is truly required to pull off a proper information security program. There are so many InfoSec profession...

Unpatched ERP Vulnerabilities Haunt Organizations

Blog Published: 12/12/2022

Originally published by Onapsis. The challenge of how to identify vulnerabilities, prioritize patches, and prevent cyberattacks targeting business-critical Enterprise Resource Planning (ERP) data and systems is keeping cybersecurity professionals up at night. Don’t let unpatched ERP vulnerabilit...

The Latest PKI and IoT Trends Study from Ponemon is Out, and Here's What We Found

Blog Published: 12/12/2022

Originally published by Entrust. Written by Samantha Mabey, Entrust. The 2022 PKI and IoT Trends Study conducted by the Ponemon Institute is out, and Entrust is pleased to be the sponsor for the 8th consecutive year. Just to recap, the survey collects feedback from over 2,500 IT professionals aro...

5 Common Problems in ISO 27701 Certifications

Blog Published: 12/12/2022

Originally published by Schellman. Written by James Hunter, Schellman. If you’ve ever been in a car with someone who takes a speedbump anywhere above 10mph, at the time, you’ve probably thought, “didn’t you see that coming?!” Or maybe, “why didn’t they avoid that giant bump in the road?”Speedbump...

The Four Horsemen of Network Security

Blog Published: 12/09/2022

Originally published by Netography. Written by Martin Roesch, CEO, Netography. One of the fundamental organizing principles for network security is that we have four fundamental things to secure—users, applications, data, and devices. I sometimes jokingly refer to them as the four horsemen of net...

New Kiss-a-Dog Cryptojacking Campaign Targets Vulnerable Docker and Kubernetes Infrastructure

Blog Published: 12/09/2022

Originally published by CrowdStrike on October 26, 2022. Written by Manoj Ahuje, CrowdStrike. CrowdStrike has uncovered a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “dog...

The Role Of ITSM In The Cloud, DevSecOps, And Container Era

Blog Published: 12/09/2022

Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. Over the last two decades, ITIL has become the de-facto industry standard for managing IT services. IT service management tools and processes were developed and implemented to execute ITIL...

Data States Security Experts Unhappy With Traditional Tokenization

Blog Published: 12/08/2022

Originally published by Titaniam. Titaniam’s 2022 State of Enterprise Tokenization Survey shows that the vast majority of cybersecurity experts are dissatisfied with their current tokenization tools. In fact, despite spending 1 million dollars annually on tokenization security tools, 99% of respo...

Preventing Unauthorized Usage of Non-Person Entities (NPEs)

Blog Published: 12/08/2022

Originally published by TrueFort. Written by Trish Reilly, TrueFort. What is an “NPE”? For those of you not working at a Federal agency, the acronym ‘NPE’ may be foreign. Or you may know it as service accounts for non-federal organizations. Like any other industry, the US Federal government oft...

What Is eBPF and What Are Its Use Cases?

Blog Published: 12/08/2022

Originally published by Tigera. Written by Reza Ramezanpour, Tigera. With the recent advancements in service delivery through containers, Linux has gained a lot of popularity in cloud computing by enabling digital businesses to expand easily regardless of their size or budget. These advancements ...

Security Program Management (SPM) and Governance, Risk and Compliance (GRC): What’s the Difference?

Blog Published: 12/07/2022

Originally published by Blue Lava. Written by Emily Shipman, Blue Lava. Compliant but not Secure: The Differences Between Governance, Risk and Compliance (GRC) and Security Program Management (SPM) and Why it Matters Security programs bear many responsibilities, but chief among them is the duty t...

Zero Trust is Key to Supply Chain Security

Blog Published: 12/07/2022

Originally published by CXO REvolutionaries. Written by Jeff Lund, Global CISO - Global Information Security, Marsh McLennan. When former director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Chris Krebs spoke at Black Hat 2022, he highlighted two factors that regularly und...

Manual vs. SSPM: Research on What Streamlines SaaS Security Detection and Remediation

Blog Published: 12/07/2022

Originally published by Adaptive Shield. Written by Zehava Musahanov, Adaptive Shield. When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However, w...

5 Tips for CISOs and Boards Navigating the Evolving Regulatory Landscape

Blog Published: 12/06/2022

Originally published by ShardSecure. Written by Marc Blackmer, VP of Marketing, ShardSecure. Corporate boards are facing mounting pressure to “get smart” about data protection as they navigate an evolving regulatory landscape. It starts with a deeper understanding of cybersecurity, but under...

Advancing Trust in a Digital World

Blog Published: 12/06/2022

Originally published by Thales. Written by Welland Chu, Business Development Director, Asia Pac, Thales. The pandemic has accelerated digital transformation beyond anyone’s imagination. Considering the increased cybersecurity risks introduced by digital technologies, what should society do to pre...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
63
64
65
67
69
70
71
Last »