Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
All Eyes on Cloud | Why the Cloud Surface Attracts Attacks

Blog Published: 10/28/2022

Originally published by SentinelOne here. Cloud environments have seen a meteoric rise in the past decade. What began as means of data storage has now become a full-scale computing platform, enabling a global shift in how businesses share, store, optimize, and manage information. However, threat ...

FedRAMP vs. ISO 27001

Blog Published: 10/28/2022

Originally published by Schellman here. Ever seen those jugglers that manage to balance multiple spinning plates at the same time? As impressive as it is, you figure you’d be happy to spin just the one plate successfully. For cloud service providers (CSPs), you have lots of different proverbial ...

Cloud IAM Done Right: How LPA Helps Significantly Reduce Cloud Risk

Blog Published: 10/28/2022

Originally published by Rapid7 here. Written by Sanjeev Williams, Senior Director, Cloud Security Products, Rapid7.Today almost all cloud users, roles, and identities are overly permissive. This leads to repeated headlines and forensic reports of attackers leveraging weak identity postures to gai...

Cloud Security Alliance and the Israel National Cyber Directorate Sign Memorandum of Understanding

Press Release Published: 10/27/2022

Parties will work together to strengthen cloud security awareness and preparedness across Israel and cloud security sectorSEATTLE – Oct. 27, 2022 – The Cloud Security Alliance (CSA), a global not-for-profit dedicated to defining standards, certifications, and best practices to help ensure a secur...

What is SOC 2? Complete Guide to SOC 2 Reports and Compliance

Blog Published: 10/27/2022

Originally published by A-LIGN here. Written by Stephanie Oyler, Vice President of Attestation Services, A-LIGN. In today’s security landscape, it’s crucial you assure your customer and partners that you are protecting their valuable data. SOC compliance is the most popular form of a cybersecurit...

The Need for SAP Security in the Utilities Sector

Blog Published: 10/27/2022

Originally published by Onapsis here. It’s no secret cyberattacks have become more advanced over the last few years. Industries that are critical to everyday life have seen, firsthand, the debilitating impact cyberattacks can have. Critical infrastructure, such as the informational technology (IT...

Cloud Security Alliance Announces Trusted Cloud Consultant Program

Press Release Published: 10/27/2022

New program connects enterprise companies with trusted, qualified consultantsSEATTLE – Oct. 27, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today ...

3 Reasons to Add Cloud Data Security to 2023 Cybersecurity Budgets

Blog Published: 10/27/2022

Originally published by Laminar here. Written by Andy Smith, Laminar. Why Cloud Data Is So ImportantCloud data is growing at an exponential rate, and attackers have taken notice. Data breaches in 2021 increased by 68% over the year prior. As cloud data continues to grow, so too will the risk of a...

A SECtember Refrain: CxOs Need Help Educating Their Boards

Blog Published: 10/26/2022

The concerns and challenges discussed during this September’s SECtember Conference and adjoining CxO Trust Summit ran the gamut. However, one refrain focused on chief information security officers’ need for more help and guidance on messaging cybersecurity problems, required security controls, an...

SaaS Security Use Case Series: Device-to-SaaS User Risk

Blog Published: 10/26/2022

Originally published by Adaptive Shield here. Written by Eliana Vuijsje, Marketing Director, Adaptive Shield. Typically, when threat actors look to infiltrate an organization’s SaaS apps, they look to SaaS app misconfigurations as a means for entry. However, employees now use their personal devic...

Data Security Posture Management vs Cloud Security Posture Management

Blog Published: 10/26/2022

Originally published by Sentra here. It was only a few years ago that we thought ‘Cloud Security Posture Management’ was going to bring the ultimate level of security to the cloud. But we’re already discovering that while CSPM is doing a good job of finding infrastructure vulnerabilities, data ...

3 Frictionless Strategies to Boost Your GCP IAM

Blog Published: 10/26/2022

Originally published by Britive here. Written by Sage Avarda, Britive. Building on Google Cloud Platform (GCP) allows DevOps teams to collaborate and create with little restriction, which results in quick turnaround time and an overall increase in market velocity. GCP provides a decent identity a...

How Cybersecurity Insurance Can Work To Help An Organization

Blog Published: 10/25/2022

Originally published by Thales here. Written by Anthony Dagostino, CEO and Co-Founder, Converge. For many years, organizations had limited options for addressing data protection risks. A company could never eliminate risk, but they could try to reduce or mitigate it. In the last 20+ years, cybers...

What is a Cryptogram on a Credit Card?

Blog Published: 10/25/2022

Originally published by TokenEx here. Written by Anni Burchfiel, TokenEx. Quick Hits: EMV chip cards use cryptograms to secure cardholder data every time a transaction is made.Cryptograms validate transactions by verifying the identity of both the card and the approval from the issuer.Cryptograms...

Cybersecurity Awareness Month Doesn’t Have to Be Scary

Blog Published: 10/24/2022

Originally published by Blue Lava here. Written by Veronica Wolf, Director of Product & Content Marketing, Blue Lava. In the spirit of Cybersecurity Awareness Month, we thought we would de-mystify a few of the tall tales and horrors surrounding cybersecurity. We’ve also gathered up a few reso...

The Quiet Victories and False Promises of Machine Learning in Security

Blog Published: 10/24/2022

Originally published by Dark Reading and Sysdig. Written by Anna Belak, Sysdig. Contrary to what you might have read on the Internet, machine learning (ML) is not magic pixie dust. It’s a broad collection of statistical techniques that allows us to train a computer to estimate an answer to a ques...

Traditional Data Security Tools Fail at 60% Rate

Blog Published: 10/24/2022

Written by Titaniam. Titaniam’s ‘State of Data Exfiltration & Extortion Report’ shows that organizations may be less protected from security threats than they believe. Ransomware is becoming more and more about extortion, and current data loss prevention tactics aren’t measuring up to the cha...

CCSK Success Stories: From a Regional Information Security Officer

Blog Published: 10/23/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

Using the CSA STAR Consensus Assessment Initiative Questionnaire (CAIQ) as a Procurement Tool

Blog Published: 10/22/2022

IntroductionThe CSA STAR Consensus Assessment Initiative Questionnaire (CAIQ) is an industry-wide initiative to standardize security and risk management assessments of cloud computing vendors. The CAIQ was developed to provide a consistent way for cloud service providers (CSPs), customers, and th...

Responding to and Recovering from a Ransomware Attack

Blog Published: 10/22/2022

Thanks to Dr. Jim Angle, Michael Roza, and Vince Campitelli After learning what ransomware is, how to protect your organization against it, and how to detect it, it’s time to learn how to respond and recover if a ransomware attack occurs. In this blog, we’ll explain how to mitigate and contain a ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
68
69
70
72
74
75
76
Last »