Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Listen Now: 'Real-Talk on Opportunities for Security Teams to Fight AI with AI'

All Articles

Home
All Articles
If a Recession Comes, Cut Cyber Professionals at Your Peril

Blog Published: 08/10/2022

Originally published by CXO REvolutionaries here. Written by David Cagigal, CIO, State of Wisconsin (former).I was working for a utility company in 2008 when a bubble burst in the housing market and caused the economy to collapse. We were all asked to tighten our belts. I knew then that I had to ...

What is a Merchant-Initiated Transaction, and Why is it Considered Low Risk?

Blog Published: 08/09/2022

Originally published by TokenEx here.Written by Anni Burchfiel, Content Marketing Specialist, TokenEx.A merchant-initiated transaction is a payment initiated by the merchant instead of the cardholder. These transactions are initiated on behalf of the customer based on an agreement between the mer...

Cloud Security Alliance Releases Illustrative Type 2 SOC 2® Report That Incorporates Its Cloud Controls Matrix Criteria

Press Release Published: 08/09/2022

Document provides American Institute of Certified Public Accountants-approved guidelines for SOC 2 reportingSEATTLE – August 9, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure clo...

From the Front Lines | 8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts

Blog Published: 08/09/2022

Originally published by SentinelOne here. Written by Tom Hegel, SentinelOne. Over the last month a crimeware group best known as 8220 Gang has expanded their botnet to roughly 30,000 hosts globally through the use of Linux and common cloud application vulnerabilities and poorly secured configu...

Cloud Data Security Requires 20/20 Vision

Blog Published: 08/08/2022

Originally published by Laminar here. Written by Oran Avraham, Laminar. No reasonable business leader would ever dream about leaving their logistics software unmanaged or their sales departments to their own devices. Visibility into every aspect of a business—every crevice, no matter how large or...

Why You Need Application Security Testing for Business-Critical Applications: Part 4

Blog Published: 08/08/2022

Originally published by Onapsis here. This blog series discusses the importance of building secure business-critical applications with application security testing. In the final blog in this series, we discuss how vulnerabilities in custom code and transports can lead to security and compliance i...

Are Ransomware Attackers Ever Caught?

Blog Published: 08/05/2022

Originally published by ShardSecure here. The growing threat of ransomware Ransomware has become a major concern for individuals, small businesses, major corporations, and the public sector alike. With recent high-profile victims ranging from oil and gas pipelines to software companies, public he...

How To Build and Optimize Your Cybersecurity Program

Blog Published: 08/05/2022

Originally published by Axonius here. Written by Ronald Eddings, Axonius. Digital transformation has been a shock to the system for security teams — the attack landscape is ever-evolving, and organizations are constantly using new tech. From a security perspective, it can be hard to keep up.When ...

The Call Is Coming from Inside the House: Novel Exploit in VOIP Appliance

Blog Published: 08/04/2022

Originally published by CrowdStrike here. Written by Patrick Bennett, CrowdStrike. CrowdStrike Services recently performed an investigation that identified a compromised Mitel VOIP appliance as the threat actor’s entry point. The threat actor performed a novel remote code execution exploit on the...

An Overview of TDIR: Threat Detection and Incident Response

Blog Published: 08/04/2022

Originally published by Panther here. Today, countless solutions support threat detection. This is great news, but the market is saturated with different solutions and many different acronyms. One of the more recent acronyms to gain traction is threat detection and incident response (TDIR). This ...

Zero Trust for Cloud-Native Workloads

Blog Published: 08/04/2022

Originally published by TIgera here. Written by Giri Radhakrishnan, Tigera. There has been a huge uptick in microservices adoption in the data analytics domain, primarily aided by machine learning (ML) and artificial intelligence (AI) projects. Some of the reasons why containers are popular among...

Optimize Incident Response Plans with Smarter Security Tabletop Exercises

Blog Published: 08/03/2022

Originally published by CXO REvolutionaries here. Written by Jeff Lund, Global CISO - Global Information Security, Marsh McLennan. Building your Blueprint for Incident ResponseTabletop exercises (TTXs) are a great way to assess an organization’s incident response plan (IRP) for cybersecurity inci...

Cyber Considerations From the Conflict in Ukraine

Blog Published: 08/03/2022

Originally published by KPMG here.After months and weeks of tension, the Russian government’s invasion of Ukraine has elevated concerns for cyber security incidents and the resilience of critical business functions, amongst international organizations. Beyond protecting their employees and suppor...

Okta Customers Exposed to Risk of Password Theft and Impersonation in PassBleed Attacks

Blog Published: 08/02/2022

Originally published by Authomize here. Written by Gabriel Avner, Authomize. Authomize’s Security Research Lab has uncovered a set of inherent risks in the popular Identity Provider Okta that put users at risk of potential compromise and exploitation. According to Authomize’s CTO and Co-founder...

Draft Bill: American Data Privacy and Protection Act

Blog Published: 08/02/2022

Originally published by BigID here. Written by Jaclyn Wishnia, BigID. A draft of a bipartisan federal comprehensive privacy bill was published on Friday, June 3rd. The proposed bill — entitled the “American Data Privacy and Protection Act”— would “provide consumers with foundational privacy right...

Troy Leach, Data Security and Standards Advocate, Joins Cloud Security Alliance as Chief Strategy Officer

Press Release Published: 08/02/2022

Leach will bring his expertise to bear through on external engagements, corporate initiativesSEATTLE – Aug. 2, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing env...

The New Kubernetes Gateway API and Its Use Cases

Blog Published: 08/02/2022

Originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO. Despite being a large open-source and complex project, Kubernetes keeps on evolving at an impressive pace. Being at the center of various platforms and solutions, the biggest challenge for the Kubernetes pr...

When to Engage a FedRAMP Consultant vs. When to Engage a 3PAO

Blog Published: 08/01/2022

Originally published by Schellman here. Written by Andy Rogers, Schellman. “I have a very particular set of skills. Skills I have acquired over a very long career. Skills that make me a very well-equipped advisor/assessor for your FedRAMP boundary.” If you’ve seen the film Taken, you’ll know that...

The State of Remote Work Offboarding Security

Blog Published: 08/01/2022

Written by Marie Prokopets, Co-founder and COO, Nira. As companies switch to remote, distributed, and hybrid workforces, security risks related to offboarding have grown. When employees leave or change roles, organizations must protect their sensitive data from accidental or malicious data ex...

Top Threat #2 to Cloud Computing: Insecure Interfaces and APIs

Blog Published: 07/30/2022

Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
71
72
73
75
77
78
79
Last »