Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
The 5 Faces of Development Risk

Blog Published: 07/28/2022

Written by Tony Karam, Strategic Marketing Leader, Concourse Labs.Which of these development risks do you recognize?Delivering cloud-native applications, quickly, is an existential requirement for most businesses. Security, Risk Management, and DevSecOps leaders are tasked with ensuring cloud mis...

What Is an Acceptable Risk for Online Payments?

Blog Published: 07/27/2022

This blog was originally published by TokenEx here.Written by Valerie Hare, Content Marketing Specialist, TokenEx.If your business handles online payments, there are risks associated with this. These risks include everything from chargebacks and fraud to data breaches and payment declines. With m...

C-SCRM and the C-Suite: Securing Executive Buy-In for Supply Chain Risk Management

Blog Published: 07/27/2022

This blog was originally published by CXO REvolutionaries here.Written by Brad Moldenhauer, CISO, Americas, ZScaler.Unfortunately, it's not enough for today's IT leaders to concern themselves with the security of their own organizations. Complex and convoluted supply chains have seized their atte...

What is CSA STAR Certification and Why it is Important for ISO/IEC 27001 Certified Organizations?

Blog Published: 07/27/2022

This blog was originally published by MSECB here. What is CSA STAR Certification? Building security and data protection into the DNA of an organization’s management system and operations is very important considering the intensive use of cloud computing by all organizations nowadays. CSA STAR...

Securely Enable Multi-Cloud Architecture for a Future-Ready Workplace

Blog Published: 07/26/2022

This blog was originally published by HCL Technologies here. Written by Magnus Hultman, Sales Director, Cybersecurity & GRC Services, HCL Technologies. The adoption of new technologies has invariably accelerated the digital transformation of businesses and their ways of working. With const...

Will the Cloud Kill Security Agents?

Blog Published: 07/26/2022

This blog was originally published by Sysdig here. Written by Anna Belak, Sysdig. The “agents or no agents” debate is ancient and eternal. Every decade or so, we go through another round of “agents are terrible, let’s end them” and “we need more visibility and control to secure the system, maybe ...

Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun

Blog Published: 07/26/2022

This blog was originally published by CrowdStrike on May 25, 2022. Written by Jamie Harries, CrowdStrike. The security landscape is constantly developing to provide easier ways to establish endpoint visibility across networks through the use of endpoint detection and response (EDR) utilities. How...

Lessons Learned from Scanning Over 10,000 Kubernetes Clusters

Blog Published: 07/25/2022

This blog was originally published by ARMO here. Written by Jonathan Kaftzan, VP Marketing & Business Development, ARMO. With Kubernetes adoption continuing to rise, we've seen multiple studies add to the growing body of research for enterprise K8s deployments this past year. Companies levera...

9 Questions You Should Ask About Your Cloud Security

Blog Published: 07/25/2022

Originally published on Fugue’s blog on May 13, 2022. Written by Josh Stella, Chief Architect, Snyk and Co Founder, Fugue. In order for business leaders and cybersecurity professionals to gain the knowledge they need to thwart the hackers constantly targeting their cloud infrastructure and ap...

Security Tools Need to Get with the API Program

Blog Published: 07/25/2022

This blog was originally published by LogicHub here. Written by Willy Leichter, Chief Marketing Officer, LogicHub. No cloud API is an island The evolution of cloud services has coincided with the development of advanced Application Programming Interfaces (APIs) that allow developers to link clo...

CCSK Success Stories: From the Head of Digital Architecture

Blog Published: 07/23/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

A Technical Primer in Detection Engineering

Blog Published: 07/22/2022

This blog was originally published by Panther here. Written by Mark Stone, Panther. Tools that an organization can use to detect threats are no longer a nice-to-have. Businesses are moving to the cloud, and the threat landscape is evolving and increasing in complexity. Today, threat detection is ...

How to Protect Data in AWS S3

Blog Published: 07/22/2022

This blog was originally published by BigID here. Written by Dimitri Sirota, BigID. S3 object store has become a popular foundation for storing unstructured documents and mixed file types with elastic scale. However, like with any wide and deep data lake, it creates unique data security challenge...

Threat Activity Cluster #5: Pistachio

Blog Published: 07/22/2022

This blog was originally published by Alert Logic here. Written by Josh Davies and Gareth Protheroe, Alert Logic. The ice cream blog series continues by documenting another activity cluster first observed in our dataset in 2019. This threat cluster has been well documented in the security communi...

Cloud Data Protection

Blog Published: 07/21/2022

Written by Luigi Belvivere, Elena Minghelli, and Sara Frati of NTT DATA. IntroductionIn the digital era and its digital transition, business and institutions have clearly understood that a robust cloud security is essential. It is well known that security threats evolve in parallel with the evolu...

A Survey of FedRAMP's New Supply Chain Requirements

Blog Published: 07/21/2022

This blog was originally published by Coalfire here.Written by Adam Smith, Senior Director, Cloud Infrastructure, Coalfire.Supply Chain ManagementOver the past few years, supply chain management has shifted from a background requirement that everyone unknowingly relies upon, to being a commonly t...

The Future of Cloud Security | 2022 and Beyond

Blog Published: 07/21/2022

This blog was originally published by Check Point here.Written by Pete Nicoletti, Field CISO - Americas, Check Point Software.What will the future of cloud security look like? The crystal ball is cloudy when looking beyond a few years from now, but we can anticipate near-term trends! There are th...

How to Maintain Business Continuity in the Age of Ransomware

Blog Published: 07/20/2022

This blog was originally published by Nasuni here. Written by Anne Blanchard, Nasuni. It’s worth making the connection between ransomware and your overall business continuity strategy. Ransomware has been a scourge for years, but the attacks are only growing more sophisticated, capable of hitting...

Cloud Security Alliance Releases Guidance on Third-Party Vendor Risk Management in Healthcare

Press Release Published: 07/20/2022

Document outlines the security challenges facing the use of third-party vendors for Healthcare Delivery Organizations and offers assessment and protection recommendationsSEATTLE – July 20, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, ...

Stop Modern Identity-Based Attacks in Chrome

Blog Published: 07/20/2022

This blog was originally published by CrowdStrike here. Written by Eamonn Ryan, Matthew Puckett, and Liviu Arsene of CrowdStrike. A novel technique that reduces the overhead in extracting sensitive data from Chromium browser’s memory was recently found by researchers from CyberArk Labs Existing a...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
78
79
80
82
84
85
86
Last »