Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Listen Now: 'Real-Talk on Opportunities for Security Teams to Fight AI with AI'

All Articles

Home
All Articles
How to Perform a Risk Assessment Ahead of a SOC 2: 5 Steps

Blog Published: 06/03/2022

This blog was originally published by Schellman here. Written by Drew Graham, Senior Associate, Schellman. When Alex Honnold scaled El Capitan in Yosemite without any kind of rope, his assessment of the risk was pretty simple.Sure, he saw falling off the face of a mountain as a “high consequence”...

cr8escape: New Vulnerability in CRI-O Container Engine Discovered by CrowdStrike (CVE-2022-0811)

Blog Published: 06/03/2022

This blog was originally published by CrowdStrike on March 15, 2022. Written by John Walker – Manoj Ahuje, CrowdStrike. CrowdStrike cloud security researchers discovered a new vulnerability (dubbed “cr8escape” and tracked as CVE-2022-0811) in the Kubernetes container engine CRI-O.CrowdStrike disc...

How to Reduce Risk and Secure Data With Security Service Edge (SSE)

Blog Published: 06/02/2022

This blog was originally published by Lookout here.Written by Sundaram Lakshmanan, CTO of SASE Products at Lookout.There’s a new acronym in town: SSE, which stands for Security Service Edge. If this looks mighty similar to Secure Access Service Edge (SASE), it’s because they are closely related.W...

Essential Cloud Security & Compliance Tips from CSA

Blog Published: 06/02/2022

This blog was originally published by Pivot Point Security here.Even before the pandemic, the majority of businesses were already moving to the cloud. Now, it seems you can’t do business without it. This means cloud security and compliance are more important than ever.That’s why I’m speaking to o...

Spring4Shell: Another Vulnerability Showcases Need for More Secure Software Development

Blog Published: 06/01/2022

This blog was originally published by BlueVoyant here. In late March, a new remote code execution vulnerability known as Spring4Shell, or sometimes SpringShell, was announced. The vulnerability, tracked as CVE-2022-22965, is in the Spring Framework, a set of prewritten Java code to create sof...

Threat Activity Cluster #2: Mint with Sprinkles

Blog Published: 06/01/2022

This blog was originally published by Alert Logic here. Written by Josh Davies and Gareth Protheroe, Alert Logic. Before diving into the Ice Cream activity cluster, be sure to read the series introduction here. In this second blog in our ice cream activity clustering series we look back at the...

It's Time to Put AI to Work in Security

Blog Published: 05/31/2022

This blog was originally published by LogicHub here. Written by Willy Leichter, LogicHub. While we’ve been talking about and imagining artificial intelligence for years, it only has recently started to become mainstream, and accepted for a wide range of applications – from healthcare analytics to...

A Dollar is a Dollar: Communicating Zero Trust to Public Officials

Blog Published: 05/31/2022

This blog was originally published by CXO REvolutionaries here. Written by David Cagigal, former CIO of Wisconsin. Over the last few years, the term zero trust has taken on different meanings depending on the speaker's motives. So when we discuss it today, to any audience, we must take great care...

How to Protect Against Phishing

Blog Published: 05/31/2022

This blog was originally published by Agio here. Phishing is one of the most common cybersecurity schemes, and it happens all over the world every day. Anyone can become a victim of phishing in seconds. Learn how to protect yourself by understanding the signs of a phishing attempt and the steps y...

5 Business Benefits of Serverless

Blog Published: 05/29/2022

This blog was written by CSA’s Serverless Working Group.Serverless computing offers several business benefits over traditional cloud-based or server-centric infrastructure. Consider a cloud-native serverless architecture for your organization if you’re hoping to improve in any of the following ar...

CCSK Success Stories: From a Banking Project Delivery Leader

Blog Published: 05/28/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

For Fun – Aligning or Putting Music to the Varieties of Efforts, Tasks, Work Roles, and Functions in Cybersecurity

Blog Published: 05/27/2022

Produced by: Stan Mierzwa, M.S., CISSP, CCSK, Cloud Security Alliance NJ Chapter President Contributions by: Eliot Perez, Assistant Director Security, Transportation Industry and Cloud Security Alliance NJ Chapter Board Member Todd Edison, Chapter Relations Manager, Cloud Security Alliance ...

DLP Approach for The Cloud is Broken: Here's Why and How to Solve It

Blog Published: 05/27/2022

This blog was originally published by Polar Security here. Written by Nimrod Iny, Polar Security. Data Loss Prevention (DLP) is one of the long-standing and more traditional approaches to securing enterprise data. It can be either network or endpoint-based, each having their own unique benefits a...

Keys to the Kingdom: Single Sign-On (SSO) is Under Attack

Blog Published: 05/27/2022

This blog was originally published by BitSight here. Written by Pedro Umbelino and Oran Moyal, BitSight. Single Sign-On (SSO) software provides users with access to multiple applications or datasets without requiring multiple logins. SSO software simplifies the user experience, helps orga...

What is the new sign in option available on the website?

Blog Published: 05/26/2022

We are excited to let you know that CSA has launched our initial phase of User Accounts on our website, which is providing the community with an immediate benefit of greatly simplifying the process of accessing our research library, and will provide even more benefits in subsequent phases.You may...

How to Integrate Risk-Based Security With Your Cloud-Native Infrastructure

Blog Published: 05/26/2022

This blog was originally published by Vulcan Cyber here.Written by Roy Horev, Vulcan Cyber co-founder.Cloud-native infrastructures take advantage of all cloud computing has to offer: distributed architecture, scalability, flexibility, and the ability to abstract multiple layers of infrastructure—...

WannaCry: Five Years Later

Blog Published: 05/26/2022

This blog was originally published by BlueVoyant here. Ransomware remains a big issue — what have we learned since and lessons for the futureIt may be hard to believe, but five years after WannaCry similar attacks are still happening. In fact, this past January WannaCry was the top most detected ...

Should You Monitor Your Cloud Assets Internally or Outsource the Job?

Blog Published: 05/25/2022

This blog was originally published by Weaver here. Written by David Friedenberg, Senior Manager, IT Advisory Services, Weaver. Most organizations and industries now use cloud service providers, or CSPs, to host systems and services. This may take the form of laaS, PaaS, or Saas (see box), depe...

How Does HTTP Response Smuggling Work

Blog Published: 05/25/2022

This blog was originally published by Onapsis here. Research from the Onapsis Research Labs over the past year in HTTP Response Smuggling led to the discovery of a set of critical vulnerabilities affecting SAP applications actively using the SAP Internet Communication Manager (ICM), referred to a...

Office Space: Cost Savings Hidden in Plain Sight

Blog Published: 05/25/2022

This blog was originally published by CXO REvolutionaries here.Written by Craig Clay, Former Lead Connectivity Architect, Shell. Two recent megatrends have transformed our ideas about shared office space, likely forever. First, remote work has proven more effective than expected for many job role...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
78
79
80
82
84
85
86
Last »