Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
How to Prepare for Your C5 Examination: 5 Tips

Blog Published: 07/19/2022

This blog was originally published by Schellman here. It was once remarked that “there are no rules of architecture for a castle in the clouds.”Well, those of us in cloud services and compliance know that’s not the case at all. With the growing appeal of the cloud in the digital landscape, regula...

Adapting the Cloud Service Model to Today's Needs

Blog Published: 07/19/2022

This blog was originally published by CXO REvolutionaries here. Written by Brett James, Director, Transformation Strategy, Zscaler. You may have come across the diagram below, or a version of it if you’ve done any research into cloud services (and not from under a rock). Figure 1: Cloud Serv...

Conversation on Compliance: Q3 Insights

Blog Published: 07/18/2022

This blog was originally published by IntelAgree here. Written by Lee Rone, General Counsel, IntelAgree. Regulatory compliance, particularly in the data privacy realm, is a delicate balancing act for general counsel. Not only does it require juggling international, domestic, and industry-specific...

Secure SAP Application Development at the Speed of Digital Transformation

Blog Published: 07/18/2022

This blog was originally published by Onapsis here. Written by Curtis Parker, Onapsis. Business-critical applications like SAP help run enterprises, supporting financial systems, human capital management, supply chains, supplier relationships, and more. Considering 94% of the world’s 500 largest ...

What Is Interoperability and Why Is It Important?

Blog Published: 07/18/2022

This blog was originally published by TokenEx here. Written by Valerie Hare, TokenEx. In today’s digital society, businesses and customers depend on having seamless access to all data types, from payments to healthcare. While physical data still has its place, electronic data has become the go-to...

IAM Stakeholders and Adoption Challenges

Blog Published: 07/17/2022

This is Part 5 of our ‘What is IAM’ blog series. Make sure to check out the rest of the series: Part 1: What is IAM Part 2: The Definition of IAM and Its Criticality to Good Security Hygiene Part 3: The Components of IAM Part 4: The Evolution of IAM Written by Paul Mezzera, Ravi Erukull...

The Evolution of IAM

Blog Published: 07/17/2022

This is Part 4 of our ‘What is IAM’ blog series. Make sure to check out the beginning of the series: Part 1: What is IAM Part 2: The Definition of IAM and Its Criticality to Good Security Hygiene Part 3: The Components of IAM Written by Paul Mezzera, Ravi Erukulla, and Ramesh Gupta of the CSA IAM...

The Components of IAM

Blog Published: 07/17/2022

This is Part 3 of our ‘What is IAM’ blog series. Read Part 1 here and Part 2 here. Written by Paul Mezzera, Ravi Erukulla, and Ramesh Gupta of the CSA IAM Working Group. As alluded to previously, IAM is a set of tools that implement a number of use cases. If broken down into access management and...

The Definition of IAM and Its Criticality to Good Security Hygiene

Blog Published: 07/17/2022

This is Part 2 of our ‘What is IAM’ blog series. Read Part 1 here. Written by Paul Mezzera, Ravi Erukulla, and Ramesh Gupta of the CSA IAM Working Group. What exactly is identity and access management (IAM)? It is the overall discipline that encompasses not only tools and technologies, but proces...

What is IAM: Identity in the Digital and Cloud Era

Blog Published: 07/17/2022

This is Part 1 of our ‘What is IAM’ blog series. Written by Paul Mezzera, Ravi Erukulla, and Ramesh Gupta of the CSA IAM Working Group. Identity and access management (IAM) is not a new concept, yet it is becoming much more essential in today's digital-first world. The modern workforce demands a ...

Financial Services Turn to Confidential Computing for Key Use Cases

Blog Published: 07/15/2022

This blog was originally published by Anjuna here. Why do highly regulated industries need the protection of Confidential Computing to secure personal data, MPC, and other applications?The very mention of today’s cloud-related financial risks raises goose-bumps: intensified money laundering campa...

An Introduction to Cloud Security for Infosec Professionals

Blog Published: 07/15/2022

Originally published on Fugue’s website. Written by Richard Park, Chief Product officer, Fugue / Senior Director Product Management, Snyk. As someone who has spent a long time in network and endpoint security then moved to cloud security, I can sympathize with people with security backgrounds...

Web Protocol - Uses Finite State Machine

Blog Published: 07/15/2022

Written by Gregory Machler, Cybersecurity Engineer, Daikin Applied. In an attempt to improve the cybersecurity of the communications between a browser and web server, I’ve been mulling over session protocols. In prior thoughts last year, I commented on the use of TLS 1.3 to encrypt traffic betwee...

How To Secure S3 Buckets Effectively

Blog Published: 07/14/2022

This blog was originally published by Panther here. Written by Kartikey Pandey, Panther. Six supercharged tips to reduce S3 bucket-related threats and ensure ‘water-tight’ cloud securityWhen it comes to AWS security, S3 buckets are undeniably the most vulnerable aspect of it all. Misconfigured S3...

How the Cloud Security Alliance Addresses Privacy

Blog Published: 07/14/2022

This blog was originally published by Pivot Point Security here. These days cloud service providers (CSPs) don’t just need to prove to customers and other stakeholders that they are secure—they also need to demonstrate that they have a strong privacy program. But how can CSPs make a convincing at...

Naming Adversaries and Why It Matters to Your Security Team

Blog Published: 07/14/2022

This blog was originally published by CrowdStrike here. Written by Bart Lenaerts-Bergmans, CrowdStrike. What is it with these funny adversary names such as FANCY BEAR, WIZARD SPIDER and DEADEYE JACKAL? You read about them in the media and see them referenced by MITRE in the ATT&CK framework. ...

Overview of Critical Controls for Oracle Cloud Applications

Blog Published: 07/13/2022

CSA’s Enterprise Resource Planning (ERP) Working Group is pleased to release the latest in a series of security guidance for deploying ERP systems in the cloud. This latest whitepaper focuses on Oracle Cloud Applications. Oracle Cloud Application clients share with Oracle Corporation the respo...

How to Secure Kubernetes Ingress?

Blog Published: 07/13/2022

This blog was originally published by ARMO here. Written by Ben Hirschberg, VP R&D & Co-founder, ARMO. Ingress aims to simplify the way you create access to your Kubernetes services by leveraging traffic routing rules that are defined during the creation of the Ingress resource. This ulti...

New Cloud Security Alliance Survey Finds 67% of Organizations Already Store Sensitive Data in Public Cloud Environments

Press Release Published: 07/13/2022

Confidential Computing in use by 27% of respondents, and 55% have plans to deploy it to lock down data and workloadsSEATTLE – July 13, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a se...

With Multi-Device Fido Credentials, You Can Now Go All-in on Passwordless

Blog Published: 07/13/2022

This blog was originally published by CXO REvolutionaries here. Written by Maneesh Sahu, Senior Director, OT and IIoT Product Management, Zscaler. In a previous post, The Passwordless future has arrived, here are your options, I enumerated some options for app developers and end-users to use inst...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
79
80
81
83
85
86
87
Last »