Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Is Your CSP Capitalizing on the Rise in Federal Cloud Spending?

Blog Published: 07/12/2022

This blog was originally published by A-LIGN here. Written by Tony Bai, Federal Practice Lead, A-LIGN. With federal cloud spending at an all-time high, the government sector has become a lucrative market for technology companies. Analysis from Deltek indicates that federal agencies spent nearly $...

Hatchet & Scalpel

Blog Published: 07/12/2022

This blog was originally published by Nasuni here. Written by Andres Rodriguez, Nasuni. The frightening success of ransomware stems from an evil combination of social and software engineering. The devious minds behind the malware understand people as deeply as they understand technology, which...

An Easy Misconfiguration to Make: Hidden Dangers in the Cloud Control Plane

Blog Published: 07/12/2022

This blog was originally published by Mitiga here. Written by Andrew Johnston, Mitiga. There’s a good reason many developers are excited about the cloud. The advent of managed services has enabled solutions architecture to become an assortment of building blocks—configuration is simple, scaling i...

Shift Left is Only Part of Secure Software Delivery

Blog Published: 07/11/2022

This blog was originally published by Sysdig here. Written by Anna Belak, Sysdig and Effi Goldstein, Snyk. We’re living in the age of accelerated consumption and delivery. You can get a seemingly infinite selection of products delivered to your door within two days, for free, from thousands of mi...

View TPRM Risk Through Four Lenses

Blog Published: 07/11/2022

This blog was originally published by Coalfire here. Written by Jon Knohl, Coalfire. Organizations can more effectively evaluate their risk profile by measuring confidentiality, integrity, and availability as they each relate to the enterprise-wide domains of financial, regulatory, reputational, ...

Why You Need Application Security Testing for Business-Critical Applications: Part 3

Blog Published: 07/08/2022

This blog was originally published by Onapsis here. In this five part blog series, we discuss the importance of building secure business-critical applications with application security testing. In part one, we shared that while speed is the driving force behind application development, on-time ap...

Preparing for Web 3.0

Blog Published: 07/08/2022

This blog was originally published by Schellman here. Written by Scott Perry, Schellman. Ernest Cline’s sci-fi novel, Ready Player One, centers on users’ experience within the OASIS—a highly advanced, fully immersive simulation. In the book, people prefer living in virtual reality rather than the...

Security Operations Center (SOC) for Cloud

Blog Published: 07/08/2022

Written by Prikshit Goel, VP, Cybersecurity & GRC Services, HCL Technologies. Although cloud adoption means improved agility and flexibility for organizations, it has also led to increasing threats and challenges to data security. A Gartner survey revealed that 57% of board directors are prep...

Why Ransomware Attacks Are on the Rise

Blog Published: 07/07/2022

This blog was originally published by ShardSecure on June 27, 2022. Written by Marc Blackmer, VP of Marketing, ShardSecure. What Is Ransomware? Ransomware is a type of malware that prevents users from accessing their systems and files and requires them to pay a ransom to regain access. Most type...

Gatekeepers to Gateopeners

Blog Published: 07/07/2022

This blog was originally published by Laminar here. Written by Amit Shaked, Laminar. The past couple of years have been tragic and challenging as the world responded to COVID-19. One positive side effect of the pandemic however, has been the positive momentum of digital transformation, and the sh...

Zero-day Vulnerability Affecting the Microsoft Windows Support Diagnostic Tool (MSDT)

Blog Published: 07/07/2022

This blog was originally published by CrowdStrike here. Written by Dan Fernandez - Liviu Arsene, Endpoint & Cloud Security.On May 27, 2022, a remote code execution vulnerability was reported affecting the Microsoft Windows Support Diagnostic Tool (MSDT)The vulnerability, which is classified a...

Phishing is on the Rise: What CISOs Should Know

Blog Published: 07/06/2022

This blog was originally published by CXO REvolutionaries here. Written by Heng Mok, CISO APJ, Zscaler. The weakest link in a security architecture is often the people it protects. Although cloud-driven attacks like ransomware-as-a-service (RaaS) dominate headlines, social engineering remains a p...

The SASE Journey: A Head of IT Talks Shop

Blog Published: 07/06/2022

This blog was originally published by Lookout here. Written by Steve Banda, Senior Manager, Security Solutions, Lookout.Organizations that are adopting a permanent hybrid or remote-first work environment can use a Secure Access Services Edge (SASE) platform to implement cybersecurity that is not ...

The Access-Risk Landscape in 2022

Blog Published: 07/06/2022

Written by Marie Prokopets, Co-founder and COO, Nira. Introduction The number of data breaches and cases of unauthorized access to cloud-based documents, what we call — Access-Risk incidents — has skyrocketed over the past few years. In fact, 68% of information security professionals felt th...

Cloud Services Explained

Blog Published: 07/05/2022

NIST defines three service models which describe the different foundational categories of cloud services:Infrastructure as a Service (IaaS) offers access to a resource pool of fundamental computing infrastructure, such as compute, network, or storage. We sometimes call these the “SPI” tiers.Platf...

Threat Activity Cluster #4: Strawberry with Sprinkles

Blog Published: 07/05/2022

This blog was originally published by Alert Logic here. Written by Josh Davies and Gareth Protheroe, Alert Logic. In the next edition of our ice cream activity cluster blog series, we’re shining the spotlight on another historic actor that undertook a significant remodeling of their tactics, ...

CCSK Success Stories: From a CISO and Chief Privacy Officer

Blog Published: 07/01/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

What is the CSA Cloud Controls Matrix and Why Should Everyone on the Cloud Care?

Blog Published: 07/01/2022

This blog was originally published by Pivot Point Security here. If you’re not on the cloud you must be very afraid of heights. With nearly 100% of businesses now using cloud services, how are cloud service providers (CSPs) proving to customers and other stakeholders that they are secure?To talk ...

Five Steps to a Secure Cloud Architecture

Blog Published: 06/30/2022

This blog was originally published by Fugue here. By Josh Stella, Chief Architect, Snyk, Co-Founder, Fugue. Cloud computing cyberattacks don’t play out like the scenes from Hollywood thrillers. No one is slowly lowering Tom Cruise into a preselected target’s secure data center equipped with ult...

Zero Trust Creator John Kindervag Joins Cloud Security Alliance as Security Advisor

Press Release Published: 06/30/2022

Renowned cybersecurity expert brings more than 25 years of experience to Zero Trust Advancement CenterSEATTLE – June 30, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud comp...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
80
81
82
84
86
87
88
Last »