Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
CCSK Success Stories: From the Director of Cyber Security Services

Blog Published: 06/10/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

Implementing Outsourced Cloud Monitoring

Blog Published: 06/09/2022

This blog was originally published by Weaver here. Written by David Friedenberg, Senior Manager, IT Advisory Services, Weaver. If your organization has decided to hire an outsourced cloud monitoring service, it is important to consider how you will ensure that the services are delivered in the ri...

Cloud Security Alliance Offers Governance Best Practices for Protecting Data Throughout Software-as-a-Service (SaaS) Lifecycle

Press Release Published: 06/09/2022

Paper shares fundamental governance practices for SaaS environments that enumerate and consider risks during evaluation, adoption, usage, terminationSEATTLE and RSA Conference (San Francisco) – June 9, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to definin...

Why Every Cybersecurity Leader Should 'Assume Breach'

Blog Published: 06/09/2022

This blog was also published by Varonis here.Written by Yaki Faitelson, Co-Founder and CEO, Varonis.In February, information about the highly successful Conti ransomware group leaked after it declared its full support of the Russian government—vowing to respond to any attack, cyber or otherwise, ...

SEC Cybersecurity Rule Changes: The Straight Path to Now

Blog Published: 06/08/2022

This blog was originally published by Agio on April 4, 2022 here. Written by Kirk Samuels, Executive Director, Cybersecurity, Agio. On February 9th, 2022 the United States Securities and Exchange Commission (SEC) proposed new rules related to cybersecurity risk management and disclosures for regi...

What is the Principle of Least Privilege And Why Do You Need it?

Blog Published: 06/08/2022

Written by Authomize. The Principle of Least Privilege is just as it sounds. It is the principle of having users across an organization being given the lowest level of access that they need in order to perform their required tasks across a cloud environment.Least Privilege: Why It’s Important Imp...

Shining a Light on Shadow Data: What It Is and How to Minimize It

Blog Published: 06/07/2022

This blog was originally published by Polar Security here. Written by Roey Yaacovi, Polar Security. Shadow data can be defined as any data that is not available or subject to an organization’s centralized data management framework. Examples of shadow data include: Customer data that was copied fr...

Cloud Security Alliance’s Top‌ ‌Threats‌ ‌to‌ ‌Cloud‌ ‌Computing:‌ Pandemic 11 Report Finds Traditional Cloud Security Issues Becoming Less Concerning

Press Release Published: 06/07/2022

Study reveals shift in cloud security focus from information security to configuration and authenticationSEATTLE and RSA Conference (San Francisco) – June 7, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practic...

Cloud Data Security - The Cost of Doing Nothing

Blog Published: 06/07/2022

This blog was originally published by Laminar here. Written by Andy Smith, Laminar. The world has changed dramatically over the past couple of years—especially in the areas of business and technology. The COVID pandemic accelerated digital transformation and forced a shift to a remote or hybrid b...

Critical AppSec Capabilities That Accelerate Cloud Transformation

Blog Published: 06/06/2022

Written by Sujatha Yakasiri, CSA Bangalore Chapter and Stan Wisseman, CyberRes Cloud Technology is one of the fastest-growing technologies across the globe these days. Cloud adoption by organizations has increased exponentially especially during the covid-19 outbreak due to remote working culture...

Moving Beyond Best-of-Breed Into a Cloud-First World

Blog Published: 06/06/2022

This blog was originally published by CXO REvolutionaries here. Written by Brett James, Director, Transformation Strategy, Zscaler. Typical IT infrastructure in days gone by consisted of racks upon racks of best-of-breed equipment filling niche applications. Shiny boxes from a variety of vendors ...

Eighty Percent of IT and Security Professionals List Zero Trust as a Priority, According to New Cloud Security Alliance Survey

Press Release Published: 06/06/2022

Exploratory report looks to define guidance in access management, policy enforcement, scaling, and other challenges related to Zero TrustSEATTLE and RSA Conference (San Francisco) – June 6, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards,...

Every App Will Be Vulnerable. Security Needs to Be Automated Inside and Outside the App.

Blog Published: 06/06/2022

This blog was originally published by Valtix here.Written by Vishal Jain, Co-Founder and CTO of Valtix.Recent vulnerabilities and customer conversations have made a few things crystal clear in the last few months:There is no such thing as an invulnerable app, so inline defenses protecting the app...

Cloud Security Terms You Need to Know

Blog Published: 06/04/2022

As more companies are migrating to the cloud, security must remain at the forefront of everyone’s minds. Regardless of your job title, industry, or technical knowledge, the topic of cloud security is necessary. Explore the following terms to stay up-to-date with and gain a baseline knowledge of t...

Attack Vector vs. Attack Surface: What is the Difference?

Blog Published: 06/03/2022

This blog was originally published by BitSight here. Written by Rachel Holmes, BitSight. The terms attack vector and attack surface are often used interchangeably. But there are very clear differences between both terms. Understanding those differences can help your organization maintain ...

How to Perform a Risk Assessment Ahead of a SOC 2: 5 Steps

Blog Published: 06/03/2022

This blog was originally published by Schellman here. Written by Drew Graham, Senior Associate, Schellman. When Alex Honnold scaled El Capitan in Yosemite without any kind of rope, his assessment of the risk was pretty simple.Sure, he saw falling off the face of a mountain as a “high consequence”...

cr8escape: New Vulnerability in CRI-O Container Engine Discovered by CrowdStrike (CVE-2022-0811)

Blog Published: 06/03/2022

This blog was originally published by CrowdStrike on March 15, 2022. Written by John Walker – Manoj Ahuje, CrowdStrike. CrowdStrike cloud security researchers discovered a new vulnerability (dubbed “cr8escape” and tracked as CVE-2022-0811) in the Kubernetes container engine CRI-O.CrowdStrike disc...

How to Reduce Risk and Secure Data With Security Service Edge (SSE)

Blog Published: 06/02/2022

This blog was originally published by Lookout here.Written by Sundaram Lakshmanan, CTO of SASE Products at Lookout.There’s a new acronym in town: SSE, which stands for Security Service Edge. If this looks mighty similar to Secure Access Service Edge (SASE), it’s because they are closely related.W...

Essential Cloud Security & Compliance Tips from CSA

Blog Published: 06/02/2022

This blog was originally published by Pivot Point Security here.Even before the pandemic, the majority of businesses were already moving to the cloud. Now, it seems you can’t do business without it. This means cloud security and compliance are more important than ever.That’s why I’m speaking to o...

Spring4Shell: Another Vulnerability Showcases Need for More Secure Software Development

Blog Published: 06/01/2022

This blog was originally published by BlueVoyant here. In late March, a new remote code execution vulnerability known as Spring4Shell, or sometimes SpringShell, was announced. The vulnerability, tracked as CVE-2022-22965, is in the Spring Framework, a set of prewritten Java code to create sof...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
83
84
85
87
89
90
91
Last »