Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Listen Now: 'Real-Talk on Opportunities for Security Teams to Fight AI with AI'

All Articles

Home
All Articles
6 Questions to Ask Along Your Journey to the Cloud

Blog Published: 04/11/2022

Written by Robert Clyde, ShardSecure A few years ago, a question many enterprises wrestled with was whether migrating to the cloud was a worthwhile endeavor. While there are still some server-huggers, enterprises have resoundingly answered ”yes” to that question and moved beyond that basic ques...

How to Prepare for the Changes to the ISO Standards

Blog Published: 04/09/2022

The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores the STAR Program, CSA best practices, research, and associated technologies and tools. This blog is part of a series where we edit key CSA Security Update episodes into shorter Q&As. In...

What NIST SP 800-207 Means for SaaS Security

Blog Published: 04/08/2022

This blog was originally published by DoControl here. Written by Corey O'Connor, DoControl. The National Institute of Standards and Technology (NIST) and Cybersecurity and Infrastructure Security Agency (CISA) in August 2020 published NIST Special Publication 800-207. This special publication fol...

CCSK Success Stories: From a Network and Security Technical Manager

Blog Published: 04/08/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

Leverage Zero Trust to Defend Against Geopolitical Uncertainty

Blog Published: 04/07/2022

This blog was originally published by CXO REvolutionaries on March 24, 2022. Written by Brad Moldenhauer, CISO, Zscaler. As a major shift in the global geopolitical balance, Russia’s invasion of Ukraine has many dimensions, including militaristic, political, legal, cultural, and economic. We sho...

What is a Security Token Offering (STO)?

Blog Published: 04/07/2022

This blog was originally published by TokenEx here. Written by Anni Burchfiel, TokenEx. An STO, also known as a Security Token Offering, is a digital token supported by blockchain technology that represents a stake in an asset. STOs enable digital funding, while still complying with government re...

CVE-2022-23648 – Arbitrary Host File Access from Containers Launched by Containerd CRI and its Impact on Kubernetes

Blog Published: 04/06/2022

This blog was originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO. Recently discovered vulnerability - CVE-2022-23648 - in containerd, a popular container runtime, allows especially containers to gain read-only access to files from the host machine. While gen...

Drawing the RedLine - Insider Threats in Cybersecurity

Blog Published: 04/06/2022

This blog was originally published by LogicHub here. Written by Tessa Mishoe, LogicHub. RedLine Password Theft MalwareThe RedLine password theft malware is a hot topic this month with Microsoft’s employee compromise. Though Microsoft didn’t offer many officially released details on what occurred,...

Covering Your Assets: 5 Most Common Questions About Cyber Asset Management

Blog Published: 04/05/2022

This blog was originally published by JupiterOne here. Written by Jennie Duong, JupiterOne. The cybersecurity forecast for 2022: More of the same—only worse. Yes, the sophistication of cyberattacks is growing by the minute. Unfortunately, so are the rewards for ransomware and stolen data. But a n...

Glenn Gerstell, Former General Counsel of the U.S. National Security Agency, to Address Attendees at Cloud Security Alliance’s SECtember

Press Release Published: 04/05/2022

Digital and cybersecurity industry expert and thought leader Jim Routh and Norma Krayem, preeminent cybersecurity and data privacy expert, will be featured speakersSEATTLE – April 5, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certif...

3 Ways To Secure SAP SuccessFactors And Stay Compliant

Blog Published: 04/04/2022

This blog was originally published by Lookout here. Written by Steve Banda, Senior Manager, Security Solutions, Lookout. The work-from-anywhere economy has opened up the possibility for your human resources team to source the best talent from anywhere. To scale their operations, organizations are...

What is Quantum Computing? Why Should I Be Concerned?

Blog Published: 04/02/2022

Written by the CSA Quantum-Safe Security Working Group What is quantum mechanics? Quantum mechanics/physics is a long-proven physical science that describes actions and properties of very small particles. Everything in the universe works and depends on quantum mechanics. It’s how the world works....

Zero Trust as a Framework for Fighting Back Against Cyberwarfare

Blog Published: 04/01/2022

This blog was originally published by CXO REvolutionaries here. Written by Howard Sherrington, Director of Transformation Strategy, Zscaler. Russia's ongoing and unfortunate invasion of Ukraine has captured headlines for its cyber dimension as well as its physical one. The breadth of cyber operat...

Cloud Threats: What Business Executives Need to Know Right Now

Blog Published: 03/31/2022

This blog was originally published on fugue.co on February 4, 2022. Written by Josh Stella, Fugue. Read the first blog in this series here and the second blog here. The ancient Chinese general Sun Tzu famously wrote: “If you know the enemy and know yourself, you need not fear the result of a h...

The End of AWS Keys in Slack Channels

Blog Published: 03/31/2022

This blog was originally published by DoControl here. Written by Adam Gavish, DoControl. It’s time for security teams to enforce stronger controls over the sharing of AWS keys in Slack.Slack (and Microsoft Teams) revolutionized the way organizations collaborate efficiently, especially in the work...

What Is Compliance as Code? Benefits, Use Cases and Tools

Blog Published: 03/31/2022

This blog was originally published by Contino here. Written by Josh Armitage, Contino. Being compliant in today’s cloud-first world of rapid innovation is a ubiquitous challenge affecting startups and enterprises alike.Enforcing sets of controls, such as acceptable data storage locations and acce...

Handling the Challenge of Model Drift in Data Lakes

Blog Published: 03/30/2022

Written by Dr. Nathan Green, Marymount University and Oliver Forbes, NTT DATA One of the most constant and evolving characteristics of the sharing of information, is data in its readable form and its various models of consumption. Machine learning is an impactful tool of analysis that plays a...

Log4j Vulnerability: Threat Intelligence and Mitigation Strategies to Protect Your SAP Applications

Blog Published: 03/30/2022

This blog was originally published by Onapsis on February 9, 2022. Written by Onapsis Research Labs. On Thursday, December 9, a critical vulnerability (CVE-2021-44228) in Apache log4j, a widely used Java logging library, was made public. Some are calling it “the most serious vulnerability they ...

A Whole New World for PCI DSS

Blog Published: 03/30/2022

This blog was originally published by PKWARE on November 23, 2021. As we know, the new Payment Card Industry Data Security Standard (PCI DSS) 4.0 guidelines are coming out in Q1 of next year, with some predicting a March timeframe for its release based on previous releases. The last time PCI came...

AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service

Blog Published: 03/29/2022

This blog was originally published by Orca Security here. Written by Yanir Tsarimi, Orca Security. AutoWarp is a critical vulnerability in the Azure Automation service that allowed unauthorized access to other Azure customer accounts using the service. This attack could mean full control over res...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
83
84
85
87
89
90
91
Last »