Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Threat Activity Cluster #2: Mint with Sprinkles

Blog Published: 06/01/2022

This blog was originally published by Alert Logic here. Written by Josh Davies and Gareth Protheroe, Alert Logic. Before diving into the Ice Cream activity cluster, be sure to read the series introduction here. In this second blog in our ice cream activity clustering series we look back at the...

It's Time to Put AI to Work in Security

Blog Published: 05/31/2022

This blog was originally published by LogicHub here. Written by Willy Leichter, LogicHub. While we’ve been talking about and imagining artificial intelligence for years, it only has recently started to become mainstream, and accepted for a wide range of applications – from healthcare analytics to...

A Dollar is a Dollar: Communicating Zero Trust to Public Officials

Blog Published: 05/31/2022

This blog was originally published by CXO REvolutionaries here. Written by David Cagigal, former CIO of Wisconsin. Over the last few years, the term zero trust has taken on different meanings depending on the speaker's motives. So when we discuss it today, to any audience, we must take great care...

How to Protect Against Phishing

Blog Published: 05/31/2022

This blog was originally published by Agio here. Phishing is one of the most common cybersecurity schemes, and it happens all over the world every day. Anyone can become a victim of phishing in seconds. Learn how to protect yourself by understanding the signs of a phishing attempt and the steps y...

5 Business Benefits of Serverless

Blog Published: 05/29/2022

This blog was written by CSA’s Serverless Working Group.Serverless computing offers several business benefits over traditional cloud-based or server-centric infrastructure. Consider a cloud-native serverless architecture for your organization if you’re hoping to improve in any of the following ar...

CCSK Success Stories: From a Banking Project Delivery Leader

Blog Published: 05/28/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

For Fun – Aligning or Putting Music to the Varieties of Efforts, Tasks, Work Roles, and Functions in Cybersecurity

Blog Published: 05/27/2022

Produced by: Stan Mierzwa, M.S., CISSP, CCSK, Cloud Security Alliance NJ Chapter President Contributions by: Eliot Perez, Assistant Director Security, Transportation Industry and Cloud Security Alliance NJ Chapter Board Member Todd Edison, Chapter Relations Manager, Cloud Security Alliance ...

DLP Approach for The Cloud is Broken: Here's Why and How to Solve It

Blog Published: 05/27/2022

This blog was originally published by Polar Security here. Written by Nimrod Iny, Polar Security. Data Loss Prevention (DLP) is one of the long-standing and more traditional approaches to securing enterprise data. It can be either network or endpoint-based, each having their own unique benefits a...

Keys to the Kingdom: Single Sign-On (SSO) is Under Attack

Blog Published: 05/27/2022

This blog was originally published by BitSight here. Written by Pedro Umbelino and Oran Moyal, BitSight. Single Sign-On (SSO) software provides users with access to multiple applications or datasets without requiring multiple logins. SSO software simplifies the user experience, helps orga...

What is the new sign in option available on the website?

Blog Published: 05/26/2022

We are excited to let you know that CSA has launched our initial phase of User Accounts on our website, which is providing the community with an immediate benefit of greatly simplifying the process of accessing our research library, and will provide even more benefits in subsequent phases.You may...

How to Integrate Risk-Based Security With Your Cloud-Native Infrastructure

Blog Published: 05/26/2022

This blog was originally published by Vulcan Cyber here.Written by Roy Horev, Vulcan Cyber co-founder.Cloud-native infrastructures take advantage of all cloud computing has to offer: distributed architecture, scalability, flexibility, and the ability to abstract multiple layers of infrastructure—...

WannaCry: Five Years Later

Blog Published: 05/26/2022

This blog was originally published by BlueVoyant here. Ransomware remains a big issue — what have we learned since and lessons for the futureIt may be hard to believe, but five years after WannaCry similar attacks are still happening. In fact, this past January WannaCry was the top most detected ...

Should You Monitor Your Cloud Assets Internally or Outsource the Job?

Blog Published: 05/25/2022

This blog was originally published by Weaver here. Written by David Friedenberg, Senior Manager, IT Advisory Services, Weaver. Most organizations and industries now use cloud service providers, or CSPs, to host systems and services. This may take the form of laaS, PaaS, or Saas (see box), depe...

How Does HTTP Response Smuggling Work

Blog Published: 05/25/2022

This blog was originally published by Onapsis here. Research from the Onapsis Research Labs over the past year in HTTP Response Smuggling led to the discovery of a set of critical vulnerabilities affecting SAP applications actively using the SAP Internet Communication Manager (ICM), referred to a...

Office Space: Cost Savings Hidden in Plain Sight

Blog Published: 05/25/2022

This blog was originally published by CXO REvolutionaries here.Written by Craig Clay, Former Lead Connectivity Architect, Shell. Two recent megatrends have transformed our ideas about shared office space, likely forever. First, remote work has proven more effective than expected for many job role...

PCI DSS Version 4.0: Managing Your Scope for “Significant Change”

Blog Published: 05/24/2022

This blog was originally published by PKWARE here. Written by Marc Punzirudu, Field CTO, PKWARE. After a few delays, PCI DSS version 4.0 was finally announced publicly on March 31, 2022. While entities may still use PCI DSS v3.2.1 until its retirement date on March 31, 2024, there are some notabl...

Bad Luck: BlackCat Ransomware Bulletin

Blog Published: 05/24/2022

This blog was originally published by LogicHub here.Blackcat RansomwareOn April 19th of 2022, the FBI Cyber Division released a flash bulletin regarding the Blackcat ransomware-for-hire. This was met with mixed reactions - some found the ransomware to be of little concern, others made a case for ...

What Is Payment Orchestration?

Blog Published: 05/24/2022

This blog was originally published by TokenEx here.Written by Valerie Hare, Content Marketing Specialist at TokenEx.The Payment Orchestration for Global Commerce indicates that the global market for payment orchestration platforms (POPs) is expected to grow by 20 percent each year from 2021 to 20...

Secure Software Supply Chain: Why Every Link Matters

Blog Published: 05/23/2022

This blog was originally published by Sysdig here. Written by Álvaro Iradier, Sysdig. The new threats in software development are not only related to the specific company itself. The whole software supply chain is a target for attackers and it is really important to make sure that we put all our ...

Getting Started with Kubernetes Ingress

Blog Published: 05/23/2022

This blog was originally published by ARMO here. Written by Ben Hirschberg, VP R&D & Co-founder, ARMO. Kubernetes Ingress is one of today’s most important Kubernetes resources. First introduced in 2015, it achieved GA status in 2020. Its goal is to simplify and secure the routing mechanis...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
84
85
86
88
90
91
92
Last »