Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
How SOC 2 Is Changing the Face of Compliance in the Caribbean: Part Two

Blog Published: 04/28/2022

Written by Cloud Carib As Caribbean cloud providers grow and expand into new markets, it has become vital that such organizations meet rigorous, standardized requirements. In part one of our series, we established why standardized compliance standards like SOC 2 (Service Organization Control 2) a...

MFA Is Only As Effective As We Want It To Be

Blog Published: 04/28/2022

Written by Authomize Good cybersecurity is all about getting the basics right. Sure, AI and other advanced technologies help us to cyber better, faster, stronger, etc. But the really important work is all about actually using the most basic of tools to fend off the vast majority of attacks. One o...

Doing Business in Brazil? Get to Know the General Personal Data Protection Law (LGPD)

Blog Published: 04/27/2022

Written by VGS. Did you know that Brazil is bigger than the 48 contiguous United States? The US is only bigger than Brazil if you add Alaska! São Paulo, with over 21 million residents, is more populous than New York. And Brazil’s 210 million citizens enjoy a thriving economy: Brazil’s Gross Domes...

5 Benefits of Detection-as-Code

Blog Published: 04/27/2022

This blog was originally published by Panther here. Written by Kartikey Pandey, Panther. How modern teams can automate security analysis at scale in the era of everything-as-code.TL;DR: Adopt a modern, test-driven methodology for securing your organization with Detection-as-Code.Over the past dec...

As You Move to the Cloud, Make Sure Your PKI Goes with You

Blog Published: 04/26/2022

This blog was originally published by Entrust here. Written by Samantha Mabey, Product Marketing Management Director, Certificate Solutions at Entrust. I’m sure most of us have heard the buzz around “multi-cloud” or “hybrid cloud.” But what exactly does it mean? And more importantly, what does it...

Cloud Security Alliance Updates Internet of Things (IoT) Controls Matrix with New Incident Management Domain and Enhanced Technical Clarity and Referencing

Press Release Published: 04/26/2022

Expanded Matrix aimed at enterprise IoT systems that incorporate multiple types of connected devices, cloud services, and networking technologiesSEATTLE – April 26, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best...

How SOC 2 Is Changing the Face of Compliance in the Caribbean: Part One

Blog Published: 04/26/2022

Written by Cloud Carib For small island developing nations across the Caribbean and Latin American region, 2020 will, among other things, be remembered as a major catalyst for the acceleration of digital transformation. The onset of the global pandemic exposed major cracks in the infrastructure m...

The Challenge of Protecting Business-Critical Data and Applications

Blog Published: 04/25/2022

This blog was originally published by Onapsis here. Global market intelligence firm IDC conducted a market survey in Germany in September 2021 to explore the challenges enterprises are currently facing in the development and running of security landscapes, as well as the plans they are pursuing t...

Higher Ed Gets an 'F' for Ransomware Protection: How the Industry Must Evolve

Blog Published: 04/25/2022

This blog was originally published by CXO REvolutionaries here.Written by Bryan Green, Chief Information Security Officer, Zscaler. Colleges and universities are amongst the slowest populations to modernize security controls, resulting in a high price tag – ransomware and breaches.It’s human natu...

Women in Cybersecurity: Interviews with CSA’s Staff

Blog Published: 04/24/2022

.In cybersecurity, and the tech industry in general, men significantly outnumber women. However, more women are joining the field every day, helping to pave the way for others and proving that it benefits us all to hire a diverse workforce. Below, we’ve compiled four interviews with some of the w...

Cloud Security Best Practices from the Cloud Security Alliance

Blog Published: 04/23/2022

Cloud is becoming the backend for all forms of computing and is the foundation for the information security industry. It’s a model for enabling convenient and on-demand network access to a shared pool of computing resources that can be rapidly provisioned and released with minimal management effo...

DevSecOps Best Practices for Vulnerability Management in the Cloud

Blog Published: 04/22/2022

This blog was originally published by Vulcan Cyber here. Written by Natalie Kriheli, Vulcan Cyber. With DevSecOps best practices, teams can remain on top of their security controls while taking full advantage of everything the cloud has to offer. A growing trend in the cloud ecosystem, DevSecOps ...

Four Ways to Use the Cloud Security Maturity Model

Blog Published: 04/22/2022

This blog was originally published by Secberus here. Written by Fausto Lendeborg, Secberus.With a name like, Cloud Security Maturity Model, you may be one of the CISOs who think: Sounds like a lot of work.Where does my organization sit?How do we advance?Why should I care?And if any of those quest...

Threat Modelling: What It Is and Why It Matters

Blog Published: 04/21/2022

This blog was originally published by Contino here. Written by Marcus Maxwell, Contino. Identifying the security threats that your systems face is one step towards mitigating potential vulnerabilities as part of a wider risk management strategy. But on its own, awareness of threats is not enough ...

A Look Inside a Benchmark Model In InfoSec: CIA Triad

Blog Published: 04/21/2022

This blog was originally published by SafeBase here. We are constantly hearing tips and tricks on how to protect our data - get a VPN, back everything up on a cloud, change your passwords, etc.. And in the business world, there are tons of policies in place and certifications that can be acquired...

Security Performance Reporting

Blog Published: 04/20/2022

Command guidance for CISO-to-stakeholder communications Written by John Hellickson, Field CISO, Coalfire There is tremendous urgency for security professionals to do a better job at communicating security program performance to enterprise stakeholders and boards of directors. For the Coalfire ...

Cloud Security Alliance Paper Offers Executive Management Guidance on Factors to Consider When Implementing Serverless Architectures

Press Release Published: 04/20/2022

Report reviews risks, security concerns that accompany serverless architecture and offers industry-wide security best practices for adoptionSEATTLE – April 20, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best prac...

Weathering Russian Winter: The Current State of Russian APTs

Blog Published: 04/20/2022

This blog was originally published by LogicHub on April 8, 2022. Written by Tessa Mishoe, Senior Threat Analyst, LogicHub. Russian Advanced Persistent Threats (APTs)It’s no secret that Russian Advanced Persistent Threats (APTs) are a significant burden on cybersecurity teams. For years, organizat...

Crypto Caper: How Cybercriminals Steal Crypto from Blockchain Networks

Blog Published: 04/19/2022

This blog was originally published by TokenEx here. Written by Valerie Hare, TokenEx. In 2009, the first established cryptocurrency was born – Bitcoin. If you aren't familiar with cryptocurrency, it's an online currency with ledgers secured by encryption. Since those early years, digital currency...

What the Businesses at Work Report Means for Your SaaS Security Program

Blog Published: 04/18/2022

This blog was originally published on February 22, 2022 by DoControl. Written by Corey O'Connor, DoControl. Earlier this month, Identity and access management platform leader Okta published their 8th annual “Businesses at Work” report. The report pulls data from their more than 14,000 global cust...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
87
88
89
91
93
94
95
Last »