Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog

All Articles

Home
All Articles
3 Key Security Threats Facing Retail Today

Blog Published: 01/17/2022

This blog was originally published by BigID here. Written by Kimberly Steele, BigID. The retail space has always been on the front lines of security threats. Most shoppers need only consult their latest inbox notifications to find evidence of a recent breach that exposed their personal or sens...

Cloud Security Alliance Releases Guidance on Use of Artificial Intelligence (AI) in Healthcare

Press Release Published: 01/06/2022

Document shares the fundamentals and current challenges facing the use of AI in healthcare and offers guidance and predictions for its future useSEATTLE – Jan. 6, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and bes...

How we ended up with #log4shell aka CVE-2021-44228

Blog Published: 01/10/2022

Quick note: from now on I will refer to log4j version 2 as “log4j2” To learn how to deal with the critical vulnerability in log4j2, read the first blog in this series, Dealing with log4shell. To get a breakdown of the timeline of events, refer to the second blog, Keeping up with log4shell. So ...

Transitioning to the Cloud in 2022: Recommended Resources from CSA

Blog Published: 01/11/2022

How can your organization improve how it approaches the cloud? In this blog we put together a list of research created by the Cloud Security Alliance’s working groups and other resources created by our community that will be helpful to you if you are considering transitioning your organization...

Securing Data Lakes in a Data Centric World

Blog Published: 01/14/2022

Written by Dr. Diane Murphy, Marymount University and Oliver Forbes, NTT DATA Data allows the business of today to optimize performance, investigate fraud and discover solutions to problems that we didn't even know the question to. At the heart of such are the inner workings of expansive data ...

Log4j: The Evolution of Vulnerabilities to CVE-2021-45046 and What to Expect in 2022

Blog Published: 01/18/2022

This blog was originally published by Alert Logic here. Written by Josh Davies, Alert Logic. Threat Overview The internet has been alive with talk of Log4Shell (CVE-2021-44228), and for good reason. While the bug appears to have been introduced in 2013, only recently have we observed...

Securing DevOps: The ABCs of Security-as-Code

Blog Published: 01/19/2022

Written by Tony Karam, Concourse Labs. Cybersecurity Built for Public Cloud Traditional cybersecurity architectures and models break down when applied to public cloud. Most public cloud breaches stem from misconfiguration of cloud services, not attacks on the underlying cloud infrastructure....

Container Security Best Practices in Microservices

Blog Published: 01/15/2022

The best practices in this blog assume that you have selected a microservices deployment model that leverages containers. For microservices and security to co-exist, a framework and plan for development, governance, and management of microservices must be developed. Here are some key points to...

On the Cyber Horizon

Blog Published: 01/20/2022

This blog was originally published by KPMG on December 16, 2021. Written by David Ferbrache, KPMG. As 2021 draws to a close, we see a world still challenged by COVID-19, necessitating new business models, new channels and a shift (perhaps for the long term) to remote and hybrid working. But on...

CAIQ-Lite: The Lighter-weight Security Assessment Option

Blog Published: 01/22/2022

CSA’s Consensus Assessment Initiative Questionnaire (CAIQ) is a downloadable spreadsheet of yes or no questions that correspond to the controls of the Cloud Controls Matrix (CCM), our cybersecurity controls framework for cloud computing. A cloud service provider can use the CAIQ to document wh...

The CFO and Cloud Adoption: 102

Blog Published: 01/14/2022

In my last post, I discussed the NIST definition of the cloud. Let’s take this to the next level by discussing the different service models offered by cloud service providers (CSPs). Three basic delivery models – SaaS, PaaS and IaaS – are listed below. These are the basic and oft-referenced mo...

Registration Opens for Cloud Security Alliance Research Summit

Press Release Published: 01/19/2022

Online event will showcase findings from new and existing research projects, providing key tools and guidance for the cloud-adopting communitySEATTLE – Jan. 19, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best ...

The Elephant Beetle in the Room: Older, Unpatched SAP Vulnerabilities Are Still A Threat

Blog Published: 01/20/2022

This blog was originally published on 1/10/22 by Onapsis. Written by: Onapsis Research Labs and JP Perez-Etchegoyen, CTO, Onapsis. Last week, researchers from Sygnia’s Incident Response team released a report detailing the activities of a threat group they’ve named Elephant Beetle. Compile...

Kubernetes Security Best Practices

Blog Published: 01/21/2022

Written by the CSA Serverless Working Group Kubernetes is an open-source container orchestration engine for automating deployment, scaling, and management of containerized applications. A Kubernetes cluster consists of worker nodes/pods that host applications. The Kubernetes control plane mana...

Log4Shell and Zero Trust

Blog Published: 01/24/2022

This blog was originally published by Appgate here. Written by Jason Garbis, Appgate. We’re only a few weeks past the emergence of the Log4Shell vulnerability (with a few ongoing related issues still open) and security teams worldwide have been in a mad scramble to diagnose, validate, update a...

What is Serverless? How Does it Impact Security?

Blog Published: 01/25/2022

Written by the Serverless Working Group What is serverless?Serverless computing is a cloud computing execution model in which the cloud provider is responsible for allocating compute and infrastructure resources needed to serve Application Owners workloads. An Application Owner is no longer re...

An Optimistic Outlook for 2022: Cloud Security Vulnerabilities are 100% Preventable

Blog Published: 01/25/2022

Written by Josh Stella, CEO and Co-Founder of Fugue Originally published on Fugue’s Blog Predicting that more enterprises will suffer a cloud data breach in 2022 is not exactly going out on a limb. Migrating IT systems and applications out of the data center to cloud computing platforms is...

Why You Need Vulnerability Management for Business-Critical Applications

Blog Published: 01/26/2022

This blog was originally published by Onapsis here. This blog is the fourth of a five-part series on the importance of protecting business-critical applications. In our first three blogs, we share how rapid digital transformation projects, cloud migration, and the rise of cybercrime have left ...

Cyber Risks Haunt Energy and Natural Resource Sector

Blog Published: 01/31/2022

This blog was originally published by KPMG here. Written by Ronald Heil, KPMG. Imagine connected sensors that dispatch a repair crew to a fraying pipeline, laser ‘guard rails’ that prevent tanker trucks from backing off piers, and smart systems that prompt the power company to recharge your el...

A Look at the Top Cyber Attacks of 2021

Blog Published: 01/27/2022

This blog was originally published by TokenEx here. Written by Valerie Hare, TokenEx. Across the globe, recent cyberattacks have been occurring at an alarmingly high rate. Specifically, ransomware attacks are a major concern among today’s businesses, governments, schools, and individuals. Rans...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
87
88
89
91
93
94
95
Last »