Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Listen Now: 'Real-Talk on Opportunities for Security Teams to Fight AI with AI'

All Articles

Home
All Articles
Improving Security Posture Through the 4-Step Gap Analysis Process

Blog Published: 02/01/2022

Written by Brad Fugitt, Chief Information Security Officer, Pax8 As we move into 2021, managed service providers (MSPs) will increase their focus on security as they work to keep their clients' data safe, protecting them from potential threats and loss. The move to a work from anywhere environmen...

Cyber Risks Haunt Energy and Natural Resource Sector

Blog Published: 01/31/2022

This blog was originally published by KPMG here. Written by Ronald Heil, KPMG. Imagine connected sensors that dispatch a repair crew to a fraying pipeline, laser ‘guard rails’ that prevent tanker trucks from backing off piers, and smart systems that prompt the power company to recharge your elect...

What is DevSecOps and How Does it Create a Holistic Cloud Security Environment?

Blog Published: 01/29/2022

What is DevSecOps?In the past, security needs were only addressed after application deployment or after security vulnerabilities were exploited. Businesses are now requiring a stronger collaboration between the development, security, and operational functions. Different combinations of security t...

Your Enterprise Cloud Risk Management Cheat Sheet

Blog Published: 01/27/2022

Written by Fausto Lendeborg, Secberus Picture this: It’s 2022, and cloud risk is no longer the elusive threat it once was. It is tamed through better understanding, faster mitigation and bold, policy-first strategy. Read on for three starter tips. 01Understanding Comes First. Understanding ...

A Look at the Top Cyber Attacks of 2021

Blog Published: 01/27/2022

This blog was originally published by TokenEx here. Written by Valerie Hare, TokenEx. Across the globe, recent cyberattacks have been occurring at an alarmingly high rate. Specifically, ransomware attacks are a major concern among today’s businesses, governments, schools, and individuals. Ransomw...

Why You Need Vulnerability Management for Business-Critical Applications

Blog Published: 01/26/2022

This blog was originally published by Onapsis here. This blog is the fourth of a five-part series on the importance of protecting business-critical applications. In our first three blogs, we share how rapid digital transformation projects, cloud migration, and the rise of cybercrime have left org...

An Optimistic Outlook for 2022: Cloud Security Vulnerabilities are 100% Preventable

Blog Published: 01/25/2022

Written by Josh Stella, CEO and Co-Founder of Fugue Originally published on Fugue’s Blog Predicting that more enterprises will suffer a cloud data breach in 2022 is not exactly going out on a limb. Migrating IT systems and applications out of the data center to cloud computing platforms is a ...

What is Serverless? How Does it Impact Security?

Blog Published: 01/25/2022

Written by the Serverless Working Group What is serverless?Serverless computing is a cloud computing execution model in which the cloud provider is responsible for allocating compute and infrastructure resources needed to serve Application Owners workloads. An Application Owner is no longer requi...

Log4Shell and Zero Trust

Blog Published: 01/24/2022

This blog was originally published by Appgate here. Written by Jason Garbis, Appgate. We’re only a few weeks past the emergence of the Log4Shell vulnerability (with a few ongoing related issues still open) and security teams worldwide have been in a mad scramble to diagnose, validate, update and ...

CAIQ-Lite: The Lighter-weight Security Assessment Option

Blog Published: 01/22/2022

CSA’s Consensus Assessment Initiative Questionnaire (CAIQ) is a downloadable spreadsheet of yes or no questions that correspond to the controls of the Cloud Controls Matrix (CCM), our cybersecurity controls framework for cloud computing. A cloud service provider can use the CAIQ to document what ...

Kubernetes Security Best Practices

Blog Published: 01/21/2022

Written by the CSA Serverless Working Group Kubernetes is an open-source container orchestration engine for automating deployment, scaling, and management of containerized applications. A Kubernetes cluster consists of worker nodes/pods that host applications. The Kubernetes control plane manages...

On the Cyber Horizon

Blog Published: 01/20/2022

This blog was originally published by KPMG on December 16, 2021. Written by David Ferbrache, KPMG. As 2021 draws to a close, we see a world still challenged by COVID-19, necessitating new business models, new channels and a shift (perhaps for the long term) to remote and hybrid working. But one t...

The Elephant Beetle in the Room: Older, Unpatched SAP Vulnerabilities Are Still A Threat

Blog Published: 01/20/2022

This blog was originally published on 1/10/22 by Onapsis. Written by: Onapsis Research Labs and JP Perez-Etchegoyen, CTO, Onapsis. Last week, researchers from Sygnia’s Incident Response team released a report detailing the activities of a threat group they’ve named Elephant Beetle. Compiled f...

Securing DevOps: The ABCs of Security-as-Code

Blog Published: 01/19/2022

Written by Tony Karam, Concourse Labs. Cybersecurity Built for Public Cloud Traditional cybersecurity architectures and models break down when applied to public cloud. Most public cloud breaches stem from misconfiguration of cloud services, not attacks on the underlying cloud infrastructure. Ho...

Registration Opens for Cloud Security Alliance Research Summit

Press Release Published: 01/19/2022

Online event will showcase findings from new and existing research projects, providing key tools and guidance for the cloud-adopting communitySEATTLE – Jan. 19, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best pra...

Log4j: The Evolution of Vulnerabilities to CVE-2021-45046 and What to Expect in 2022

Blog Published: 01/18/2022

This blog was originally published by Alert Logic here. Written by Josh Davies, Alert Logic. Threat Overview The internet has been alive with talk of Log4Shell (CVE-2021-44228), and for good reason. While the bug appears to have been introduced in 2013, only recently have we observed wi...

3 Key Security Threats Facing Retail Today

Blog Published: 01/17/2022

This blog was originally published by BigID here. Written by Kimberly Steele, BigID. The retail space has always been on the front lines of security threats. Most shoppers need only consult their latest inbox notifications to find evidence of a recent breach that exposed their personal or sensiti...

Container Security Best Practices in Microservices

Blog Published: 01/15/2022

The best practices in this blog assume that you have selected a microservices deployment model that leverages containers. For microservices and security to co-exist, a framework and plan for development, governance, and management of microservices must be developed. Here are some key points to ke...

Securing Data Lakes in a Data Centric World

Blog Published: 01/14/2022

Written by Dr. Diane Murphy, Marymount University and Oliver Forbes, NTT DATA Data allows the business of today to optimize performance, investigate fraud and discover solutions to problems that we didn't even know the question to. At the heart of such are the inner workings of expansive data lak...

The CFO and Cloud Adoption: 102

Blog Published: 01/14/2022

In my last post, I discussed the NIST definition of the cloud. Let’s take this to the next level by discussing the different service models offered by cloud service providers (CSPs). Three basic delivery models – SaaS, PaaS and IaaS – are listed below. These are the basic and oft-referenced model...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
89
90
91
93
95
96
97
Last »