Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog

All Articles

Home
All Articles
When Ransomware and Your Data Move to the Cloud, How to Strengthen Protection

Blog Published: 03/29/2022

Written by ShardSecure Ransomware has been a serious threat for quite some time. But over the last two years it has captured the lion’s share of attention from enterprises, government agencies, and law enforcement as it now presents an increased globalized threat. A February 9, 2022, alert fr...

AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service

Blog Published: 03/29/2022

This blog was originally published by Orca Security here. Written by Yanir Tsarimi, Orca Security. AutoWarp is a critical vulnerability in the Azure Automation service that allowed unauthorized access to other Azure customer accounts using the service. This attack could mean full control over ...

A Whole New World for PCI DSS

Blog Published: 03/30/2022

This blog was originally published by PKWARE on November 23, 2021. As we know, the new Payment Card Industry Data Security Standard (PCI DSS) 4.0 guidelines are coming out in Q1 of next year, with some predicting a March timeframe for its release based on previous releases. The last time PCI c...

Log4j Vulnerability: Threat Intelligence and Mitigation Strategies to Protect Your SAP Applications

Blog Published: 03/30/2022

This blog was originally published by Onapsis on February 9, 2022. Written by Onapsis Research Labs. On Thursday, December 9, a critical vulnerability (CVE-2021-44228) in Apache log4j, a widely used Java logging library, was made public. Some are calling it “the most serious vulnerability th...

What Is Compliance as Code? Benefits, Use Cases and Tools

Blog Published: 03/31/2022

This blog was originally published by Contino here. Written by Josh Armitage, Contino. Being compliant in today’s cloud-first world of rapid innovation is a ubiquitous challenge affecting startups and enterprises alike.Enforcing sets of controls, such as acceptable data storage locations and a...

The End of AWS Keys in Slack Channels

Blog Published: 03/31/2022

This blog was originally published by DoControl here. Written by Adam Gavish, DoControl. It’s time for security teams to enforce stronger controls over the sharing of AWS keys in Slack.Slack (and Microsoft Teams) revolutionized the way organizations collaborate efficiently, especially in the w...

Anchore to Contribute Grype Open Source Vulnerability Data to the Global Security Database

Press Release Published: 03/29/2022

Contribution of Grype vulnerability data will advance software vulnerability intelligence and empower users of the Global Security Database to create secure softwareSEATTLE - March 29, 2022 - Today the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standa...

Cloud Threats: What Business Executives Need to Know Right Now

Blog Published: 03/31/2022

This blog was originally published on fugue.co on February 4, 2022. Written by Josh Stella, Fugue. Read the first blog in this series here and the second blog here. The ancient Chinese general Sun Tzu famously wrote: “If you know the enemy and know yourself, you need not fear the result of ...

Zero Trust as a Framework for Fighting Back Against Cyberwarfare

Blog Published: 04/01/2022

This blog was originally published by CXO REvolutionaries here. Written by Howard Sherrington, Director of Transformation Strategy, Zscaler. Russia's ongoing and unfortunate invasion of Ukraine has captured headlines for its cyber dimension as well as its physical one. The breadth of cyber ope...

3 Ways To Secure SAP SuccessFactors And Stay Compliant

Blog Published: 04/04/2022

This blog was originally published by Lookout here. Written by Steve Banda, Senior Manager, Security Solutions, Lookout. The work-from-anywhere economy has opened up the possibility for your human resources team to source the best talent from anywhere. To scale their operations, organizations ...

Handling the Challenge of Model Drift in Data Lakes

Blog Published: 03/30/2022

Written by Dr. Nathan Green, Marymount University and Oliver Forbes, NTT DATA One of the most constant and evolving characteristics of the sharing of information, is data in its readable form and its various models of consumption. Machine learning is an impactful tool of analysis that play...

What is Quantum Computing? Why Should I Be Concerned?

Blog Published: 04/02/2022

Written by the CSA Quantum-Safe Security Working Group What is quantum mechanics? Quantum mechanics/physics is a long-proven physical science that describes actions and properties of very small particles. Everything in the universe works and depends on quantum mechanics. It’s how the world wor...

Covering Your Assets: 5 Most Common Questions About Cyber Asset Management

Blog Published: 04/05/2022

This blog was originally published by JupiterOne here. Written by Jennie Duong, JupiterOne. The cybersecurity forecast for 2022: More of the same—only worse. Yes, the sophistication of cyberattacks is growing by the minute. Unfortunately, so are the rewards for ransomware and stolen data. But ...

Drawing the RedLine - Insider Threats in Cybersecurity

Blog Published: 04/06/2022

This blog was originally published by LogicHub here. Written by Tessa Mishoe, LogicHub. RedLine Password Theft MalwareThe RedLine password theft malware is a hot topic this month with Microsoft’s employee compromise. Though Microsoft didn’t offer many officially released details on what occurr...

CVE-2022-23648 – Arbitrary Host File Access from Containers Launched by Containerd CRI and its Impact on Kubernetes

Blog Published: 04/06/2022

This blog was originally published by ARMO here. Written by Leonid Sandler, CTO & Co-founder, ARMO. Recently discovered vulnerability - CVE-2022-23648 - in containerd, a popular container runtime, allows especially containers to gain read-only access to files from the host machine. While ...

What is a Security Token Offering (STO)?

Blog Published: 04/07/2022

This blog was originally published by TokenEx here. Written by Anni Burchfiel, TokenEx. An STO, also known as a Security Token Offering, is a digital token supported by blockchain technology that represents a stake in an asset. STOs enable digital funding, while still complying with government...

Leverage Zero Trust to Defend Against Geopolitical Uncertainty

Blog Published: 04/07/2022

This blog was originally published by CXO REvolutionaries on March 24, 2022. Written by Brad Moldenhauer, CISO, Zscaler. As a major shift in the global geopolitical balance, Russia’s invasion of Ukraine has many dimensions, including militaristic, political, legal, cultural, and economic. We ...

CCSK Success Stories: From a Network and Security Technical Manager

Blog Published: 04/08/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverag...

Glenn Gerstell, Former General Counsel of the U.S. National Security Agency, to Address Attendees at Cloud Security Alliance’s SECtember

Press Release Published: 04/05/2022

Digital and cybersecurity industry expert and thought leader Jim Routh and Norma Krayem, preeminent cybersecurity and data privacy expert, will be featured speakersSEATTLE – April 5, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, cer...

What NIST SP 800-207 Means for SaaS Security

Blog Published: 04/08/2022

This blog was originally published by DoControl here. Written by Corey O'Connor, DoControl. The National Institute of Standards and Technology (NIST) and Cybersecurity and Infrastructure Security Agency (CISA) in August 2020 published NIST Special Publication 800-207. This special publication ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
93
94
95
97
99
100
101
Last »