Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Why You Need Vulnerability Management for Business-Critical Applications

Blog Published: 01/26/2022

This blog was originally published by Onapsis here. This blog is the fourth of a five-part series on the importance of protecting business-critical applications. In our first three blogs, we share how rapid digital transformation projects, cloud migration, and the rise of cybercrime have left org...

An Optimistic Outlook for 2022: Cloud Security Vulnerabilities are 100% Preventable

Blog Published: 01/25/2022

Written by Josh Stella, CEO and Co-Founder of Fugue Originally published on Fugue’s Blog Predicting that more enterprises will suffer a cloud data breach in 2022 is not exactly going out on a limb. Migrating IT systems and applications out of the data center to cloud computing platforms is a ...

What is Serverless? How Does it Impact Security?

Blog Published: 01/25/2022

Written by the Serverless Working Group What is serverless?Serverless computing is a cloud computing execution model in which the cloud provider is responsible for allocating compute and infrastructure resources needed to serve Application Owners workloads. An Application Owner is no longer requi...

Log4Shell and Zero Trust

Blog Published: 01/24/2022

This blog was originally published by Appgate here. Written by Jason Garbis, Appgate. We’re only a few weeks past the emergence of the Log4Shell vulnerability (with a few ongoing related issues still open) and security teams worldwide have been in a mad scramble to diagnose, validate, update and ...

CAIQ-Lite: The Lighter-weight Security Assessment Option

Blog Published: 01/22/2022

CSA’s Consensus Assessment Initiative Questionnaire (CAIQ) is a downloadable spreadsheet of yes or no questions that correspond to the controls of the Cloud Controls Matrix (CCM), our cybersecurity controls framework for cloud computing. A cloud service provider can use the CAIQ to document what ...

Kubernetes Security Best Practices

Blog Published: 01/21/2022

Written by the CSA Serverless Working Group Kubernetes is an open-source container orchestration engine for automating deployment, scaling, and management of containerized applications. A Kubernetes cluster consists of worker nodes/pods that host applications. The Kubernetes control plane manages...

On the Cyber Horizon

Blog Published: 01/20/2022

This blog was originally published by KPMG on December 16, 2021. Written by David Ferbrache, KPMG. As 2021 draws to a close, we see a world still challenged by COVID-19, necessitating new business models, new channels and a shift (perhaps for the long term) to remote and hybrid working. But one t...

The Elephant Beetle in the Room: Older, Unpatched SAP Vulnerabilities Are Still A Threat

Blog Published: 01/20/2022

This blog was originally published on 1/10/22 by Onapsis. Written by: Onapsis Research Labs and JP Perez-Etchegoyen, CTO, Onapsis. Last week, researchers from Sygnia’s Incident Response team released a report detailing the activities of a threat group they’ve named Elephant Beetle. Compiled f...

Securing DevOps: The ABCs of Security-as-Code

Blog Published: 01/19/2022

Written by Tony Karam, Concourse Labs. Cybersecurity Built for Public Cloud Traditional cybersecurity architectures and models break down when applied to public cloud. Most public cloud breaches stem from misconfiguration of cloud services, not attacks on the underlying cloud infrastructure. Ho...

Registration Opens for Cloud Security Alliance Research Summit

Press Release Published: 01/19/2022

Online event will showcase findings from new and existing research projects, providing key tools and guidance for the cloud-adopting communitySEATTLE – Jan. 19, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best pra...

Log4j: The Evolution of Vulnerabilities to CVE-2021-45046 and What to Expect in 2022

Blog Published: 01/18/2022

This blog was originally published by Alert Logic here. Written by Josh Davies, Alert Logic. Threat Overview The internet has been alive with talk of Log4Shell (CVE-2021-44228), and for good reason. While the bug appears to have been introduced in 2013, only recently have we observed wi...

3 Key Security Threats Facing Retail Today

Blog Published: 01/17/2022

This blog was originally published by BigID here. Written by Kimberly Steele, BigID. The retail space has always been on the front lines of security threats. Most shoppers need only consult their latest inbox notifications to find evidence of a recent breach that exposed their personal or sensiti...

Container Security Best Practices in Microservices

Blog Published: 01/15/2022

The best practices in this blog assume that you have selected a microservices deployment model that leverages containers. For microservices and security to co-exist, a framework and plan for development, governance, and management of microservices must be developed. Here are some key points to ke...

Securing Data Lakes in a Data Centric World

Blog Published: 01/14/2022

Written by Dr. Diane Murphy, Marymount University and Oliver Forbes, NTT DATA Data allows the business of today to optimize performance, investigate fraud and discover solutions to problems that we didn't even know the question to. At the heart of such are the inner workings of expansive data lak...

The CFO and Cloud Adoption: 102

Blog Published: 01/14/2022

In my last post, I discussed the NIST definition of the cloud. Let’s take this to the next level by discussing the different service models offered by cloud service providers (CSPs). Three basic delivery models – SaaS, PaaS and IaaS – are listed below. These are the basic and oft-referenced model...

Focus on People, Process, and Technology to Secure Your Shadow IT

Blog Published: 01/13/2022

Written by David Golding, AppOmni. Anyone in IT is familiar with shadow IT. How many times has an IT manager been surprised by the number of unknown applications that connect to their network? Shadow IT isn’t a new challenge, but the ability to keep track of unsanctioned IT has become more diffic...

What is a Vulnerability?

Blog Published: 01/13/2022

A philosophical but practical exploration of technical vulnerabilitiesLet’s check Merriam-Webster:open to attack or damageThis doesn’t feel complete. What’s missing? Let’s check Wikipedia:In computer security, a vulnerability is a weakness which can be exploited by a threat actor, such as an atta...

Step up Your GDPR Compliance Program

Blog Published: 01/12/2022

This blog was originally published by CAS Assurance here. Overview The General Data Protection Regulation (GDPR) lays down rules relating to the protection of natural persons regarding the processing of personal data and rules relating to the free movement of personal data. The GDPR protects fund...

Transitioning to the Cloud in 2022: Recommended Resources from CSA

Blog Published: 01/11/2022

How can your organization improve how it approaches the cloud? In this blog we put together a list of research created by the Cloud Security Alliance’s working groups and other resources created by our community that will be helpful to you if you are considering transitioning your organization to...

Application Security Best Practices

Blog Published: 01/10/2022

This blog was originally published by Vulcan Cyber here. Written by Tal Morgenstern, Vulcan Cyber. Forget whatever business you think you’re in. As Microsoft CEO Satya Nadella announced in 2019, every company is a software company, creating digital assets like applications and websites. That mean...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
95
96
97
99
101
102
103
Last »