Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Six Pillars of DevSecOps Series
Published: 09/09/2021

Last updated: September 9, 2021While DevOps practices can help improve the management and operations of information security processes in an organization, the execution of these practices has to be secured. Security vulnerabilities can be inadvertently created due to lack of consideration of all ...

The Microservices Architecture Pattern: Expanding Security Assurance Ideas in Containers and Microservices
Published: 09/02/2021

After 137 rolling discussions on Circle and growing a library of input material to 42 unique documents, 2 co-chairs and 343 Application Containers and Microservices (ACM) working group members spanning 5 continents created a third installment further expanding the ideas of CSA security assurance ...

What is CAIQ?
Published: 09/01/2021

CCM, STAR, CCSK, CCAK – the Cloud Security Alliance is rolling in acronyms that you might not be familiar with yet. In this post, we’re going to get you up to speed on one of our most useful tools for cloud security transparency: the CAIQ.A Questionnaire for Transparency and AssuranceCAIQ is an a...

CSA CxO Trust Initiative: Understanding the Priorities of the C-Suite
Published: 08/25/2021

CSA’s CxO Trust Initiative is a broad-based, forward-looking initiative to elevate the knowledge of cloud computing and cybersecurity. Its core mission is to help Chief Information Security Officers (CISOs) better understand the priorities of their peers within the C-Suite and effectively communi...

Five Recommendations for Securing Cloud Containers
Published: 08/19/2021

Written by the members of the Security Guidance Working Group. This blog came from Domain 8 of the CSA Security Guidance for Cloud Computing v4.Understanding the impacts of virtualization on security is fundamental to properly architecting and implementing cloud security. In this blog, we will be...

Secure Containers and Microservices Series
Published: 08/18/2021

Last updated: September 1, 2021CSA Application Containers and Microservices Working Group’s Secure Containers and Microservices SeriesApplication containers and a microservices architecture, as defined in NIST SP 800-180, are being used to design, develop and deploy applications leveraging agile ...

CCM Testimonial: The Advantages and Future of the Cloud Controls Matrix
Published: 08/12/2021

The Cloud Controls Matrix (CCM) is composed of 197 control objectives that cover all key aspects of cloud technology. It can be used as a tool for the systematic assessment of cloud implementation and provides guidance on which security controls should be implemented by which actor within the clo...

Three Network Weaknesses that Zero Trust Addresses
Published: 08/04/2021

Zero Trust is a network security concept that aims to protect enterprise assets. Under Zero Trust, organizations should not automatically trust anything inside or outside traditional perimeters. Before granting access to assets, organizations should require the verification of anything and everyt...

Secure Distributed Ledger Technology Framework for Financial Institutes
Published: 08/03/2021

Last updated: August 3, 2021Distributed ledger technologies (DLT) introduce a multitude of value propositions for the financial services industry. The pace of innovation is aggressively picking up in use cases pertaining to finance such as digital assets, tokenization and cryptocurrency. However,...

The Use of Blockchain in Healthcare: A Collaboration Between Two CSA Working Groups
Published: 08/02/2021

The unique attributes of healthcare data make it a prime target for nefarious actors. Predictably, healthcare information is tightly regulated by privacy and security laws in the United States, the European Union and international rules governing cloud data storage. The data’s high value, coupled...

Got Vulnerability? Cloud Security Alliance Wants to Identify It
Published: 07/15/2021
Author: Jim Reavis

I wanted to take some time to tell you about a new CSA working group in formation that I am taking a personal interest in. I am sure you have all heard the expression, “when you have a hammer, all problems look like nails.” This is very relatable to our industry as we have to be careful that we d...

Cloud Network Virtualization: Benefits of SDN over VLAN
Published: 06/25/2021

Written by the members of the Security Guidance Working GroupAll clouds utilize some form of virtual networking to abstract the physical network and create a network resource pool. Typically the cloud user provisions desired networking resources from this pool, which can then be configured within...

Critical Controls for Oracle E-Business Suite
Published: 06/11/2021

Written by Mike Miller, OnapsisOver the past months, cyber threat activity has increased to unprecedented levels, with threat actors expanding their capabilities to target critical infrastructure and mission-critical applications. From hacktivists to cyber-criminals and state-sponsored, these act...

The STAR Certification Journey
Published: 06/08/2021

The CSA STAR Program is a powerful tool for security assurance in the cloud. It encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings. The CSA Securit...

CAIQ v4 Released - Changes from v3.1 to v4
Published: 06/07/2021
Author: Daniele Catteddu

This blog was updated on 8/16/21 with the news that organizations can now submit CAIQ v4 to the STAR Registry.Since the publication of CCM v4 in January 2021, CSA has initiated a process to upgrade CAIQ, the questionnaire associated with CCM. In this blog we will explain changes made to version 4...

CCM v4 FAQ - Transition Timeline
Published: 02/04/2021

This blog was updated on 8/16/21 with the latest information regarding the release timeline for CCM v4 components and transition timeline for the STAR Registry.On January 21st CSA released version 4 of the Cloud Controls Matrix (CCM). The new version ensures coverage of requirements deriving fro...

The CSA Cloud Controls Matrix (CCM) V4: Raising the cloud security bar to the next level
Published: 01/21/2021

Written by: Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance and Lefteris Skoutaris, CCM Program Manager, Cloud Security AllianceOver the course of the last decade since its first appearance in 2010, the Cloud Controls Matrix (CCM) has become a reference for any organization se...

What is the Cloud Controls Matrix (CCM)?
Published: 10/16/2020

By Eleftherios Skoutaris, Program Manager for CCM Working Group at Cloud Security AllianceWhat is the Cloud Controls Matrix?The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing. It is a spreadsheet that lists 16 domains covering all key aspects of cloud tec...

CCM Addendum for Associated Banks of Singapore
Published: 09/16/2020

Written by: Co-chair - Arun VIVEK, Head of Cloud & Container Security – Cyber Security Services, Standard Chartered BankCSA CCM & Association of Banks in Singapore Cloud Computing Implementation Guide 2.0 Controls This week CSA released a Cloud Controls Matrix (CCM) addendum and Gap Analy...

What is a Cloud Service Provider?
Published: 04/30/2020

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceDefining what is a Cloud Service Provider is not as easy as one might think, especially if you are an enterprise organization wondering if your vendors are servicing you from the cloud or not. A cloud service provider, or CSP...

Browse by Topic
Write for the CSA blog
Submit your blog proposal