Circle
Events
Blog

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Step up Your GDPR Compliance Program
Published: 01/12/2022

This blog was originally published by CAS Assurance here. Overview The General Data Protection Regulation (GDPR) lays down rules relating to the protection of natural persons regarding the processing of personal data and rules relating to the free movement of personal data. The GDPR protects fund...

How to Use Kubernetes Audit Logs to Identify Potential Security Issues
Published: 12/21/2021

This blog was originally published by ARMO here. Written by Amir Kaushansky, ARMO. Audit logging involves recording transactions and system events, making it an invaluable tool for regulatory compliance, digital forensics, and information security. In a typical Kubernetes ecosystem, auditing invo...

Compliance: Cybersecurity Assurance OR How to Gain the Trust of Your Business Partners
Published: 12/09/2021

By Mustapha Berrabaa – CTO at Fortica Information security is a concern for all organizations, including those that outsource key business operations to third-party vendors (examples: SaaS, cloud service providers).  Poorly managed data can expose companies to attacks such as data theft, exto...

Improving Customer Account Management with Security Transparency
Published: 11/26/2021

This blog was originally published by SafeBase here. Written by Kevin Qiu, SafeBase. According to the Identity Theft Research Center, data breaches increased year-over-year once again in 2021, with the number exceeding 2020's breaches by October. Supply chain security in particular is now top-of-...

STAR Testimonial: Implementation and Beyond
Published: 11/20/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores...

A Practical Guide to the Different Compliance Kubernetes Security Frameworks and How They Fit Together
Published: 11/18/2021

This blog was originally published by ARMO here. Written by Jonathan Kaftzan, ARMO. TL;DR - Comparing popular Kubernetes security and compliance frameworks, how they differ, when to use, common goals, and suggested toolsThe challenge of administering security and maintaining compliance in a Kuber...

Data Security and Privacy-related ISO/IEC Certifications
Published: 11/17/2021

Written by Ashwin Chaudhary, CEO of Accedere. In this blog, we will focus on Data Security and Privacy-related ISO/IEC Certifications. With the cybercrime market targeting 10.5 Trillion USD and increasing data security breaches, the need for third-party vendor certifications is also increasin...

Measuring up to CMMC Compliance with AppSec
Published: 11/01/2021

This blog was originally published by Checkmarx here. Written by Rebecca Spiegel, Checkmarx. Any organization with aspirations to do business with the U.S. Department of Defense will rapidly familiarize itself with the recently introduced Cybersecurity Maturity Model Certification (CMMC)....

STAR Testimonial: The First Cloud-Specific Attestation Program
Published: 10/30/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. This is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC2 engagement...

Cloud Compliance Frameworks: What You Need to Know
Published: 10/21/2021

This blog was originally published by Hyperproof here. Cloud storage and SaaS solutions bring unprecedented speed, agility, and flexibility to a business. However, trusting third-party vendors with sensitive data comes with numerous inherent risks, such as: Insecure access points can increase t...

Lessons from Our Journey to Obtain Our SOC 2 Report and ISO Certifications
Published: 10/13/2021

This blog was originally published by Grammarly here.Written by Andrew Derevyanko, Director of Engineering, GrammarlyIn June 2021, Grammarly achieved a new security and compliance milestone. We received our SOC 2 (Type 2) and SOC 3 reports as well as three certifications from the International Or...

Why You Should Publish Your Security Posture Publicly
Published: 10/12/2021

Written by Whistic Over the past decade or so, the way InfoSec teams manage data security and privacy standards has changed dramatically. From managing on-premises hardware security access to the online-driven security efforts of a decade ago, things have become more and more flexible. Today, clo...

Understanding Compliance
Published: 09/28/2021

This blog was originally published by CyberCrypt here.Tip: Don’t treat compliance merely as a checklist. Use the process as an audit of your security controls. Put security first: Build security around your threat model and then confirm that you are compliant.As regulators demand stricter securit...

The Adoption of Multi-Cloud Drives the Need for Better Data Protection and Management of Encryption Keys and Policy Controls
Published: 09/17/2021

This blog was originally published by Entrust here.Written by Jim DeLorenzo, Entrust.Enterprise adoption of multiple cloud platforms continues in earnest, whether it’s aimed at improving collaboration, reducing datacenter footprint, increasing customer response times or any number of other busine...

STAR Testimonial: CSA STAR + SOC2 - From Readiness to Attestation
Published: 08/20/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. This is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC2 engageme...

CCM Testimonial: The Advantages and Future of the Cloud Controls Matrix
Published: 08/12/2021

The Cloud Controls Matrix (CCM) is composed of 197 control objectives that cover all key aspects of cloud technology. It can be used as a tool for the systematic assessment of cloud implementation and provides guidance on which security controls should be implemented by which actor within the clo...

How is CSA STAR Different From ISO 27001 and SOC 2?
Published: 08/02/2021

The STAR Registry lists cloud solution providers and security providers that have earned a cloud compliance certification from CSA or submitted a cloud security self-assessment questionnaire. While STAR Level 1 is a basic Yes/No or N/A question set to self-declare your compliance with the Cloud C...

Scaling GRC Programs: 5 Ways Security Leaders Enable the Business
Published: 07/19/2021

This blog was originally published by OneTrust GRC here.The compliance landscape is in constant flux between external factors changing and businesses working toward scaling GRC programs. Managing compliance is difficult for organizations operating across multiple geographies with multiple sets of...

Cloud Security: 5 Lessons I Learned the Hard Way
Published: 07/09/2021

This blog was originally published by OpsCompass hereWritten by John Grange, OpsCompassIt’s 2021, and it’s clear that cloud is a global IT trend relevant to every company, regardless of size or industry. The main cloud infrastructure providers (AWS, Azure, and GCP), as well as their local alterna...

​CCSK Success Stories: From a Cloud Trust Associate
Published: 06/17/2021

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.