Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
MITRE ATT&CK® Mitigations: Thwarting Cloud Threats With Preventative Policies and Controls
Published: 03/28/2023

Originally published by Rapid7. Written by James Alaniz. As IT infrastructure has become more and more sophisticated, so too have the techniques and tactics used by bad actors to gain access to your environment and sensitive information. That’s why it's essential to implement robust security meas...

What Does the M-21-31 Requirement Mean for Federal Agencies?
Published: 03/28/2023

Originally published by Axonius. Written by Tom Kennedy. The cybersecurity memorandum M-21-31, from the Office of Management and Budget, provides guidance on how to stop this type of leapfrogging before it can begin. M-21-31 focuses on visibility and incident response, and establishes a four-...

What is FIPS 140 and What Does it Mean to Be “FIPS Compliant”?
Published: 03/23/2023

Originally published by Titaniam. FIPS was developed by the Computer Security Division of the National Institute of Standards and Technology (NIST). It established a data security and computer system standard that businesses must follow in accordance with the Federal Information Security Manageme...

How CAASM Can Help with the New NYDFS Requirements
Published: 03/16/2023

Originally published by Axonius. Written by Katie Teitler. In 2017, The New York Department of Financial Services (NYDFS) enacted its Cybersecurity Regulation designed to help the financial services entities under its purview improve their cyber defenses. The initial regulation outlined tacti...

How to Prepare for ISO/IEC 27001:2022
Published: 03/15/2023

Originally published by Schellman.When it comes to ISO/IEC 27002:2022 recently, it felt a bit like a game of Red Light, Green Light—you know, the childhood game where everyone runs to the finish line upon Green Light being called, but you had to stop on a dime when you heard “Red Light!” and awai...

What the FedRAMP Authorization Act Means for Organizations
Published: 03/10/2023

Originally published by A-LIGN. Written by Tony Bai, Federal Practice Lead, A-LIGN. Since its creation in 2011, the Federal Risk and Authorization Management Program (FedRAMP) has provided a standardized government-wide approach to assessing the security of cloud computing services. However, due ...

NIST Releases New Framework for Organizations Associated with AI Technologies
Published: 03/07/2023

Originally published by BARR Advisory. Written by Kyle Cohlmia. On January 26, 2023, the National Institute of Standards and Technology (NIST) released the Artificial Intelligence Risk Management Framework (AI RMF 1.0). According to NIST, the framework was developed in collaboration with private ...

Modernizing Assurance for Cloud and Beyond
Published: 02/28/2023
Author: Jim Reavis

Since we launched in 2009, organizations around the world have looked to the Cloud Security Alliance to see what we might be able to offer to assist them in addressing assurance issues with the cloud services they were beginning to use. Fast forward to 2023, this has grown into a critical aspect ...

Key Facts and Benefits of ISO 27018
Published: 02/27/2023

Originally published by Schellman & Co. Written by Jordan Hicks. "Even when clouds grow thick, the sun still pours its light earthward." The poet Mark Nepo wasn’t speaking about cloud security when he wrote that, but it makes for a lyrical way to consider the landscape. As a cloud provider, you l...

Zero Trust Security: The Guide to Zero Trust Strategies
Published: 02/27/2023

Originally published by Titaniam. Companies today face more and more security risks. Ransomware is on the rise, and cybercriminals are beginning to breach critical infrastructure with new techniques. In an effort to reduce the frequency and severity of these attacks, the United States government ...

5 Ways Compliance Technology Improves Audit Processes
Published: 02/24/2023

Originally published by A-LIGN. Compliance is alluring to clients, as they are often drawn to organizations that show a dedication to established security frameworks. However, the process of becoming (and remaining) compliant can be time-consuming and expensive. With limited resources restricting...

10 SaaS Governance Best Practices to Protect Your Data
Published: 02/17/2023

Written by the SaaS Governance Working Group. In the context of cloud security, the focus is almost always on securing Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) environments. This is despite the reality that while organizations tend to consume 2-3 IaaS providers, they ar...

Four Questions to Ask About Your Cloud Security Posture
Published: 02/15/2023

Originally published by Lookout. Written by David Richardson, Vice President, Product, Lookout. For most organizations, the decision to adopt cloud technologies is a simple one. Cloud apps streamline operations and costs while enabling users to access resources from anywhere and on any device...

What is the Timeline for the FedRAMP Process?
Published: 02/15/2023

Originally published by Schellman. Written by Andy Rogers, Schellman. Ever watched Jeopardy? Even if you haven’t, you’re likely familiar with the iconic theme music that plays every time contestants deliberate over their answers—it’s such an iconic tune that it’s become synonymous with waiting fo...

Empowering Individuals and Organizations to ‘Respect Privacy’
Published: 02/14/2023

Originally published by BARR Advisory on January 23, 2023. Written by Kyle Cohlmia, BARR Advisory. This week is Data Privacy Week, an annual campaign hosted by the National Cybersecurity Alliance. The theme of this year’s Data Privacy Week is “respect privacy,” with the goal to help individuals a...

Access Control Review: Addressing Challenges and Ensuring Compliance in Cloud Service Consumers
Published: 02/10/2023

Written by members of the CSA IAM Working Group and the Zero Trust Working Group's Identity Subgroup. An access control review is a process of evaluating and analyzing an organization's access control system to ensure that it is functioning properly and effectively. Access control systems are des...

What’s the Difference Between ISO 27001:2013 and ISO 27001:2022?
Published: 02/10/2023

Originally published by A-LIGN. Written by Adam Lubbert, A-LIGN. At the end of October 2022, the International Organization for Standardization (ISO) published a new version of ISO/IEC 27001:2022. ISO 27001 is the world’s leading information security standard, providing control requirements to cr...

Maximizing the Benefits of Your SOC 2 Audit
Published: 02/08/2023

Originally published by CAS Assurance. What is the purpose of SOC 2 audit? System and Organization Controls (SOC 2) audit focuses on the controls at a Service Organization relevant to the Security, Availability, Processing Integrity, Confidentiality, and Privacy of both the system and information...

Ensuring SaaS Security in ISO Compliance
Published: 02/07/2023

Originally published by Adaptive Shield. The International Organization for Standardization (ISO) sets standards across various industries. As an internationally recognized standards organization, its two information technology security standards - ISO 27000:2018 and ISO 27001:2013 - can be used ...

A Checklist for CSA’s Cloud Controls Matrix v4
Published: 02/01/2023

Originally published by NCC Group. Written by Nandor Csonka, Director of Cloud Security, NCC Group. The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) is an internationally recognized framework that helps cloud service providers (CSPs) and cloud service customers (CSCs) manage risk. Wh...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.