Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
IBM Cost of a Data Breach 2022 – Highlights for Cloud Security Professionals
Published: 12/02/2022

Originally published by Ermetic. Security professionals are constantly inundated with warnings about the potentially colossal impact of security threats and risks to their organization. But what is colossal in real currency? By understanding how much the cost of a data breach can impact one's org...

How to Get CMMC Certified
Published: 11/29/2022

Originally published by Schellman. Written by Todd Connor, Senior Associate, Schellman.For those of you considering CMMC, this new certification affecting contractors in the Defense Industrial Base (DIB) defines three levels—your level of certification will depend on the types of DoD informatio...

4 Important Compliance Management Tasks for Startups
Published: 11/28/2022

Originally published by A-LIGN. The ongoing increase in cyberattacks has emphasized the importance of cybersecurity and compliance management, especially for startups still gaining market share. As startups work to win new customers, they may have to overcome a prospect’s fears that as an organiz...

Removing the Fog from Cloud Compliance
Published: 11/22/2022

Originally published by Axonius. Written by Shlomit Alon, Axonius. “When I was told our company needs to ensure we’re cloud compliant, I was scratching my head, unsure where to begin.”Does that quote sound familiar? A risk analyst at a company wasn’t sure where to reduce risks in the foreboding ...

The New ISO/IEC 27001:2022 Standard’s Impact on the CSA STAR Certification
Published: 11/18/2022

Written by Ashwin Chaudhary, CEO, Accedere. Introduction The most awaited third edition of ISO/IEC 27001:2022 was published on 25th October 2022, after the publication of ISO 27002:2022 in February 2022. If you are planning on transitioning to the newly updated standard, then your major focus s...

Uber Cybersecurity Incident: Which Logs Do IR Teams Need to Focus On?
Published: 11/15/2022

Originally published by Mitiga. Written by Or Aspir, Mitiga. On September the 16th, Uber announced they experienced a major breach in their organization in which malicious actor was able to log in and take over multiple services and internal tools used at Uber.In this incident, the attacker annou...

Is 3D Secure 2.0 Required in the US?
Published: 11/09/2022

Originally published by TokenEx. Written by Anni Burchfiel, TokenEx. Quick Hits: 3D Secure is a security protocol that requires an extra layer of authentication for online payments.3D Secure connects the three parties involved in a transaction (the card issuer, the acquirer, and the payment syste...

ISO 27018 vs. ISO 27701
Published: 11/08/2022

Originally published by Schellman. Written by Danny Manimbo, Schellman. Famed baseball player and possessor of a great name, Yogi Berra, once said, “When you come to a fork in the road, take it.” Granted, he was likely being funny, but he obviously never had to pay for an ISO certification. When ...

What is FedRAMP? Complete Guide to FedRAMP Authorization and Certification
Published: 11/07/2022

Originally published by A-LIGN. Written by Tony Bai, Federal Practice Lead, A-LIGN. With the rise in cybersecurity attacks comes wariness from customers — no one wants to work with an organization that has an increased risk of falling victim to an attack. And when it comes to the Federal governme...

FedRAMP vs. ISO 27001
Published: 10/28/2022

Originally published by Schellman here. Ever seen those jugglers that manage to balance multiple spinning plates at the same time? As impressive as it is, you figure you’d be happy to spin just the one plate successfully. For cloud service providers (CSPs), you have lots of different proverbial...

What is SOC 2? Complete Guide to SOC 2 Reports and Compliance
Published: 10/27/2022

Originally published by A-LIGN here. Written by Stephanie Oyler, Vice President of Attestation Services, A-LIGN. In today’s security landscape, it’s crucial you assure your customer and partners that you are protecting their valuable data. SOC compliance is the most popular form of a cybersecurit...

How Cybersecurity Insurance Can Work To Help An Organization
Published: 10/25/2022

Originally published by Thales here. Written by Anthony Dagostino, CEO and Co-Founder, Converge. For many years, organizations had limited options for addressing data protection risks. A company could never eliminate risk, but they could try to reduce or mitigate it. In the last 20+ years, cybers...

Using the CSA STAR Consensus Assessment Initiative Questionnaire (CAIQ) as a Procurement Tool
Published: 10/22/2022
Author: John DiMaria

IntroductionThe CSA STAR Consensus Assessment Initiative Questionnaire (CAIQ) is an industry-wide initiative to standardize security and risk management assessments of cloud computing vendors. The CAIQ was developed to provide a consistent way for cloud service providers (CSPs), customers, and th...

Higher Ed Campuses Have Digitized: Protecting Sensitive Data Requires a Unified Approach
Published: 10/21/2022

Originally published by Lookout here. Written by Tony D'Angelo, Vice President, Public Sector, Lookout. Higher education institutions have long been subjected to ransomware and other cyber attacks, which has had a huge impact on their operations. In 2020 alone, ransomware attacks affected nearly ...

Transform Your Cybersecurity Landscape with Governance-Driven Cloud Security
Published: 10/19/2022

Written by Sanjay Karandikar, Global Practice Head, Identity & Access Management, Cybersecurity & GRC Services, HCLTech. Cloud adoption cannot wait. Gartner analysts say that from 30% in 2021, over 95% of new digital workloads will be hosted on cloud-native platforms by 2025. It reaps significant...

Misconfigurations 101: The Three V’s of SaaS App Configurations Weaknesses
Published: 10/14/2022

Originally published by Adaptive Shield here. The ease with which SaaS apps can be deployed and adopted is remarkable, but it has quickly become a double-edged sword. On one hand, the availability of SaaS tools enables employees to work from anywhere. For IT and security teams however, the adopti...

Can You “Fail” a SOC 2 Examination?
Published: 10/13/2022

Originally published by A-LIGN here. Written by Alex Welsh, Manager, ISO Practice, A-LIGN. Although you can’t “fail” your SOC 2 report, it can result in report opinions to be noted as “modified” or “qualified”. Learn what this means for your organization.Is your organization planning for a SOC 2 ...

Determining Your Level of CMMC Compliance: The Importance of CUI
Published: 10/03/2022

Originally published by Schellman here. Written by Todd Connor, Schellman. Did you know? The Council of Economic Advisors estimates that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. And unfortunately, in the years since, cybercrime has only become w...

How Much is Your Sensitive Data Costing You? Here’s What CFOs Need to Know.
Published: 09/30/2022

Originally published by TokenEx here.Written by Anni Burchfiel, Content Marketing Specialist, TokenEx.For many, sensitive data management seems like an inconsequential topic when compared to other business considerations. How can businesses prioritize sensitive data security when a factor like “r...

One Pane (of Glass) Makes Many Clouds Work
Published: 09/29/2022

Originally published by Entrust here. Written by Tushar Tambay of Entrust and Mark LaRoche of VMware. Cloud computing is a well established part of almost every organization’s IT infrastructure, but the proliferation of these cloud platforms, as well as increased focus on cloud platforms by hacke...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.