Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
CAIQ v4 Released - Changes from v3.1 to v4
Published: 06/07/2021
Author: Daniele Catteddu

Since the publication of CCM v4 in January 2021, CSA has initiated a process to upgrade CAIQ, the questionnaire associated with CCM. In this blog we will explain changes made to version 4 of the CAIQ, and what you can expect when using it to submit to the STAR registry. CCM V4 represents a major ...

CCM v4 FAQ - Transition Timeline
Published: 02/04/2021

This blog was updated on 5/19/21 with the latest information regarding the release timeline for CCM v4 components and transition timeline for the STAR Registry.On January 21st CSA released version 4 of the Cloud Controls Matrix (CCM). The new version ensures coverage of requirements deriving fro...

​Vendor Management Software Evaluation: How to Get Executive Buy-In
Published: 10/23/2020

Written by WhisticFor most InfoSec teams, the benefits of a vendor risk management platform are well defined. From making it easier to mitigate third-party risk to ensuring your internal team and external vendors are on the same page, vendor management software is a must-have in today’s open-sour...

The Right Questions to Ask Your Vendors in Times of Large-Scale Remote Working
Published: 03/26/2020

By Elad Shapira, Head of Security, PanoraysIn the wake of coronavirus, companies are now applying immediate work-from-home policies. This sudden and massive change poses a set of new cybersecurity risks and is forcing security teams to take immediate action.One of these cybersecurity risks emanat...

Continuous Auditing and Continuous Certification
Published: 03/20/2020

By Alain Pannetrat, Senior Researcher at Cloud Security Alliance and Founder of Omzlo.comFor some cloud customers in sensitive or highly-regulated industries, such as banking or healthcare, “traditional” annual or bi-annual audits do not provide enough assurance to move to the cloud. To address t...

It's all about the Data! - Preventative Security
Published: 10/08/2019

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceI have always said I am a "data guy." Decisions made with data eliminate all bias, opinions, and ad hoc decisions that cause potential costly moves.In my most recent podcast interview with Phillip Merrick, CEO of Fugue, he di...

CAIQ V3 Updates
Published: 09/17/2019

Cloud Security Alliance (CSA) would like to present the next version of the Consensus Assessments Initiative Questionnaire (CAIQ) v3.1.The CAIQ offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It pr...

Browse by Topic
Write for the CSA blog
Submit your blog proposal