Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Why You Should Publish Your Security Posture Publicly
Published: 10/12/2021

Written by Whistic Over the past decade or so, the way InfoSec teams manage data security and privacy standards has changed dramatically. From managing on-premises hardware security access to the online-driven security efforts of a decade ago, things have become more and more flexible. Today, clo...

What The Goonies Teaches Us About Vendor Security
Published: 09/30/2021

Written by Nick Sorensen, CEO of Whistic Why companies and their vendors should take a collaborative approach to cyber threats One of the biggest learnings I took from the recent SolarWinds and Microsoft Exchange hacks is breaches aren’t going away. They’re likely to get bigger as usage of appli...

What is CAIQ?
Published: 09/01/2021
Author: Megan Theimer

CCM, STAR, CCSK, CCAK – the Cloud Security Alliance is rolling in acronyms that you might not be familiar with yet. In this post, we’re going to get you up to speed on one of our most useful tools for cloud security transparency: the CAIQ.A Questionnaire for Transparency and AssuranceCAIQ is an a...

CAIQ v4 Released - Changes from v3.1 to v4
Published: 06/07/2021
Author: Daniele Catteddu

This blog was updated on 8/16/21 with the news that organizations can now submit CAIQ v4 to the STAR Registry.Since the publication of CCM v4 in January 2021, CSA has initiated a process to upgrade CAIQ, the questionnaire associated with CCM. In this blog we will explain changes made to version 4...

CCM v4 FAQ - Transition Timeline
Published: 02/04/2021

This blog was updated on 12/17/21 with the latest information regarding the release of CCM v4 components.On January 21st CSA released version 4 of the Cloud Controls Matrix (CCM). The new version ensures coverage of requirements deriving from new cloud technologies, new controls and enhanced int...

​Vendor Management Software Evaluation: How to Get Executive Buy-In
Published: 10/23/2020

Written by WhisticFor most InfoSec teams, the benefits of a vendor risk management platform are well defined. From making it easier to mitigate third-party risk to ensuring your internal team and external vendors are on the same page, vendor management software is a must-have in today’s open-sour...

The Right Questions to Ask Your Vendors in Times of Large-Scale Remote Working
Published: 03/26/2020

By Elad Shapira, Head of Security, PanoraysIn the wake of coronavirus, companies are now applying immediate work-from-home policies. This sudden and massive change poses a set of new cybersecurity risks and is forcing security teams to take immediate action.One of these cybersecurity risks emanat...

Continuous Auditing and Continuous Certification
Published: 03/20/2020

By Alain Pannetrat, Senior Researcher at Cloud Security Alliance and Founder of Omzlo.comFor some cloud customers in sensitive or highly-regulated industries, such as banking or healthcare, “traditional” annual or bi-annual audits do not provide enough assurance to move to the cloud. To address t...

It's all about the Data! - Preventative Security
Published: 10/08/2019

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceI have always said I am a "data guy." Decisions made with data eliminate all bias, opinions, and ad hoc decisions that cause potential costly moves.In my most recent podcast interview with Phillip Merrick, CEO of Fugue, he di...

CAIQ V3 Updates
Published: 09/17/2019

Cloud Security Alliance (CSA) would like to present the next version of the Consensus Assessments Initiative Questionnaire (CAIQ) v3.1.The CAIQ offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It pr...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.