Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Cloud 101
Circle
Events
Blog
Sign In

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Home
Industry Insights
Build a Strong SAP Security Strategy With the NIST Framework
Published: 12/22/2022

Originally published by Onapsis. Written by JP Perez-Etchegoyen, CTO, Onapsis. Business applications like SAP are responsible for running the enterprise, powering operations and fueling the global economy. Considering 77% of the world’s transactional revenue touches an SAP system and 92% of the F...

Unpatched ERP Vulnerabilities Haunt Organizations
Published: 12/12/2022

Originally published by Onapsis. The challenge of how to identify vulnerabilities, prioritize patches, and prevent cyberattacks targeting business-critical Enterprise Resource Planning (ERP) data and systems is keeping cybersecurity professionals up at night. Don’t let unpatched ERP vulnerabili...

What is ERP Security?
Published: 11/14/2022

Originally published by Onapsis on October 6, 2022. This month marks CISA’s 19th Cybersecurity Awareness Month, a joint effort between the government and public to raise awareness of the importance of cybersecurity. This year's theme, "See Yourself in Cyber," demonstrates that while cybersecurity...

The Need for SAP Security in the Utilities Sector
Published: 10/27/2022

Originally published by Onapsis here. It’s no secret cyberattacks have become more advanced over the last few years. Industries that are critical to everyday life have seen, firsthand, the debilitating impact cyberattacks can have. Critical infrastructure, such as the informational technology (IT...

What is SAP Security (and Why Does It Matter?)
Published: 10/12/2022

Originally published by Onapsis here. An Overview of SAP Applications Business-critical applications such as ERP, SCM, CRM, SRM, PLM, HCM, BI and others support essential business functions and processes of the world’s largest commercial and governmental organizations, including supply chain, man...

SAP S/4HANA: 5 Ways to Build In Security From the Start
Published: 09/26/2022

Originally published by Onapsis here. Many SAP customers are currently at the point of either planning or executing a transformation to SAP’s next generation ERP, S/4HANA. More than 18,800 companies[1] have adopted SAP S/4HANA and thousands more are in the process of migrating to the new platform...

Overview of Critical Controls for Oracle Cloud Applications
Published: 07/13/2022
Author: Michael Miller

CSA’s Enterprise Resource Planning (ERP) Working Group is pleased to release the latest in a series of security guidance for deploying ERP systems in the cloud. This latest whitepaper focuses on Oracle Cloud Applications. Oracle Cloud Application clients share with Oracle Corporation the respo...

Leveraging CSA to React to Critical Risks
Published: 02/18/2022

Written by JP Perez-Etchegoyen, CTO, Onapsis On February 8th, 2022, SAP released its SAP Security Notes as part of the monthly cadence of releasing security patches. This last patch Tuesday was noteworthy due to the release of patches for critical, unauthenticated, HTTP exploitable vulnerabilitie...

Critical Controls for Oracle E-Business Suite
Published: 06/11/2021

Written by Mike Miller, OnapsisOver the past months, cyber threat activity has increased to unprecedented levels, with threat actors expanding their capabilities to target critical infrastructure and mission-critical applications. From hacktivists to cyber-criminals and state-sponsored, these act...

Why Is Cybersecurity Critical in Protecting Infrastructure?
Published: 06/09/2021

Written by Angela Stone, Content Creator, Eleven Fifty AcademyCybersystems, assets, and physical infrastructure are vital to the economy of a country. Destroying or incapacitating infrastructure and cyber systems can have a devastating impact on the economy. Industries such as the oil and gas ind...

Using CSA’s Implementation Guide for SAP to securely migrate and operate ERP applications in the cloud.
Published: 10/09/2020

By Juan Perez-Etchegoyen, chair of the Enterprise Resource Planning working group, and CTO of Onapsis.With the increasingly growing adoption of cloud models across Enterprise Resource Planning (ERP) applications, organizations need to increase the level of attention and controls provided to the ...

RECON (CVE-2020-6287) and its impact on Cloud Applications
Published: 09/29/2020

By Shamun Mahmud, Sr. Research Analyst at Cloud Security AllianceKey takeawaysCloud adoption is growing when it comes to ERP ApplicationsERP Applications in the cloud can be vulnerable security issues and organizations need to apply the proper security controls and patches.IntroductionThe RECON v...

It's Time for Security Leadership to Embrace the Cloud-First Future
Published: 07/29/2019

By Arif Kareem, CEO and President at ExtraHop NetworksOn the campus at Stanford Business School is a plaque engraved with a quote from Phil Knight, graduate of the business school and co-founder of Nike. I've visited the campus many times, and each time the words stop me in my tracks."There comes...

CSA Issues Top 20 Critical Controls for Cloud Enterprise Resource Planning Customers
Published: 06/10/2019

By Victor Chin, Research Analyst, Cloud Security AllianceCloud technologies are being increasingly adopted by organizations, regardless of their size, location or industry. And it’s no different when it comes to business-critical applications, typically known as enterprise resource planning (ERP)...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.