Circle
Events
Blog

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
CAIQ-Lite: The Lighter-weight Security Assessment Option
Published: 01/22/2022

CSA’s Consensus Assessment Initiative Questionnaire (CAIQ) is a downloadable spreadsheet of yes or no questions that correspond to the controls of the Cloud Controls Matrix (CCM), our cybersecurity controls framework for cloud computing. A cloud service provider can use the CAIQ to document what ...

Step up Your GDPR Compliance Program
Published: 01/12/2022

This blog was originally published by CAS Assurance here. Overview The General Data Protection Regulation (GDPR) lays down rules relating to the protection of natural persons regarding the processing of personal data and rules relating to the free movement of personal data. The GDPR protects fund...

Transitioning to the Cloud in 2022: Recommended Resources from CSA
Published: 01/11/2022

How can your organization improve how it approaches the cloud? In this blog we put together a list of research created by the Cloud Security Alliance’s working groups and other resources created by our community that will be helpful to you if you are considering transitioning your organization to...

The Quest for Multi-Party Recognition
Published: 12/22/2021

The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores the STAR Program, CSA best practices, research, and associated technologies and tools. This blog is part of a series where we edit key CSA Security Update episodes into shorter Q&As. In...

CSA 2022 Priorities: Cloud & Collaboration
Published: 12/17/2021
Author: Jim Reavis

This time of year I am often asked to make industry predictions, which I do – poorly. So this time around, I thought I would focus on making predictions about what Cloud Security Alliance will be working on in 2022, I should get at least 50% of it right. Let’s get started!Zero TrustThis is certai...

What’s Your Risk Appetite?
Published: 12/04/2021
Author: Kurt Seifried

Let’s get some dinnerIn European history, the first restaurant was opened in Paris in 1765 with a single dish (sheep’s feet simmered in a white sauce). In eastern history, the first restaurants opened in around 1100 A.D. in China in a number of different cities. Either way, we can all agree that ...

STAR Testimonial: Implementation and Beyond
Published: 11/20/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores...

Data Security and Privacy-related ISO/IEC Certifications
Published: 11/17/2021

Written by Ashwin Chaudhary, CEO of Accedere. In this blog, we will focus on Data Security and Privacy-related ISO/IEC Certifications. With the cybercrime market targeting 10.5 Trillion USD and increasing data security breaches, the need for third-party vendor certifications is also increasin...

STAR Testimonial: The First Cloud-Specific Attestation Program
Published: 10/30/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. This is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC2 engagement...

What is CAIQ?
Published: 09/01/2021

CCM, STAR, CCSK, CCAK – the Cloud Security Alliance is rolling in acronyms that you might not be familiar with yet. In this post, we’re going to get you up to speed on one of our most useful tools for cloud security transparency: the CAIQ.A Questionnaire for Transparency and AssuranceCAIQ is an a...

STAR Testimonial: CSA STAR + SOC2 - From Readiness to Attestation
Published: 08/20/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. This is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC2 engageme...

CCM Testimonial: The Advantages and Future of the Cloud Controls Matrix
Published: 08/12/2021

The Cloud Controls Matrix (CCM) is composed of 197 control objectives that cover all key aspects of cloud technology. It can be used as a tool for the systematic assessment of cloud implementation and provides guidance on which security controls should be implemented by which actor within the clo...

The Visionary CCM/CAIQ v4 Early Adopters
Published: 08/06/2021
Author: John DiMaria

This blog was updated on 8/16/21 with the news that organizations can now submit CAIQ v4 to the STAR Registry.The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to CSA best practices and is considered the de-facto standard for cloud security and priva...

How is CSA STAR Different From ISO 27001 and SOC 2?
Published: 08/02/2021

The STAR Registry lists cloud solution providers and security providers that have earned a cloud compliance certification from CSA or submitted a cloud security self-assessment questionnaire. While STAR Level 1 is a basic Yes/No or N/A question set to self-declare your compliance with the Cloud C...

The STAR Certification Journey
Published: 06/08/2021

The CSA STAR Program is a powerful tool for security assurance in the cloud. It encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings. The CSA Securit...

CAIQ v4 Released - Changes from v3.1 to v4
Published: 06/07/2021
Author: Daniele Catteddu

This blog was updated on 8/16/21 with the news that organizations can now submit CAIQ v4 to the STAR Registry.Since the publication of CCM v4 in January 2021, CSA has initiated a process to upgrade CAIQ, the questionnaire associated with CCM. In this blog we will explain changes made to version 4...

What an Auditor Should Know about Cloud Computing Part 3
Published: 04/27/2021
Author: Moshe Ferber

With the launch of the Certificate of Cloud Auditing Knowledge (CCAK) credential by ISACA and CSA, Moshe Ferber has put together some of the insights gained during the creation of the CCAK. This is the third in a series of three blogs dealing with the essentials an auditor needs to know about clo...

​CSA STAR Attestation and STAR Certification Case Studies
Published: 02/28/2021

As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. The CSA STAR Attestation and Certification are the fi...

Using CSA STAR to Improve Cloud Governance and Compliance
Published: 12/19/2020

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceThe more complex systems become, the less secure they are, even though security technologies improve. There are many reasons for this, but it can all be traced back to the problem of complexity. Why? Because we give a lot of ...

What is a Cloud Service Provider?
Published: 04/30/2020

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceDefining what is a Cloud Service Provider is not as easy as one might think, especially if you are an enterprise organization wondering if your vendors are servicing you from the cloud or not. A cloud service provider, or CSP...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.