Circle
Events
Blog

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
CCSK Success Stories: From a CISO and Chief Privacy Officer
Published: 07/01/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

What is the CSA Cloud Controls Matrix and Why Should Everyone on the Cloud Care?
Published: 07/01/2022

This blog was originally published by Pivot Point Security here. If you’re not on the cloud you must be very afraid of heights. With nearly 100% of businesses now using cloud services, how are cloud service providers (CSPs) proving to customers and other stakeholders that they are secure?To talk ...

CSA and the Cyber Risk Institute: CCM Addendum for the Financial Sector
Published: 06/28/2022
Author: Daniele Catteddu

The CSA Cloud Controls Matrix (CCM) is 11 years old. Almost a teenager! Over time it has evolved and matured and has been a fundamental piece of the cloud journey for several thousands of organizations worldwide. Virtually any organization willing to implement cloud computing in a secure way has ...

What is the Cloud Security Alliance and Why Should I (as Someone Selling or Buying Cloud Services) Care?
Published: 06/17/2022

This blog was originally published by Pivot Point Security here.If you’re not involved in cloud services you’re probably frozen in ice somewhere. With SaaS penetration nearing 100% of businesses, what is the state of cloud security?To talk about the biggest issues and answers in cloud security to...

Essential Cloud Security & Compliance Tips from CSA
Published: 06/02/2022

This blog was originally published by Pivot Point Security here.Even before the pandemic, the majority of businesses were already moving to the cloud. Now, it seems you can’t do business without it. This means cloud security and compliance are more important than ever.That’s why I’m speaking to o...

Fighting Ransomware in the Cloud
Published: 05/13/2022

The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores the STAR Program, CSA best practices, research, and associated technologies and tools. This blog is part of a series where we edit key CSA Security Update episodes into shorter Q&As. In tod...

How to Prepare for the Changes to the ISO Standards
Published: 04/09/2022

The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores the STAR Program, CSA best practices, research, and associated technologies and tools. This blog is part of a series where we edit key CSA Security Update episodes into shorter Q&As. In tod...

The Italian Agency for National Cybersecurity Embraces the STAR Program
Published: 03/17/2022

Written by Daniele Catteddu, CTO, CSA and John DiMaria, Assurance Investigatory Fellow, CSA Flashback: In the 1980s, ISO 9001 was taking the world by storm. The paradigm of what quality looked like had changed. Nothing you did prior seemed to make any difference. Organizations were putting suppli...

CAIQ-Lite: The Lighter-weight Security Assessment Option
Published: 01/22/2022

CSA’s Consensus Assessment Initiative Questionnaire (CAIQ) is a downloadable spreadsheet of yes or no questions that correspond to the controls of the Cloud Controls Matrix (CCM), our cybersecurity controls framework for cloud computing. A cloud service provider can use the CAIQ to document what ...

Step up Your GDPR Compliance Program
Published: 01/12/2022

This blog was originally published by CAS Assurance here. Overview The General Data Protection Regulation (GDPR) lays down rules relating to the protection of natural persons regarding the processing of personal data and rules relating to the free movement of personal data. The GDPR protects fund...

Transitioning to the Cloud in 2022: Recommended Resources from CSA
Published: 01/11/2022

How can your organization improve how it approaches the cloud? In this blog we put together a list of research created by the Cloud Security Alliance’s working groups and other resources created by our community that will be helpful to you if you are considering transitioning your organization to...

The Quest for Multi-Party Recognition
Published: 12/22/2021

The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores the STAR Program, CSA best practices, research, and associated technologies and tools. This blog is part of a series where we edit key CSA Security Update episodes into shorter Q&As. In tod...

CSA 2022 Priorities: Cloud & Collaboration
Published: 12/17/2021
Author: Jim Reavis

This time of year I am often asked to make industry predictions, which I do – poorly. So this time around, I thought I would focus on making predictions about what Cloud Security Alliance will be working on in 2022, I should get at least 50% of it right. Let’s get started!Zero TrustThis is certai...

What’s Your Risk Appetite?
Published: 12/04/2021
Author: Kurt Seifried

Let’s get some dinnerIn European history, the first restaurant was opened in Paris in 1765 with a single dish (sheep’s feet simmered in a white sauce). In eastern history, the first restaurants opened in around 1100 A.D. in China in a number of different cities. Either way, we can all agree that ...

STAR Testimonial: Implementation and Beyond
Published: 11/20/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores...

Data Security and Privacy-related ISO/IEC Certifications
Published: 11/17/2021

Written by Ashwin Chaudhary, CEO of Accedere. In this blog, we will focus on Data Security and Privacy-related ISO/IEC Certifications. With the cybercrime market targeting 10.5 Trillion USD and increasing data security breaches, the need for third-party vendor certifications is also increasin...

STAR Testimonial: The First Cloud-Specific Attestation Program
Published: 10/30/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. This is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC2 engagement...

What is CAIQ?
Published: 09/01/2021

CCM, STAR, CCSK, CCAK – the Cloud Security Alliance is rolling in acronyms that you might not be familiar with yet. In this post, we’re going to get you up to speed on one of our most useful tools for cloud security transparency: the CAIQ.A Questionnaire for Transparency and AssuranceCAIQ is an a...

STAR Testimonial: CSA STAR + SOC2 - From Readiness to Attestation
Published: 08/20/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. This is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC2 engageme...

CCM Testimonial: The Advantages and Future of the Cloud Controls Matrix
Published: 08/12/2021

The Cloud Controls Matrix (CCM) is composed of 197 control objectives that cover all key aspects of cloud technology. It can be used as a tool for the systematic assessment of cloud implementation and provides guidance on which security controls should be implemented by which actor within the clo...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.