Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Modernizing Assurance for Cloud and Beyond
Published: 02/28/2023
Author: Jim Reavis

Since we launched in 2009, organizations around the world have looked to the Cloud Security Alliance to see what we might be able to offer to assist them in addressing assurance issues with the cloud services they were beginning to use. Fast forward to 2023, this has grown into a critical aspect ...

Why Your Cloud Services Need the CSA STAR Registry Listing
Published: 01/20/2023

Originally published by CAS Assurance. What is the CSA STAR Registry? The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry maintained by CSA and it documents the security, privacy and compliance postures of the cloud services off...

CSA STAR Certification – Supporting Cloud Trust
Published: 01/04/2023

Originally published by MSECB. Written by Mark Lundin, MSECB. Value of CSA STAR Certification for CSPs Cloud Security Alliance (CSA) STAR Certification is a strong tool to help cloud service providers evaluate and improve their cybersecurity controls while certifying against a well-respecte...

The New ISO/IEC 27001:2022 Standard’s Impact on the CSA STAR Certification
Published: 11/18/2022

Written by Ashwin Chaudhary, CEO, Accedere. Introduction The most awaited third edition of ISO/IEC 27001:2022 was published on 25th October 2022, after the publication of ISO 27002:2022 in February 2022. If you are planning on transitioning to the newly updated standard, then your major focus s...

Using the CSA STAR Consensus Assessment Initiative Questionnaire (CAIQ) as a Procurement Tool
Published: 10/22/2022
Author: John DiMaria

IntroductionThe CSA STAR Consensus Assessment Initiative Questionnaire (CAIQ) is an industry-wide initiative to standardize security and risk management assessments of cloud computing vendors. The CAIQ was developed to provide a consistent way for cloud service providers (CSPs), customers, and th...

How to Achieve CSA STAR Compliance
Published: 09/02/2022

Written by Ashwin Chaudhary, CEO, Accedere. We know that a lot of organizations want to achieve the Cloud Security Alliance’s STAR Level 1 Self-Assessment or Level 2 Certification. However, some organizations face challenges in understanding the process, documentation, and approach to achieve...

CSA STAR Certification vs. CSA STAR Attestation
Published: 09/01/2022

Originally published by Schellman & Co here.Written by Ryan Mackie, Principal at Schellman & Company.In the popular modern musical Hamilton, the titular character is given an opportunity by George Washington. Hamilton can stay on the front lines of the American Revolution, or he can become the ge...

An Introduction to CSA STAR and ISO 27001
Published: 08/18/2022

Originally published by Schellman here. Written by Ryan Mackie, Schellman. When making decisions about the kind of compliance your organization needs, the process can be akin to creating an ice cream sundae (albeit, less fun). No doubt your customers and prospects want to see comprehensive a...

Using the CSA STAR Program for Procurement
Published: 07/29/2022

This blog was originally published by PivotPoint Security here.Among cloud service categories, Software as a Service (SaaS) offerings are not only the most numerous—up to a million providers worldwide—but also arguably the weakest on security. While infrastructure and platform providers are more ...

What is CSA STAR Certification and Why it is Important for ISO/IEC 27001 Certified Organizations?
Published: 07/27/2022

This blog was originally published by MSECB here. What is CSA STAR Certification? Building security and data protection into the DNA of an organization’s management system and operations is very important considering the intensive use of cloud computing by all organizations nowadays. CSA STAR...

CCSK Success Stories: From a CISO and Chief Privacy Officer
Published: 07/01/2022

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

What is the CSA Cloud Controls Matrix and Why Should Everyone on the Cloud Care?
Published: 07/01/2022

This blog was originally published by Pivot Point Security here. If you’re not on the cloud you must be very afraid of heights. With nearly 100% of businesses now using cloud services, how are cloud service providers (CSPs) proving to customers and other stakeholders that they are secure?To talk ...

CSA and the Cyber Risk Institute: CCM Addendum for the Financial Sector
Published: 06/28/2022
Author: Daniele Catteddu

The CSA Cloud Controls Matrix (CCM) is 11 years old. Almost a teenager! Over time it has evolved and matured and has been a fundamental piece of the cloud journey for several thousands of organizations worldwide. Virtually any organization willing to implement cloud computing in a secure way ha...

What is the Cloud Security Alliance and Why Should I (as Someone Selling or Buying Cloud Services) Care?
Published: 06/17/2022

This blog was originally published by Pivot Point Security here.If you’re not involved in cloud services you’re probably frozen in ice somewhere. With SaaS penetration nearing 100% of businesses, what is the state of cloud security?To talk about the biggest issues and answers in cloud security to...

Essential Cloud Security & Compliance Tips from CSA
Published: 06/02/2022

This blog was originally published by Pivot Point Security here.Even before the pandemic, the majority of businesses were already moving to the cloud. Now, it seems you can’t do business without it. This means cloud security and compliance are more important than ever.That’s why I’m speaking to o...

Fighting Ransomware in the Cloud
Published: 05/13/2022

The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores the STAR Program, CSA best practices, research, and associated technologies and tools. This blog is part of a series where we edit key CSA Security Update episodes into shorter Q&As. In tod...

How to Prepare for the Changes to the ISO Standards
Published: 04/09/2022

The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores the STAR Program, CSA best practices, research, and associated technologies and tools. This blog is part of a series where we edit key CSA Security Update episodes into shorter Q&As. In tod...

The Italian Agency for National Cybersecurity Embraces the STAR Program
Published: 03/17/2022

Written by Daniele Catteddu, CTO, CSA and John DiMaria, Assurance Investigatory Fellow, CSA Flashback: In the 1980s, ISO 9001 was taking the world by storm. The paradigm of what quality looked like had changed. Nothing you did prior seemed to make any difference. Organizations were putting suppli...

CAIQ-Lite: The Lighter-weight Security Assessment Option
Published: 01/22/2022

CSA’s Consensus Assessment Initiative Questionnaire (CAIQ) is a downloadable spreadsheet of yes or no questions that correspond to the controls of the Cloud Controls Matrix (CCM), our cybersecurity controls framework for cloud computing. A cloud service provider can use the CAIQ to document what ...

Step up Your GDPR Compliance Program
Published: 01/12/2022

This blog was originally published by CAS Assurance here. Overview The General Data Protection Regulation (GDPR) lays down rules relating to the protection of natural persons regarding the processing of personal data and rules relating to the free movement of personal data. The GDPR protects fund...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.