Egregious 11 Meta-Analysis Part 1: (In)sufficient Due Diligence and Cloud Security Architecture and Strategy  

By Victor Chin, Research Analyst, CSA On August 6th, 2019, the CSA Top Threats working group released the third iteration of the Top Threats to Cloud Computing report. The following security issues from the previous iteration (“The Treacherous Twelve”) appeared again in the latest report. Data Breaches Account Hijacking Insider Threats Insecure Interfaces and APIs […]

Read more...

Uncovering the CSA Top Threats to Cloud Computing with Jim Reavis

By Greg Jensen, Sr. Principal Director – Security Cloud Business Group, Oracle For the few that attend this year’s BlackHat conference kicking off this week in Las Vegas, many will walk away with an in depth understanding and knowledge on risk as well as actionable understandings on how they can work to implement new strategies to defend against […]

Read more...

CCM v3.0.1. Update for AICPA, NIST and FedRAMP Mappings

Victor Chin and Lefteris Skoutaris, Research Analysts, CSA The CSA Cloud Controls Matrix (CCM) Working Group is glad to announce the new update to the CCM v3.0.1. This minor update will incorporate the following mappings: Association of International Certified Professional Accountants (AICPA) Trust Services Criteria (TSC) 2017 National Institute of Standards and Technology (NIST) 800-53 […]

Read more...

CSA Issues Top 20 Critical Controls for Cloud Enterprise Resource Planning Customers

By Victor Chin, Research Analyst, Cloud Security Alliance Cloud technologies are being increasingly adopted by organizations, regardless of their size, location or industry. And it’s no different when it comes to business-critical applications, typically known as enterprise resource planning (ERP) applications. Most organizations are migrating business-critical applications to a hybrid architecture of ERP applications. To […]

Read more...

CSA STAR – The Answer to Less Complexity, Higher Level of Compliance, Data Governance, Reduced Risk and More Cost-Effective Management of Your Security and Privacy System

By John DiMaria, Assurance Investigatory Fellow, Cloud Security Alliance We just launched a major refresh of the CSA STAR (Security, Trust and Assurance Risk) program, and if you were at the CSA Summit at RSA, you got preview of what’s in store. So let me put things in a bit more context regarding the evolution […]

Read more...

Introducing CAIQ-Lite

By Dave Christiansen, Marketing Director, Whistic The Cloud Security Alliance and Whistic are pleased to release CAIQ-Lite beta, a new framework for cloud vendor assessment. CSA and Whistic identified the need for a lighter-weight assessment questionnaire in order to accommodate the shift to cloud procurement models, and to enable cybersecurity professionals to more easily engage with […]

Read more...

CCM Addenda Updates for Two Additional Standards

By the CSA CCM Working Group Dear Colleagues, We’re happy to announce the publication of the updated Cloud Controls Matrix (CCM) Addenda for the following standards: — German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5) — ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018 These CCM addenda aim to help organizations assess […]

Read more...

Development of Cloud Security Guidance, with Mapping MY PDPA Standard to CCM Control Domains, Jointly Developed by MDEC and CSA

By Ekta Mishra, Research Analyst/APAC, Cloud Security Alliance The Cloud Security Alliance Cloud Controls Matrix (CCM) provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the CSA CCM rest on its customized relationship to other industry-accepted […]

Read more...

OneTrust and Cloud Security Alliance Partner to Launch Free Vendor Risk Tool for CSA Members

By Gabrielle Ferree, Public Relations and Marketing Manager, OneTrust OneTrust is excited to announce that we have partnered with Cloud Security Alliance to launch a free Vendor Risk Management (VRM) tool. The tool, available to CSA members today, automates the vendor risk lifecycle for compliance with the GDPR, CCPA and other global privacy frameworks. Get started […]

Read more...

Weigh in on the Cloud Control Matrix Addenda

Dear Colleagues, The Cloud Security Alliance would like to invite you to review and comment on the Cloud Control Matrix (CCM) addenda for the following standards: —German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5). (Add your comments to CCM-C5.) —ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018. (Add your comments to CCM-ISO.) These […]

Read more...

CCSK Success Stories: Cloud Security Training from a CTO’s Perspective

By the CSA Education Team We’re kicking off a series on cloud security training today with a Q&A with the Vice President and CTO of Fusion Risk Management, Cory Cowgill. With a background in enterprise software development spanning multiple industries, Cowgill has multiple certifications including Salesforce System Architect and Application Architect, Amazon Web Services Solution […]

Read more...

Cloud Security Alliance Releases Minor Update to CCM v3.0.1

By the CSA Research Team The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Working Group has released a minor update for the CCM v3.0.1. This update incorporates mappings to IEC 62443-3-3 and BSI Compliance Controls Catalogue (C5). The CCM is specifically designed to provide fundamental security principles to guide cloud vendors and to assist […]

Read more...

Cloud Security Alliance Announces the Release of the Spanish Translation of Guidance 4.0

By JR Santos, Executive Vice President of Research, Cloud Security Alliance. The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the release of Guidance for Critical Areas of Focus in Cloud Computing 4.0 in Spanish. This is the […]

Read more...

Methodology for the Mapping of the Cloud Controls Matrix

By Victor Chin, Research Analyst, Cloud Security Alliance The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud customers seeking to assess the overall security risk of a cloud service. To reduce compliance fatigue in the cloud services industry, the CCM program also includes controls mappings […]

Read more...

Updated CCM Introduces Reverse Mappings, Gap Analysis

By Sean Cordero, VP of Cloud Strategy, Netskope Since its introduction in 2010, the Cloud Security Alliance’s Cloud Control Matrix (CCM) has led the industry in the measurement of cloud service providers (CSP). The CCM framework continues to deliver for CSPs and cloud consumers alike a uniform set of controls to measure the security readiness […]

Read more...

CCSK Certification vs AWS Certification – A Definitive Guide

By Graham Thompson, CCSK, CCSP, CISSP, Authorized Trainer, Intrinsec Security I was recently asked about CCSK certification vs AWS certification and which one should be pursued by someone looking to getting into cloud security. This post tries to address the question “which cloud certification is right for you.” I’ll give you a lay of the land […]

Read more...

CSA Releases Minor Update to CCM, CAIQ

By the CSA Research Team The Cloud Security Alliance has released a minor update for the Cloud Control Matrix (CCM) and the Consensus Assessment Initiative Questionnaire (CAIQ) v3.0.1. This update incorporates mappings to Shared Assessments 2017 Agreed Upon Procedures (AUP), PCI DSS v3.2, CIS-AWS-Foundation v1.1, HITRUST CSF v8.1, NZISM v2.5. The Cloud Security Alliance would […]

Read more...

Guidance for Critical Areas of Focus in Cloud Computing Has Been Updated

Newest version reflects real-world security practices, future of cloud computing security By J.R. Santos, Executive Vice President of Research, Cloud Security Alliance Today marks a momentous day not only for CSA but for all IT and information security professionals as we release Guidance for Critical Areas of Focus in Cloud Computing 4.0, the first major […]

Read more...

3-2-1, Takeoff. The STARWatch Cloud Security Management Application Has Launched

By Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance Compliance, assurance and vendor management are becoming more and more complex and resource-intensive issues, so we created STARWatch, a Software as a Service (SaaS) application designed to provide organizations a centralized way to manage and maintain the integrity of the vendor review and assessment process. Today, […]

Read more...

The EU GDPR and Cloud: Six Must-Dos to Comply

By Krishna Narayanaswamy, Co-founder and Chief Scientist, Netskope You don’t have to be European to care about the European Commission’s pending EU General Data Protection Regulation (GDPR). Set to be adopted in 2017 and implemented the following year, carrying penalties up to 5 percent of an enterprise’s global revenues, and replacing the current Data Protection […]

Read more...