CSA Blog

Originally published by Schellman. With the new SEC Cybersecurity Disclosure Rule requiring both the reporting of material cybersecurity events and the annual disclosure of cybersecurity programs for public companies, those affected are taking a closer look at cybersecurity frameworks...

Originally published by Sangfor Technologies. Written by Nicholas Tay Chee Seng, CTO, Sangfor Cloud.The Cloud Repatriation Trend in 2023Browse the pages of most IT tech news websites and chances are you will come across stories of enterprise organizations migrating en masse to the...

Original published by Abnormal Security. Written by Mike Britton. It wasn't long ago that the world was much simpler when it came to protecting our employees and their email use. We all had a data center. Most of our employees spent their days working in an office. While SaaS has...

Originally published by Code42. Written by Chrysa Freeman, Sr. Manager of Code42's Cybersecurity Team. In the ever-evolving world of work, where remote collaboration, the Great Resignation, the rise of contractors, and the ascent of cloud technologies redefine how we conduct business...

Originally published by Microsoft. Threat actors go where the targets are, capitalizing on opportunities to launch targeted or widespread, opportunistic attacks. This extends into high profile sporting events, especially those in increasingly connected environments, introducing cyber...

Originally published by Mitiga. Written by Ariel Parnes. The Securities and Exchange Commission (SEC) of the United States has adopted new regulations that require public companies to disclose material cybersecurity incidents within four days. To the positive, this initiative seeks...

Written by Denis Mandich, Quantum-Safe Security Working Group Member and CTO for Qrypt. The financial community relies on several standards organizations to provide consensus guidance on protecting data and information exchanges, primarily for payments and securities transactions...

Written by Sully Perella, Dan Stocker, and Kerry Steele. Assessing the security of a cloud service provider can be a challenge. That's why the Cloud Security Alliance (CSA) is excited to announce the release of the latest mapping of the Cloud Controls Matrix (CCM) version 4.0 to...

Volunteers are also honored for outstanding efforts in advancing cloud security, cybersecurity worldwide with the Juanita Koilpillai and Chapter of Excellence Awards BELLEVUE, WA – SECtember – Sept. 21, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated...

New collaboration to further harmonize GDPR complianceBrussels and Seattle – Sept. 20, 2023 – Starting in November 2023 and through a specific framework, the Cloud Security Alliance (CSA) community will have access to an approved and European Data Protection Board (EDPB)-endorsed...

Mapping highlights areas of congruence and misalignment between CCM and PCI DSS standards, making it easier for payment processing services to mitigate riskBELLEVUE, WA – SECtember – Sept. 19, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to...

I already have a SOC 2 Type 2 and ISO/IEC 27001 certification. Why would I want to upgrade to STAR?First, let’s set the stage with a discussion on scope and focus:STAR: The STAR certification is specifically designed for CSPs and assesses the security controls and practices related...

Originally published by DigiCert. Written by Robyn Weisman. Connected medical devices, also known as IoMT (Internet of Medical Things), can dramatically improve patient health while minimizing the potential for harm. Infusion pumps illustrate this in a stark fashion. In 2010, Reuters...

Originally published by Dig Security. Written by Yotam Ben Ezra. What makes a cloud data security platform?Recent years have seen a flurry of new technologies and vendors - first in CSPM, then DSPM. Dozens of products have emerged, in addition to existing DLP vendors releasing cloud...

Originally published by CXO REvolutionaries. Written by Sam Curry, VP & CISO in Residence, Zscaler. A finite game, like a football game or a single game of chess, has a termination or metaphorical finish line where we can declare a winner or loser. An infinite game, however, is one...