Announcements

  • Open Peer Reviews

    Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
    Open Until: 3/31/2023
    Learn More → https://csaurl.org/2wstxx

  • Upcoming Cloudbyte Webinars

    How to Automate Security, Governance & Privacy for Cloud Data Innovation
    Date: 1/31/23
    Time: 10:00 AM CST
    Register Here → https://csaurl.org/fdvob2

  • January Research Releases

    ACSP Training Course Outline | CSA
    Release Date: 1/17/23
    Summary: An outline of the topics covered and what you'll be building in the labs each day of the Advanced Cloud Security Practitioner (ACSP) Training. 
    Download this Resource → https://csaurl.org/u4djra

    CSA Data Lake Threat Modeling
    Release Date: 1/26/23
    Summary: As cloud platforms expand further and further into business uses, the need to understand the attack surface to your data becomes much more apparent. With the help from NTT Data and Marymount University, CSA has released for peer review our Data Lake threat modeling exercise spreadsheet. In this document, numerous elements of data lakes have been taken into consideration and have been applied a specific threat scenario. Each one of these scenarios has been applied to the STRIDE framework, as well as been provided countermeasures for possible corrections and controls. Lastly, you will be able to see the mapping of each threat scenario to its specific attack library framework. 
    Download this Resource → https://csaurl.org/k15wcb

  • December Research Releases

    CSA CCM v4.0 Addendum - Spain National Security Framework (ENS)
    Release Date: 12/8/22
    Summary: This document is an addendum to the CCM V4.0 that contains controls mapping between the CSA CCM and Spain's National Security Framework (ENS). The document aims to help ENS compliant organizations meet CCM requirements. This is achieved by identifying compliance gaps in ENS in relation to the CCM. This document contains the following information:
    • Controls Mapping
    • Gap Analysis
    • Gap Identification (i.e., Partial, Full or No Gap)
    Download this Resource → https://csaurl.org/1pcz2v

    The Six Pillars of DevSecOps - Pragmatic Implementation
    Release Date: 12/14/22
    Summary: This document provides a high-level overview of the various tools and processes that should be considered when building out a successful DevSecOps program. It takes a wide range of DevSecOps activities and turns them into a cookbook for teams to reference when considering different approaches. It also is broken down to allow a reader with a specific role to hone in on the sections relevant to their area of expertise and responsibility. Follow-up papers will take this high-level overview, and provide specific guidance for various use-cases, as well as recommendations on which order to focus on implementation to see the greatest returns for the reader’s context. 
    Download this Resource → https://csaurl.org/ik6g8n

    Deconstructing Application Connectivity Challenges in a Complex Cloud Environment
    Release Date: 12/14/22
    Summary: The production and use of SaaS applications in organizations has grown exponentially over the past several years. Application Security has become an integral part of many organizations' security strategies. However, there are still many pain points organizations face with application connectivity security and risk management.
    Download this Resource → https://csaurl.org/6frk22

  • Upcoming Cloudbyte Webinars

    Using Zero Trust to Mitigate Ransomware Threats
    Date: 1/17/23
    Time: 10:00 AM CST
    Register Here → https://csaurl.org/vxbu5w

    Crawl, Walk, Run: Operationalizing IaC Security
    Date: 1/18/23
    Time: 11:00 AM CST
    Register Here → https://csaurl.org/bafyx2

    Prioritizing Risk Among the Chaos of Cloud Development
    Date: 1/19/23
    Time: 11:00 AM CST
    Register Here → https://csaurl.org/ainjft

    CSP Perspective Working with Financial Services
    Date: 1/20/23
    Time: 10:00 AM CST
    Register Here → https://csaurl.org/914urn

  • Open Peer Reviews

    Proposal for a Standard Cloud Service Agreement Template
    Open Until: 1/15/2023
    Learn More → https://csaurl.org/77n68j

    Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
    Open Until: 3/31/2023
    Learn More → https://csaurl.org/2wstxx

  • Upcoming Cloudbytes Webinars

    Panel: CISO’s Guide to Security Strategy During a Recession
    Date: 1/9/23
    Time: 12:00 PM CST
    Register Here → https://csaurl.org/5topfv

    Confidence in Software Supply Chains with Continuous Security
    Date: 1/10/23
    Time: 12:00 PM CST
    Register Here → https://csaurl.org/liskze

  • Open Peer Reviews

    Proposal for a Standard Cloud Service Agreement Template
    Open Until: 1/15/2023
    Learn More → https://csaurl.org/77n68j

    Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
    Open Until: 3/31/2023
    Learn More → https://csaurl.org/2wstxx

  • December Research Releases

    CSA CCM v4.0 Addendum - Spain National Security Framework (ENS)
    Release Date: 12/8/22
    Summary: This document is an addendum to the CCM V4.0 that contains controls mapping between the CSA CCM and Spain's National Security Framework (ENS). The document aims to help ENS compliant organizations meet CCM requirements. This is achieved by identifying compliance gaps in ENS in relation to the CCM. This document contains the following information:
    • Controls Mapping
    • Gap Analysis
    • Gap Identification (i.e., Partial, Full or No Gap)
    Download this Resource → https://csaurl.org/1pcz2v

    The Six Pillars of DevSecOps - Pragmatic Implementation
    Release Date: 12/14/22
    Summary: This document provides a high-level overview of the various tools and processes that should be considered when building out a successful DevSecOps program. It takes a wide range of DevSecOps activities and turns them into a cookbook for teams to reference when considering different approaches. It also is broken down to allow a reader with a specific role to hone in on the sections relevant to their area of expertise and responsibility. Follow-up papers will take this high-level overview, and provide specific guidance for various use-cases, as well as recommendations on which order to focus on implementation to see the greatest returns for the reader’s context. 
    Download this Resource → https://csaurl.org/ik6g8n

    Deconstructing Application Connectivity Challenges in a Complex Cloud Environment
    Release Date: 12/14/22
    Summary: The production and use of SaaS applications in organizations has grown exponentially over the past several years. Application Security has become an integral part of many organizations' security strategies. However, there are still many pain points organizations face with application connectivity security and risk management.
    Download this Resource → https://csaurl.org/6frk22

  • Open Peer Reviews

    Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Section 2: Organization Management
    Open Until: 12/18/2022
    Learn More → https://csaurl.org/2zbqqg

    ATT&CK & D3FEND with a CAVEAT
    Open Until: 12/23/2022
    Learn More → https://csaurl.org/sgwvdq

    NTT Threat Modeling
    Open Until: 12/23/2022
    Learn More → https://csaurl.org/0rnvw2

    Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
    Open Until: 3/31/2023
    Learn More → https://csaurl.org/2wstxx

  • Upcoming Cloudbytes Webinars

    Adobe CCF & FedRAMP Moderate: Building a Secure Compliant Environment
    Date: 12/12/22
    Time: 11:00 AM CST
    Register Here → https://csaurl.org/txovqf

    Continuously Monitoring First and Third Parties against the CCM Framework
    Date: 12/13/22
    Time: 12:00 PM CST
    Register Here → https://csaurl.org/z3fvlf

    Cloud Attacks Are Here: Threat Actors Like Containers Too!
    Date: 12/14/22
    Time: 12:00 PM CST
    Register Here → https://csaurl.org/5e5zn3

  • November Research Releases

    Top Threats to Cloud Computing - Pandemic Eleven - Japanese Translation
    Release Date: 11/16/22
    Summary: The Top Threats reports have traditionally aimed to raise awareness of threats, risks, and vulnerabilities in the cloud. Such issues are often the result of the shared, on-demand nature of cloud computing. In this sixth installment, we surveyed 703 industry experts on security issues in the cloud industry. This year our respondents identified eleven salient threats, risks, and vulnerabilities in their cloud environments. The Top Threats Working Group used the survey results and its expertise to create the 2022 Top Cloud Threats report - the ‘Pandemic Eleven’. 
    Download this Resource → https://csaurl.org/f6mo0a

    Zero Trust as a Security Philosophy
    Release Date: 11/14/22
    Summary: This paper takes both a vendor-neutral and technology-solution-neutral look at what Zero Trust means for your organization and provides recommendations to develop a strategy and the supporting architecture that supports the organization and its workflows; aligning IT to business goals and outcomes.
    Download this Resource → https://csaurl.org/x37jur

  • Open Peer Reviews

    Telesurgery Tabletop Guide Book
    Open Until: 12/16/2022
    Learn More → https://csaurl.org/8ynvbi

    Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Section 2: Organization Management
    Open Until: 12/18/2022
    Learn More → https://csaurl.org/2zbqqg

    ATT&CK & D3FEND with a CAVEAT
    Open Until: 1/14/2023
    Learn More → https://csaurl.org/sgwvdq

    Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
    Open Until: 3/31/2023
    Learn More → https://csaurl.org/2wstxx

  • Surveys

    Cloud Key Management Topic Selection Survey
    Length: 15 questions, 2 minutes
    Deadline: December 10
    Participate Here → https://csaurl.org/z97j95

  • Upcoming Cloudbyte Webinars

    Ermetic - How Does Your Cloud Security Compare, and Where Do You Go From Here?
    Date: 12/5/22
    Time: 6:00 PM UTC
    Register Here → https://csaurl.org/dr0crt

    Microsoft - Achieving the Principle of Least Privilege Across Multicloud with CIEM!
    Date: 12/6/22
    Time: 10:00 AM CST
    Register Here → https://csaurl.org/nemtcm

    AppOmni - Is PHI Secure in SaaS Applications - And Their Ecosystems?
    Date: 12/7/22
    Time: 1:00 PM CST
    Register Here → https://csaurl.org/adcdwe

    Rubrik - A Fireside Chat: The Human Effects of Cybercrime
    Date: 12/8/22
    Time: 1:00 PM CST
    Register Here → https://csaurl.org/29hfbr

  • November Research Releases

    Top Threats to Cloud Computing - Pandemic Eleven - Japanese Translation
    Release Date: 11/16/22
    Summary: The Top Threats reports have traditionally aimed to raise awareness of threats, risks, and vulnerabilities in the cloud. Such issues are often the result of the shared, on-demand nature of cloud computing. In this sixth installment, we surveyed 703 industry experts on security issues in the cloud industry. This year our respondents identified eleven salient threats, risks, and vulnerabilities in their cloud environments. The Top Threats Working Group used the survey results and its expertise to create the 2022 Top Cloud Threats report - the ‘Pandemic Eleven’. 
    Download this Resource → https://csaurl.org/f6mo0a

    Zero Trust as a Security Philosophy
    Release Date: 11/14/22
    Summary: This paper takes both a vendor-neutral and technology-solution-neutral look at what Zero Trust means for your organization and provides recommendations to develop a strategy and the supporting architecture that supports the organization and its workflows; aligning IT to business goals and outcomes.
    Download this Resource → https://csaurl.org/x37jur

  • Open Peer Reviews

    Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
    Open Until: 12/07/2022
    Learn More → https://csaurl.org/r47b8i

    Telesurgery Tabletop Guide Book
    Open Until: 12/16/2022
    Learn More → https://csaurl.org/8ynvbi

    Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Section 2: Organization Management
    Open Until: 12/18/2022
    Learn More → https://csaurl.org/2zbqqg

  • Surveys

    State of Financial Services 2022
    Length: 31 questions, 10 minutes
    Deadline: Nov 30
    Participate Here → https://csaurl.org/dbmy7d

    Cloud Key Management Topic Selection Survey
    Length: 15 questions, 2 minutes
    Deadline: December 10
    Participate Here → https://csaurl.org/z97j95

  • CSA’s Trusted Cloud Consultant Program

    CSA is excited to launch the Trusted Cloud Consultant (TCC) Program designed to connect enterprise organizations with qualified professional consulting services. The TCC Program allows cybersecurity consulting organizations and professionals to enhance cloud relevance by enabling them with a broad understanding of CSA’s tools and best practices. Trusted Cloud Consultants are qualified sources that are able to provide cloud security assessment and remediation services to enterprise organizations that need to improve their cloud security postures. 

    Virtually all organizations use the cloud, yet 51% of enterprises use no vendors or tools to quantify risk. Cloud usage and cybersecurity cannot be ignored. The CSA TCC Program makes it easier for organizations to source and connect with recognized, trusted consultants that leverage CSA best practices. 

    To learn more about becoming a Trusted Cloud Consultant or how to connect with one, email [email protected].

    Learn More (https://e.cloudsecurityalliance.org/trusted-cloud-consultant)
  • ZTT M3 release

    The Cloud Security Alliance is excited to release Key Features & Technologies of Software-Defined Perimeter, the third course in our online Zero Trust Training (ZTT) program.  This new course will provide learners with an in-depth look at the key features and technologies of SDP for securing today’s and tomorrow’s IT infrastructures—whether they are on-premises, in the cloud, a hybrid of the two, or a case with multiple cloud service providers. 

    [Take the Course

    Learners will be introduced to the principles of Least Privilege and Need to Know, policy-based authorization and access controls, and the similarities and differences between SDP and SDN.

    This course is a great fit for users in any of the following roles:

    • C-Suite (CEO, CTO, CISO, CIO)
    • Managers and Decision Makers
    • Cybersecurity Analysts
    • Security Engineers and Architects
    • Enterprise Architects
    • Security Administrators
    • Compliance Managers
    • Systems Engineers
    • Developers

    The ZTT program covers eight areas of Zero Trust knowledge and will be rolled out in a series of six courses available on CSA’s Knowledge Center. To learn more about CSA’s Zero Trust Training program, download the ZTT overview and get started.  

    Special offer for CSA Members! 

    Through December 31, CSA corporate members receive 50% off the ZTT bundle on the Knowledge Center, which includes six online ZTT courses and one exam token. Fill out this form to claim 50% off the ZTT bundle or learn how you can create a custom ZTT package for your team that meets the unique needs of your organization. 

  • Get ready for a discount of galactic proportions on May 4th

    Take advantage of our biggest discount ever on the Certificate of Cloud Security Knowledge (CCSK), you must!

    Help us celebrate Star Wars Day and mark your calendar for a massive savings opportunity on May 4th. The CCSK certificate is widely recognized as the standard of expertise for cloud security, providing a solid, foundational knowledge of how to secure data in the cloud. To ensure this valuable credential is widely accessible, we will be offering 54% off all CCSK online products:


    Start: Midnight (12 AM PT), Wednesday, 5/4/22
    End: Midnight (12 AM PT), Thursday, 5/5/22

    Our mission is to train cloud experts and help fill the skills gap in cloud security. Further your knowledge, increase your professional opportunities, and share this promotion with anyone who might benefit from it!

    You’ll hear from us again Wednesday about how you can save 54% on these CCSK offerings.

  • Seeking co-chair for the Cloud Key Mgmt working group!

    Dear Circle members,
    The Cloud Security Alliance is looking for a new co-chair for the Cloud Key Management working group.
    The main purpose of the Cloud Key Management Working Group is to educate and guide the use of traditional and cloud key management systems with and between cloud services.

    The chair/co-chair will lead the working group while steering the focus of the topic of the working group, suggest new activities, and ensure forward progress for the working group. 

    Purpose:
    To lead the working group through the business of completing the tasks required in order to meet the mandate and objectives of the working group as they are formed in the working group's charter document.


    Responsibilities
      • Prepare agenda for meeting/call
      • Delegate responsibilities to committee members
      • Use the committee's mandate and objectives to guide work of committee
      • Involve all members in the decision making
      • Keep a written file of work of committee and working group
      • Schedule deliverables and set milestones towards completion of deliverables.
      • Draft proposed resolutions (motions) for inclusion in written reports
      • Orchestrate contributions to the produced working group documents by different volunteers
      • Judge items in or out of scope for the Group.
    • Revises deliverables timeline as needed.
    • Stay up-to-date with all phases of a policy proposal relevant to the WG

    What we're looking for in a chair:
    • Experience in chairing similar groups, committees, and/or conferences;
    • Previous participation or technical contributions in related communities;
    • Ability to satisfy the time commitment;
    • Ability to keep the Working Group "in Charter";
    Anyone with technical expertise on the topic that satisfies the above criteria is welcomed to declare their interest, until Friday 6th of May.

    Candidates need to provide:
    • Bio and how it relates to the Cloud Key Mgmt topic
    • Ideas for the working group roadmap
    • What role can the working group have for the Cloud Key Mgmt industry
    and will then be chosen through a voting tool.

    If interested, please communicate with [email protected]cloudsecurityalliance.org
    Best regards,
    Marina
  • Countdown to Y2Q

    Don’t panic! Okay, well, panic a little bit: At the CSA Research Summit, we began the Year to Quantum (Y2Q) countdown. We’ve estimated that by April 14, 2030, a quantum computer will be able to break the present-day cybersecurity infrastructure. That isn’t much time to develop and implement a plan to update your crypto systems with quantum-safe solutions. Our Quantum-safe Security Working Group has created multiple documents that can help. View their work here 
  • Zero Trust Advancement Center (ZTAC)

    We’re very excited to announce the launch of the Zero Trust Advancement Center (ZTAC), an initiative made possible by organizations CrowdStrikeOkta and Zscaler. The mission of the ZTAC is to develop Zero Trust research, training and an online center offering educational resources.

    Visit the Zero Trust Advancement Center to learn more 
  • SECtember 2022

    Registration for SECtember 2022 is now open! Join us in Bellevue, WA on Sept. 26-30 to hear from featured leaders from government, cloud, cybersecurity, and Global 2000 enterprises. Our keynote speakers this year will include Jason Witty, Chief Security Officer, USAA, and returning guest Jen Easterly, Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

    Obtain the tools you need to manage cyber risk in modern enterprises by attending the first global event dedicated to the intersection of cloud and cybersecurity. Learn more and register here: https://csaurl.org/6e25gx

    #SECtember #cloudsecurity #cybersecurityconference