CSA Security Update
CSA STAR is the industry's most powerful program for security assurance in the cloud.The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.This podcast series explores CSA STAR as well as CSA best practices and research along with associated technologies and tools.
Episodes
47 episodes
Empowering Cloud Providers: The EU Cloud Code of Conduct and GDPR Explained
In this insightful episode, we explore the intricate world of GDPR compliance and how tools like codes of conduct can support cloud service providers. Our special guest, Gabriela Mercuri, Managing Director of SCOPE Europe, shares her expertise ...
•
31:05
Real-talk: Opportunities for Security Teams to Fight AI with AI
The attack surface has expanded and evolved dramatically in an era where the industry is investing nearly a trillion dollars in cloud infrastructure, operations, and applications. Modern cloud development enables faster application building and...
•
41:19
ISO/IEC 27001:2022 Unpacked: Embracing Auditing Themes
In our latest episode, we delve into the innovative approach of auditing "themes" as introduced in the ISO/IEC 27001:2022 revision. This reorganization of domains marks a significant shift in how we think about and implement information securit...
•
43:33
From Concept to Competence: The Impact of CSA's Zero Trust Training
In this exclusive interview, we have the honor of speaking with a representative from the Cloud Security Alliance (CSA), the esteemed recipient of the 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training. This award acknowledges CS...
•
41:41
Decoding Security Solutions: ASPM vs CSPM vs CNAPP
In the ever-expanding digital world, securing applications and the infrastructure they rely on is critical. This episode tackles three key security field acronyms: Application Security Posture Management (ASPM), Cloud Security Posture Managemen...
•
30:23
Aligning Security Standards: Maximizing Synergy Between CSA STAR Level 2 and ISO 27001
In this episode, John DiMaria & Cameron Kline, Director of Attest Services at BARR Advisory, delve into the relationship between CSA STAR Level 2 and ISO 27001 standards, emphasizing the signifi...
•
28:32
Navigating the New Age of Compliance
In a world where the speed of business is only outpaced by the speed of regulatory changes, staying compliant without slowing down has become the new competitive edge. In this episode, we delve into the heart of agile compliance with a special ...
•
37:55
Why CPA Firms Excel in Cybersecurity Attestations
In the latest CSA Security Update Podcast episode, we delve into the fascinating world of cybersecurity attestations and explore why CPA firms are increasingly leading the charge in this domain. Host John DiMaria is joined by Pawel Wilczynski, ...
•
28:33
Cloud Security Unveiled: Navigating CSA STAR Attestation and SOC2 in the Digital Age
In today's digital landscape, cloud security and governance are paramount. But how do we measure and attest to the security controls of cloud service providers? Enter the Cloud Security Alliance STAR Attestation and SOC2 - two prominent framewo...
•
43:44
Bridging Cloud Security and Compliance: Government Cloud, FEDRAMP, and CCM/STAR Integration
In our enlightening interview with Steve Orrin, Federal CTO at Intel, we delve into the intricate world of government cloud technologies, the key role of FEDRAMP, and the future of CCM/STAR integration. Orrin provides an insider's perspective o...
•
41:05
Securing Cloud Technology: Insights from NCC Group. Adopting and Implementing CSA Cloud Control Matrix
In this podcast interview, we sit down with Nandor Csonka, the global practice lead for cloud security services at NCC Group, to explore their adoption and implementation of the CSA Cloud Control Matrix (CCM). Nandor shares the initial process ...
•
34:26
Shining Bright with Dell: A Case Study on Embracing CSA STAR Program for Cloud Security
This case study highlights Dell Technologies' journey towards adopting the Cloud Security Alliance's (CSA) Security, Trust, and Assurance Registry (STAR) program to enhance its cloud security. Dell Technologies addressed the continu...
•
17:56
Private Cloud Computing - Security Considerations, Risks and Shared Responsibility
Private cloud computing refers to a computing infrastructure setup where an organization operates its own cloud environment within its data center.What are the unique information security challenges faced day to day. VS other types of c...
•
35:16
STAR Attestation - One of the most powerful programs to evaluate the cloud sector
As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. ...
•
36:23
Application Security - The Importance of Future Proofing Your Process
As we’re seeing more cyber attacks in software, open-source software, etc., there is a crucial need for businesses to future-proof against emerging threats. - How can companies take preventative (vs reactive) measures, includ...
•
32:44
CSA STAR and CCM V4 Case Study Guest: Ronald Tse; CEO and Founder of RIBOSE
STAR Certification is the internationally recognized cloud security certification program from CSA that specifies comprehensive and stringent cloud security requirements on CSPs. The CSA Cloud Controls Matrix (CCM) is the de-facto standard for ...
•
47:28
Who moved my cheese? Changes to the ISO standards and how they will affect you.
As the businesses change the world changes and so does the standards industry. Being up to speed on those changes and paying attention to such changes can help company's succeed.CSA is dedicated to keep our followers up-to-date on these...
•
32:32
Fighting Ransomeware in the Cloud
In order to fight against ransomware in the cloud, you need to have a multifaceted strategy so you can be better prepared to protect against and respond to attacks. But IT organizations often struggle to understand the priorities and the approp...
•
19:40
CSA STAR Case Study, Guest: Nick Murison; CISO of Ardoq
Cloud computing has created new security vulnerabilities, including security issues whose full impacts are still emerging. With the massive growth the cloud industry is experiencing, it's a "buyer beware" environment for sure. The procure...
•
36:07
Multi-party Recognition (MPRF) - Reduces cost and facilitates lower risk all the while building a culture of resiliency.
Through a funded initiative called the EU-SEC Project, CSA has analyzed the issue of the proliferation of cloud security standards and compliance schemes, and has observed that many security requirements and control objectives in different st...
•
48:11
SAXO Bank - First Bank to achieve STAR Attestation
Saxo Bank became the first bank in the world to earn the Cloud Security Alliance STAR Level 2 Attestation and Trusted Cloud Provider accreditation.This milestone in the bank’s technology aspirations means Saxo Bank qualifies for ...
•
22:58
CSA CxO Trust Initiative Understanding the priorities of your peers within the C-Suite
The mission of the CSA CxO Trust is to help Chief Information Security Officers (CISOs) better understand the priorities of their peers within the C-Suite and to also enable CISOs with tools to communicate business risk, governance, and c...
•
29:55
Objectives-based Security - Enabling Security Teams to deliver desired outcomes
"There is a proliferation of security products. As more high-value assets come online, the cybersecurity threats grow and the application environments rapidly change. Security teams are stretched thin trying to continuously map the desired busi...
•
32:33
The advantages and future of the Cloud Control Matrix
The Cloud Control Matrix (CCM) is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology. It can be used as a tool for the systematic assessment of cloud implementation and provides gui...
•
31:21
A case study – CCM and STAR –Integrating with third-party assessments and regulations to avoid duplication of effort and cost.
The CCM is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance, and Risk (STAR) registry. The STAR program promotes flexible, incremental, and multi-layered certifications that integrate with p...
•
27:07