Claim OwnershipCSA Security Update
Subscribed: 30Played: 132
Subscribe
© 2025 CSA Security Update
Description
CSA STAR is the industry's most powerful program for security assurance in the cloud.The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.This podcast series explores CSA STAR as well as CSA best practices and research along with associated technologies and tools.
52 Episodes
Reverse
As AI rapidly integrates into cloud environments, organizations are facing governance, risk, and compliance challenges that traditional frameworks like ISO 27001 were never designed to address. In this episode, we explore how ISO/IEC 42001, the new international standard for an Artificial Intelligence Management System (AIMS), provides a structured and auditable approach to responsible AI governance. You’ll learn how this standard helps organizations operationalize AI risk management while en...
As organizations accelerate their adoption of cloud and AI technologies, internal audit teams are being pushed into a new era of complexity. In this episode, Cloud Security Alliance’s John DiMaria and Grant Thornton’s Vik Rai unpack the evolving risk landscape across hybrid and multi-cloud environments—and what auditors must do to keep pace. We explore today’s most critical cloud security challenges, including unclear shared responsibility, governance gaps, misconfigurations, credential spraw...
In this episode of CSA Security Update, host John DiMaria and guest Scott Fuhriman of Invary discuss the evolving landscape of cloud security, focusing on the critical vulnerabilities posed by implicit trust in foundational components like kernels and hypervisors. They explore the limitations of traditional security tools and the necessity of continuous integrity measurement as a proactive defense against modern threats, including zero-day attacks. The conversation underscores the importance ...
Summary In this episode, John DiMaria and John Earle discuss the rapid rise of AI in cybersecurity, drawing parallels to the early adoption of cloud security. They explore the importance of organizational culture, change management, and team dynamics in shaping security initiatives. The conversation emphasizes the need for effective communication and the role of security champions in overcoming resistance to change. Looking ahead, they highlight the qualities that will define successful secu...
As organizations embrace generative AI, ensuring applications align with safeguards is critical. Today, we are here to explore how proper Guardrails can enable responsible AI by filtering harmful content, enforcing policies, and supporting compliance—all without slowing innovation. Join us as we interview Saptarshi Banerjee, Senior Solutions Architect at Amazon Web Services (AWS Listeners will hear real-world use cases, governance best practices, and how to build AI solutions that ...
In this insightful episode, we explore the intricate world of GDPR compliance and how tools like codes of conduct can support cloud service providers. Our special guest, Gabriela Mercuri, Managing Director of SCOPE Europe, shares her expertise on the EU Cloud Code of Conduct (EU Cloud CoC), a pivotal GDPR compliance tool designed specifically for the cloud industry. Join us as we discuss the significance of these codes of conduct, their role in ensuring data protection, and how they offer a p...
The attack surface has expanded and evolved dramatically in an era where the industry is investing nearly a trillion dollars in cloud infrastructure, operations, and applications. Modern cloud development enables faster application building and introduces complex security challenges. As generative AI becomes increasingly integrated into our tools and processes, it promises to transform how we approach cybersecurity. But what does that mean for security and development teams today? Join us in...
In our latest episode, we delve into the innovative approach of auditing "themes" as introduced in the ISO/IEC 27001:2022 revision. This reorganization of domains marks a significant shift in how we think about and implement information security management. By centering our conversation on auditing themes, we explore how this new structure enhances the alignment of security practices with organizational goals and risks. We'll discuss the rationale behind this change, practical insights on tra...
In this exclusive interview, we have the honor of speaking with a representative from the Cloud Security Alliance (CSA), the esteemed recipient of the 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training. This award acknowledges CSA's groundbreaking Certificate of Competence in Zero Trust (CCZT), the industry's first authoritative training and certification program dedicated to Zero Trust architecture, components, and best practices. During this session, we will delve into the de...
In the ever-expanding digital world, securing applications and the infrastructure they rely on is critical. This episode tackles three key security field acronyms: Application Security Posture Management (ASPM), Cloud Security Posture Management (CSPM), and Cloud-Native Application Protection Platform (CNAPP). While all focused on bolstering security posture, these target different aspects of one's security program. Listen as we interview Karthik Swarnam, Chief Security and Trust Officer at ...
In this episode, John DiMaria & Cameron Kline, Director of Attest Services at BARR Advisory, delve into the relationship between CSA STAR Level 2 and ISO 27001 standards, emphasizing the significant overlap in best practices, procedures, and controls for cloud service providers (CSPs) operating in medium- to high-risk environments. They highlight how collaboration with an auditing firm certified in both frameworks can expedite the compliance process, offering practical tips for streamlini...
In a world where the speed of business is only outpaced by the speed of regulatory changes, staying compliant without slowing down has become the new competitive edge. In this episode, we delve into the heart of agile compliance with a special guest Travis Howerton; Co-Founder and Chief Executive Officer of RegScale, a pioneering company at the forefront of compliance automation. Discover how automated technology and continuous monitoring is revolutionizing the way organizations approach comp...
In the latest CSA Security Update Podcast episode, we delve into the fascinating world of cybersecurity attestations and explore why CPA firms are increasingly leading the charge in this domain. Host John DiMaria is joined by Pawel Wilczynski, Cybersecurity Manager at Baker Newman Noyes (BNN), a top-ranked tax, assurance, and advisory firm and an accredited CSA STAR Assessment Firm. The episode delves into why CPA firms, traditionally known for financial audits, are exceptionally well-suited ...
In today's digital landscape, cloud security and governance are paramount. But how do we measure and attest to the security controls of cloud service providers? Enter the Cloud Security Alliance STAR Attestation and SOC2 - two prominent frameworks for assessing and ensuring cloud security. In this episode, we dive deep into the intricacies of CSA STAR Attestation, its relationship with SOC2, and their collective impact on cloud governance and cybersecurity. Join the CSA and our guests, Pat Ne...
In our enlightening interview with Steve Orrin, Federal CTO at Intel, we delve into the intricate world of government cloud technologies, the key role of FEDRAMP, and the future of CCM/STAR integration. Orrin provides an insider's perspective on how these powerful tools are shaping the landscape of data security and regulatory compliance in the digital age. We also explore the challenges and opportunities presented by these technologies, offering valuable insights for stakeholders navigating ...
In this podcast interview, we sit down with Nandor Csonka, the global practice lead for cloud security services at NCC Group, to explore their adoption and implementation of the CSA Cloud Control Matrix (CCM). Nandor shares the initial process of why NCC Group adopted the CCM and the challenges they encountered as a non CSP (Cloud Service Provider), along with their strategies for overcoming them. He also highlights the specific benefits and improvements that resulted from the adoption...
This case study highlights Dell Technologies' journey towards adopting the Cloud Security Alliance's (CSA) Security, Trust, and Assurance Registry (STAR) program to enhance its cloud security. Dell Technologies addressed the continued challenges of the cloud by adopting the CSA STAR program, which provided a framework for assessing and documenting cloud providers' security and compliance posture. Join us as we talk to Andrea Doherty; Technical lead for the Dell Technologies...
Private cloud computing refers to a computing infrastructure setup where an organization operates its own cloud environment within its data center. What are the unique information security challenges faced day to day. VS other types of cloud, and how does one use the CSA Cloud Control Matrix to mitigate the risks? Due to heightened security issues over the last few years, are companies considering moving to a private cloud? What are the pros and cons and what is the best advise from those d...
As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA ...
As we’re seeing more cyber attacks in software, open-source software, etc., there is a crucial need for businesses to future-proof against emerging threats. - How can companies take preventative (vs reactive) measures, including embedding security into the software as it’s being built (security by design) - Urgency for daily scans - How the CCM and STAR Program can facilitate reducing risk and understanding the Shared Responsibility Model. - What to expect in 2022 (more supply ch...
Comments
Download from Google Play
Download from App Store
United States