CSA Security Update
43 episodes - English - Latest episode: 3 months ago - ★★★★★ - 2 ratingsCSA STAR is the industry's most powerful program for security assurance in the cloud.The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.This podcast series explores CSA STAR as well as CSA best practices and research along with associated technologies and tools.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Why CPA Firms Excel in Cybersecurity Attestations
January 17, 2024 20:00 - 28 minutes - 19.6 MBIn the latest CSA Security Update Podcast episode, we delve into the fascinating world of cybersecurity attestations and explore why CPA firms are increasingly leading the charge in this domain. Host John DiMaria is joined by Pawel Wilczynski, Cybersecurity Manager at Baker Newman Noyes (BNN), a top-ranked tax, assurance, and advisory firm and an accredited CSA STAR Assessment Firm. The episode delves into why CPA firms, traditionally known for financial audits, are exceptionally well-suite...
Cloud Security Unveiled: Navigating CSA STAR Attestation and SOC2 in the Digital Age
November 27, 2023 17:00 - 43 minutes - 30.1 MBIn today's digital landscape, cloud security and governance are paramount. But how do we measure and attest to the security controls of cloud service providers? Enter the Cloud Security Alliance STAR Attestation and SOC2 - two prominent frameworks for assessing and ensuring cloud security. In this episode, we dive deep into the intricacies of CSA STAR Attestation, its relationship with SOC2, and their collective impact on cloud governance and cybersecurity. Join the CSA and our guests, Pat N...
Bridging Cloud Security and Compliance: Government Cloud, FEDRAMP, and CCM/STAR Integration
July 24, 2023 20:00 - 41 minutes - 28.2 MBIn our enlightening interview with Steve Orrin, Federal CTO at Intel, we delve into the intricate world of government cloud technologies, the key role of FEDRAMP, and the future of CCM/STAR integration. Orrin provides an insider's perspective on how these powerful tools are shaping the landscape of data security and regulatory compliance in the digital age. We also explore the challenges and opportunities presented by these technologies, offering valuable insights for stakeholders navigating...
Securing Cloud Technology: Insights from NCC Group. Adopting and Implementing CSA Cloud Control Matrix
May 16, 2023 15:00 - 34 minutes - 23.7 MBIn this podcast interview, we sit down with Nandor Csonka, the global practice lead for cloud security services at NCC Group, to explore their adoption and implementation of the CSA Cloud Control Matrix (CCM). Nandor shares the initial process of why NCC Group adopted the CCM and the challenges they encountered as a non CSP (Cloud Service Provider), along with their strategies for overcoming them. He also highlights the specific benefits and improvements that resulted from the adoption wit...
Shining Bright with Dell: A Case Study on Embracing CSA STAR Program for Cloud Security
April 18, 2023 15:00 - 17 minutes - 12.3 MBThis case study highlights Dell Technologies' journey towards adopting the Cloud Security Alliance's (CSA) Security, Trust, and Assurance Registry (STAR) program to enhance its cloud security. Dell Technologies addressed the continued challenges of the cloud by adopting the CSA STAR program, which provided a framework for assessing and documenting cloud providers' security and compliance posture. Join us as we talk to Andrea Doherty; Technical lead for the Dell Technologies Security and...
Private Cloud Computing - Security Considerations, Risks and Shared Responsibility
January 30, 2023 21:00 - 35 minutes - 24.3 MBPrivate cloud computing refers to a computing infrastructure setup where an organization operates its own cloud environment within its data center. What are the unique information security challenges faced day to day. VS other types of cloud, and how does one use the CSA Cloud Control Matrix to mitigate the risks? Due to heightened security issues over the last few years, are companies considering moving to a private cloud? What are the pros and cons and what is the best advise from those ...
STAR Attestation - One of the most powerful programs to evaluate the cloud sector
May 17, 2022 20:00 - 36 minutes - 25 MBAs organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA...
Application Security - The Importance of Future Proofing Your Process
April 22, 2022 14:00 - 32 minutes - 22.5 MBAs we’re seeing more cyber attacks in software, open-source software, etc., there is a crucial need for businesses to future-proof against emerging threats. - How can companies take preventative (vs reactive) measures, including embedding security into the software as it’s being built (security by design) - Urgency for daily scans - How the CCM and STAR Program can facilitate reducing risk and understanding the Shared Responsibility Model. - What to expect in 2022 (more supply chain attac...
CSA STAR and CCM V4 Case Study Guest: Ronald Tse; CEO and Founder of RIBOSE
March 21, 2022 17:00 - 47 minutes - 32.6 MBSTAR Certification is the internationally recognized cloud security certification program from CSA that specifies comprehensive and stringent cloud security requirements on CSPs. The CSA Cloud Controls Matrix (CCM) is the de-facto standard for cloud security assurance and compliance, widely used in assessing cloud security performance of cloud implementations. Ribose Achieved the world’s first STAR Certification with CSA Cloud Controls Matrix v4 that was released in January 2021. Recorded...
Who moved my cheese? Changes to the ISO standards and how they will affect you.
March 17, 2022 18:00 - 32 minutes - 22.4 MBAs the businesses change the world changes and so does the standards industry. Being up to speed on those changes and paying attention to such changes can help company's succeed. CSA is dedicated to keep our followers up-to-date on these changes and how they may affect the users and provide guidance and information on what can be expected moving forward as well as what organizations should be concerned about as well as tips on preparing for these changes. Listen as we interview Ryan Mackie...
Fighting Ransomeware in the Cloud
March 11, 2022 21:00 - 19 minutes - 13.5 MBIn order to fight against ransomware in the cloud, you need to have a multifaceted strategy so you can be better prepared to protect against and respond to attacks. But IT organizations often struggle to understand the priorities and the appropriate approach to mitigate risk and minimize the impact of ransomware. With more tools and software, organizations many times throw money at technology solutions and do not address people and processes not to mention sector-specific controls to help de...
CSA STAR Case Study, Guest: Nick Murison; CISO of Ardoq
December 10, 2021 19:00 - 36 minutes - 24.8 MBCloud computing has created new security vulnerabilities, including security issues whose full impacts are still emerging. With the massive growth the cloud industry is experiencing, it's a "buyer beware" environment for sure. The procurement process can be a daunting task for clients since each cloud service provider shows its security methods unique ways, making comparisons between sellers time-consuming. CSA facilitates this process. "We take security very seriously, focusing on protec...
Multi-party Recognition (MPRF) - Reduces cost and facilitates lower risk all the while building a culture of resiliency.
November 08, 2021 20:00 - 48 minutes - 33.1 MBThrough a funded initiative called the EU-SEC Project, CSA has analyzed the issue of the proliferation of cloud security standards and compliance schemes, and has observed that many security requirements and control objectives in different standards are largely overlapping. As a consequence, the process of adhering to different standards, laws and regulations for CSPs is inefficient, with a lot of duplicated work that unduly increases costs and complexity. The idea behind the MPRF is not t...
SAXO Bank - First Bank to achieve STAR Attestation
July 27, 2021 18:00 - 22 minutes - 15.8 MBSaxo Bank became the first bank in the world to earn the Cloud Security Alliance STAR Level 2 Attestation and Trusted Cloud Provider accreditation. This milestone in the bank’s technology aspirations means Saxo Bank qualifies for and adheres to the highest and most comprehensive principles in terms of transparency, privacy, security and harmonization of standards across its IT systems, services and infrastructure that supports the business and different client segments from back-office syst...
CSA CxO Trust Initiative Understanding the priorities of your peers within the C-Suite
June 25, 2021 17:00 - 29 minutes - 20.6 MBThe mission of the CSA CxO Trust is to help Chief Information Security Officers (CISOs) better understand the priorities of their peers within the C-Suite and to also enable CISOs with tools to communicate business risk, governance, and compliance issues of cloud computing and cybersecurity in the proper context to their peers within the C-Suite and their boards of directors. This initiative will be forward looking and innovative in advancing cloud computing and cybersecurity within the C-S...
CSA CxO Trust Initiative Understanding the priorities of your peers within the C-Suite
June 25, 2021 17:00 - 29 minutes - 20.6 MBThe mission of the CSA CxO Trust is to help Chief Information Security Officers (CISOs) better understand the priorities of their peers within the C-Suite and to also enable CISOs with tools to communicate business risk, governance, and compliance issues of cloud computing and cybersecurity in the proper context to their peers within the C-Suite and their boards of directors. This initiative will be forward looking and innovative in advancing cloud computing and cybersecurity within the C-S...
Objectives-based Security - Enabling Security Teams to deliver desired outcomes
June 08, 2021 16:00 - 32 minutes - 22.4 MB"There is a proliferation of security products. As more high-value assets come online, the cybersecurity threats grow and the application environments rapidly change. Security teams are stretched thin trying to continuously map the desired business outcomes to disparate product configurations in these environments". "What we lack as an industry is a cohesive and a high-level approach to enabling security teams to deliver cybersecurity outcomes. A different approach to security is needed". ~...
The advantages and future of the Cloud Control Matrix
March 03, 2021 18:00 - 31 minutes - 21.6 MBThe Cloud Control Matrix (CCM) is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology. It can be used as a tool for the systematic assessment of cloud implementation and provides guidance on which security controls should be implemented by which actor within the cloud supply chain. The CCM is considered the de-facto standard for cloud security and privacy. Listen as we interview Harry Lu; The current Co-Chair of the Cloud Securit...
A case study – CCM and STAR –Integrating with third-party assessments and regulations to avoid duplication of effort and cost.
February 01, 2021 17:00 - 27 minutes - 18.6 MBThe CCM is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance, and Risk (STAR) registry. The STAR program promotes flexible, incremental, and multi-layered certifications that integrate with popular third-party assessments to avoid duplication of effort and cost. Security providers can fill out the extended question set that aligns with the CCM and send it to potential and current clients to demonstrate compliance to industry standards, fra...
The Business Value of STAR Attestation
October 16, 2020 14:00 - 37 minutes - 26.1 MBAs organizations look to cloud services to process more sensitive and critical data, security, and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. Based on the CSA’s Cloud Controls Matrix (CCM), STAR is the only meta-framework of cloud-specific security controls, mapped to leading standards, that ena...
How to Engage with Cloud Customers
July 27, 2020 13:00 - 24 minutes - 16.7 MBAs a cloud service provider (CSP) customer engagement is crucial. It impacts customer loyalty, which directly impacts the bottom line. The potential cost of incompetent customer engagement should be concerning to CSPs. The lines between cloud providers and cloud consumers keep getting fuzzier every day. What are the main challenges of cloud computing that users face? What is the growing paradigm shift in what users will expect from CSP’s moving forward as a minimum requirement? What ...
CSA STAR + SOC2 - From Readiness to Attestation
May 26, 2020 23:00 - 31 minutes - 21.4 MBAs organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA...
CSA STAR Certification Case Study Guest: Larry Greenblatt, CISSP, CCSP; Information Security Specialist at QAD
March 25, 2020 13:00 - 36 minutes - 24.8 MBThe Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings. The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement d...
IoT and SMART Nations - Building Resilience - Guest: David Mudd; BSI Group
March 02, 2020 20:00 - 28 minutes - 19.6 MBIoT defines the journey of digital technology and data to enable organizations to perform better, boost well-being and respond to local and global challenges – presenting a huge opportunity but risk as well. With SMART Cites and SMART Nations emerging, a sustainable, pragmatic approach is necessary, ensuring the people, processes, and systems are secure. With predictions that three-quarters of the world’s 9 billion people will be city-dwellers by 2050, it’s vital we ensure cities provide a...
IoT and SMART Nations - Building Resilience - Guest: David Mudd; BSI Group
March 02, 2020 20:00 - 28 minutes - 19.6 MBIoT defines the journey of digital technology and data to enable organizations to perform better, boost well-being and respond to local and global challenges – presenting a huge opportunity but risk as well. With SMART Cites and SMART Nations emerging, a sustainable, pragmatic approach is necessary, ensuring the people, processes, and systems are secure. With predictions that three-quarters of the world’s 9 billion people will be city-dwellers by 2050, it’s vital we ensure cities provide a...
Sneak Preview of CSA Summit and RSA February 24 - 27 2020
February 11, 2020 13:00 - 5 minutes - 3.81 MBExcerpt from the most recent PODCAST interview with Jim Reavis; Co-Founder and CEO of Cloud Security Alliance discussing the activities and speakers at the upcoming CSA Summit at RSA! https://cloudsecurityalliance.org/star/
CSA 2019 Year in Review and look into 2020 with Co-Founder & CEO Jim Reavis
January 17, 2020 13:00 - 26 minutes - 18 MB2019 was another great year for CSA and it sets the stage for an even greater year in 2020. Listen to this insightful interview with Jim Reavis; Co-Founder and CEO of the Cloud Security Alliance as he provides a look back at the accomplishments and milestones achieved in 2019 and provides a look into the journey we will be taking in 2020. If you're not already, it is a great starting point to get involved with CSA and it's massive cloud community. https://cloudsecurityalliance.org/star/
The STAR Certification Journey - Guest:Willibert Fabritius; Global Head of Information Security and Business Continuity, BSI Group
December 11, 2019 20:00 - 38 minutes - 26.2 MBThe Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings. The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement d...
CSA STAR Attestation; The first cloud-specific attestation program. Guest: Debbie Zallar; Principle, Schellman & Company LLC
November 19, 2019 18:00 - 28 minutes - 19.9 MBAs organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA...
Reducing Business Risk with Forensic Readiness – Guest: Lamont Orange; CISO, Netskope
November 06, 2019 13:00 - 24 minutes - 17.2 MBForensic readiness is defined as the ability of an organization to maximize its potential to use good quality digital evidence to protect the organization, support the investigators while minimizing the costs of an investigation. Trust in the cloud is constantly under attack, so good data-driven decisions are critical. Determining whether a data source provides an acceptable level of digital evidence is one thing, but how do you safeguard data integrity to ensure that the information contai...
EU-SEC-Multiparty Recognition Framework – Guest Damir Savanovic; Senior Analyst & Researcher; CSA
October 21, 2019 20:00 - 27 minutes - 18.9 MBSecurity compliance based on third-party audit is becoming increasingly complex –especially as a result of the considerable number of national, international and industry-specific standards and certification schemes present in the market, generating "compliance fatigue", not to mention sometimes contradicting audit reports related to similar controls, That often translates into substantial costs for those service providers The idea behind the MPRF is to provide a unified method of systemati...
CSA STAR Case Study - Guest: Deepak Gupta; Co-founder and CTO at LoginRadius
October 08, 2019 16:00 - 22 minutes - 15.7 MBAs a cloud service provider, there are many security challenges that organizations have to face which include providing customers and regulators with the proper level of transparency and assurance that is needed to achieve the required level of trust. Many organizations are turning to CSA STAR in answer to mandates, provide a marketing differentiator or just raising the bar in terms of their level of assurance and transparency. Listen as Deepak Gupta; Co-founder and CTO at LoginRadius e...
What Executives Should Know About Security Breaches and Prevention - Guest: Phillip Merrick; CEO, Fugue
September 24, 2019 18:00 - 36 minutes - 25.1 MBSecurity is not simply a CIO, CSO, or IT department issue. It is critical that organizations have a system in place that can prove the all important "Standard of Care" was deployed and maintained. Breaches, leaked documents, and cybersecurity attacks impact stock prices and competitive edge. It is a responsibility that must be shared amongst all employees. It is a matter of resilience and survival of the company. How should CEOs and board members get proactively involved in mitigating futu...
Live from Hong Kong! Meeting Business Requirements with CSA STAR - Guest: Ron Tse; CEO of Ribose
September 12, 2019 14:00 - 46 minutes - 31.8 MBRibose has achieved STAR Attestation, Certification and C-STAR along with being one of the first adopters of STAR Continuous. What was the main driver? What was the approach to implementation and how did they weave the STAR controls into their current management system to build one holistic integrated process? Listen as Ron Tse; Founder and CEO of Ribose as he addresses these questions along with discussing what challenges STAR addressed and predictions on what can be expected in the global...
CSA Research – Providing solutions for tomorrow's problems today – Guest: John Yeoh; Global V.P. of Research
August 28, 2019 17:00 - 27 minutes - 19 MBCSA research is such a big part of what CSA does, providing high quality relevant papers, studies and data free for all to take advantage of, yet in some cases is one of the best kept secrets on the amount of effort that goes into the output that has produced over 400 artifacts and to ensure its value and relevance. Collaborating with industry and harnessing the right subject matter expertise to ensure good cross-functionality is critical when it comes to producing valuable research. L...
Business Email Compromise Scams Remain a Billion-Dollar Problem - Guest: Ken Dunham, Optiv
August 14, 2019 12:00 - 30 minutes - 21.1 MBBusiness email compromise (BEC) scams are not going away anytime soon. For such a relatively low-tech type of financial fraud, it has proved to be a high-yield and lucrative enterprise for scammers. But the prevention measures are not expensive and not technology dependent. Listen as Ken Dunham;Senior Technical Director, Cyber Operations for Optiv discusses this growing issue, the process hackers use, the root cause and prevention recommendations you can use for cloud security when adopting...
Measuring the Value that Information Sharing adds to Threat Intelligence - Guest: Paul Kurtz; Co-Founder, CEO, TruStar
July 30, 2019 17:00 - 31 minutes - 21.8 MBInformation sharing activities when combined with other threat intelligence activities can be seen as important part of the arrangements of human and non‐human activities that, together, form a critical part to achieving organizational resilience. There is a reciprocal relationship between all processes within an organization and the ways in which information is used and shared. Join us as we talk to Paul Kurtz; Former white house senior member relating to critical infrastructure and c...
Measuring the Value that Information Sharing adds to Threat Intelligence - Guest: Paul Kurtz; Co-Founder, CEO, TruStar
July 30, 2019 17:00 - 31 minutes - 21.8 MBInformation sharing activities when combined with other threat intelligence activities can be seen as important part of the arrangements of human and non‐human activities that, together, form a critical part to achieving organizational resilience. There is a reciprocal relationship between all processes within an organization and the ways in which information is used and shared. Join us as we talk to Paul Kurtz; Former white house senior member relating to critical infrastructure and c...
The Business Case Behind Continuous Monitoring - Guest: Stephen Boyer; Founder & CTO, BitSight
July 22, 2019 02:00 - 38 minutes - 26.5 MBContinuous Monitoring enables automation of the current security practices of cloud providers. Providers publish their security practices according to CSA formatting and specifications, which customers and tool vendors can then retrieve and present in a variety of contexts. Continuous monitoring/auditing improves on the traditional point-in-time certification in both trust and transparency. Point-in-time audits while the foundation of many respected certifications, often contain a consid...
CSA CAIQ-Lite – When is a more Streamlined Vendor Security Assessment option applicable? Guest: Nick Sorensen, CEO, Whistic
July 03, 2019 19:00 - 22 minutes - 15.7 MBCSA and Whistic identified the need for a lighter-weight assessment questionnaire in order to accommodate the shift to cloud procurement models, and to enable cybersecurity professionals to more easily engage with cloud vendors. CAIQ-Lite was developed to meet the demands of an increasingly fast-paced cybersecurity environment where adoption is becoming paramount when selecting a vendor security questionnaire. CAIQ-Lite contains 73 questions compared to the 295 found in the CAIQ, while maint...
The growing complexity around cybersecurity and evolving technology Guest: Dr. Ron Ross, NIST
June 18, 2019 18:00 - 21 minutes - 14.5 MBDr. Ron Ross, Fellow and Senior Computer Scientist and Information Security Researcher in the computer security division at the National Institute of Standards and Technology (NIST) joins us to discuss the growing problem of too much complexity and the associated security issues that are growing because of it. In this episode we discuss the problem, the root cause and the proven best practice solutions that will facilitate moving from a reactive to proactive culture providing organizationa...
Trust and Transparency - The continued challenges in the cloud - Guest: Jim Reavis
June 04, 2019 16:00 - 37 minutes - 17.2 MBAn interview with Jim Reavis; Co-Founder and CEO of CSA addressing the many challenges and solutions regarding trust and transparency in the cloud as well a new operational security issues that is coming with 5G technology. https://cloudsecurityalliance.org/star/
Pilot Episode - CVE Vulnerability, Information Sharing and applicability to CSA STAR
May 13, 2019 13:00 - 27 minutes - 12.8 MBhttps://cloudsecurityalliance.org/star/