In this episode, John DiMaria & Cameron Kline, Director of Attest Services at BARR Advisory delve into the relationship between CSA STAR Level 2 and ISO 27001 standards, emphasizing the significant overlap in best practices, procedures, and controls for cloud service providers (CSPs) operating in medium- to high-risk environments. They highlight how collaboration with an auditing firm certified in both frameworks can expedite the compliance process, offering practical tips for streamlining attestations.  Discover why dual compliance against CSA STAR Level 2 and ISO 27001 is paramount ..read more

In a world where the speed of business is only outpaced by the speed of regulatory changes, staying compliant without slowing down has become the new competitive edge. In this episode, we delve into the heart of agile compliance with a special guest Travis Howerton; Co-Founder and Chief Executive Officer of RegScale, a pioneering company at the forefront of compliance automation. Discover how automated technology and continuous monitoring is revolutionizing the way organizations approach compliance, risk management, and governance in both the private and government sectors. Our guest will shar ..read more

In the latest CSA Security Update Podcast episode, we delve into the fascinating world of cybersecurity attestations and explore why CPA firms are increasingly leading the charge in this domain. Host John DiMaria is joined by Pawel Wilczynski, Cybersecurity Manager at Baker Newman Noyes (BNN), a top-ranked tax, assurance, and advisory firm and an accredited CSA STAR Assessment Firm. The episode delves into why CPA firms, traditionally known for financial audits, are exceptionally well-suited for cybersecurity attestations and how they apply their expertise in ensuring rigorous processes and ad ..read more

In today's digital landscape, cloud security and governance are paramount. But how do we measure and attest to the security controls of cloud service providers? Enter the Cloud Security Alliance STAR Attestation and SOC2 - two prominent frameworks for assessing and ensuring cloud security. In this episode, we dive deep into the intricacies of CSA STAR Attestation, its relationship with SOC2, and their collective impact on cloud governance and cybersecurity. Join the CSA and our guests, Pat Nester and Michael Nouguier, as they shed light on these intertwined topics, helping businesses navigate ..read more

In our enlightening interview with Steve Orrin, Federal CTO at Intel, we delve into the intricate world of government cloud technologies, the key role of FEDRAMP, and the future of CCM/STAR integration. Orrin provides an insider's perspective on how these powerful tools are shaping the landscape of data security and regulatory compliance in the digital age. We also explore the challenges and opportunities presented by these technologies, offering valuable insights for stakeholders navigating the complex government cloud infrastructure. This engaging conversation promises to deepen your underst ..read more

In this podcast interview, we sit down with Nandor Csonka, the global practice lead for cloud security services at NCC Group, to explore their adoption and implementation of the CSA Cloud Control Matrix (CCM). Nandor shares the initial process of why NCC Group adopted the CCM and the challenges they encountered as a non CSP (Cloud Service Provider), along with their strategies for overcoming them.  He also highlights the specific benefits and improvements that resulted from the adoption within NCC Group. Furthermore, Nandor delves into the common challenges faced by clients when implemen ..read more

This case study highlights Dell Technologies' journey towards adopting the Cloud Security Alliance's (CSA) Security, Trust, and Assurance Registry (STAR) program to enhance its cloud security.  Dell Technologies addressed the continued challenges of the cloud by adopting the CSA STAR program, which provided a framework for assessing and documenting cloud providers' security and compliance posture.    Join us as we talk to Andrea Doherty; Technical lead for the Dell Technologies Security and Resiliency Organization's Trusted Cloud and Services program where she discusses Dell's c ..read more

This case study highlights Dell Technologies' journey towards adopting the Cloud Security Alliance's (CSA) Security, Trust, and Assurance Registry (STAR) program to enhance its cloud security.  Dell Technologies addressed the continued challenges of the cloud by adopting the CSA STAR program, which provided a framework for assessing and documenting cloud providers' security and compliance posture.    Join us as we talk to Andrea Doherty; Technical lead for the Dell Technologies Security and Resiliency Organization's Trusted Cloud and Services program where she discusses Dell's c ..read more

Private cloud computing refers to a computing infrastructure setup where an organization operates its own cloud environment within its data center. What are the unique information security challenges faced day to day. VS other types of cloud, and how does one use the CSA Cloud Control Matrix to mitigate the risks? Due to heightened security issues over the last few years, are companies considering moving to a private cloud? What are the pros and cons and what is the best advise from those doing it? Listen as we interview Balasubramanian (Bala) Krishnamurthy; Head of Cloud Security & Clo ..read more

As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles,AT 101) and the CSA Cloud Controls Matrix. Requirements for the cloud can be ..read more