In this podcast interview, we sit down with Nandor Csonka, the global practice lead for cloud security services at NCC Group, to explore their adoption and implementation of the CSA Cloud Control Matrix (CCM). Nandor shares the initial process of why NCC Group adopted the CCM and the challenges they encountered as a non CSP (Cloud Service Provider), along with their strategies for overcoming them.  He also highlights the specific benefits and improvements that resulted from the adoption within NCC Group. Furthermore, Nandor delves into the common challenges faced by clients when implemen ..read more

This case study highlights Dell Technologies' journey towards adopting the Cloud Security Alliance's (CSA) Security, Trust, and Assurance Registry (STAR) program to enhance its cloud security.  Dell Technologies addressed the continued challenges of the cloud by adopting the CSA STAR program, which provided a framework for assessing and documenting cloud providers' security and compliance posture.    Join us as we talk to Andrea Doherty; Technical lead for the Dell Technologies Security and Resiliency Organization's Trusted Cloud and Services program where she discusses Dell's c ..read more

This case study highlights Dell Technologies' journey towards adopting the Cloud Security Alliance's (CSA) Security, Trust, and Assurance Registry (STAR) program to enhance its cloud security.  Dell Technologies addressed the continued challenges of the cloud by adopting the CSA STAR program, which provided a framework for assessing and documenting cloud providers' security and compliance posture.    Join us as we talk to Andrea Doherty; Technical lead for the Dell Technologies Security and Resiliency Organization's Trusted Cloud and Services program where she discusses Dell's c ..read more

Private cloud computing refers to a computing infrastructure setup where an organization operates its own cloud environment within its data center. What are the unique information security challenges faced day to day. VS other types of cloud, and how does one use the CSA Cloud Control Matrix to mitigate the risks? Due to heightened security issues over the last few years, are companies considering moving to a private cloud? What are the pros and cons and what is the best advise from those doing it? Listen as we interview Balasubramanian (Bala) Krishnamurthy; Head of Cloud Security & Clo ..read more

As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles,AT 101) and the CSA Cloud Controls Matrix. Requirements for the cloud can be ..read more

As we’re seeing more cyber attacks in software, open-source software, etc., there is a crucial need for businesses to future-proof against emerging threats.  - How  can companies take preventative (vs reactive) measures, including embedding security into the software as it’s being built (security by design) - Urgency for daily scans - How the CCM and STAR Program can facilitate reducing risk and understanding the Shared Responsibility Model. - What to expect in 2022 (more supply chain attacks expected) Get the answers to all these topics and more as we interview Farshad Abasi, Foun ..read more

As organizations look to cloud services to process more sensitive and critical data, security, and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. Based on the CSA’s Cloud Controls Matrix (CCM), STAR is the only meta-framework of cloud-specific security controls, mapped to leading standards, that enables third party audit review to give security teams the support and trust they require to enable this m ..read more

As a cloud service provider (CSP) customer engagement is crucial.  It impacts customer loyalty, which directly impacts the bottom line. The potential cost of incompetent customer engagement should be concerning to CSPs. The lines between cloud providers and cloud consumers keep getting fuzzier every day.  What are the main challenges of cloud computing that users face? What is the growing paradigm shift in what users will expect from CSP’s moving forward as a minimum requirement?  What are the top 3 or 4 risks of cloud computing they should be aware of on their end? Get answ ..read more

Cloud computing has created new security vulnerabilities, including security issues whose full impacts are still emerging.  With the massive growth the cloud industry is experiencing, it's a "buyer beware" environment for sure. The procurement can be a daunting task for clients since each cloud service provider shows its security methods unique ways, making comparisons between sellers time-consuming. CSA facilitates this process.   "We take security very seriously, focusing on protecting our customers and ourselves. In a constantly shifting landscape, we map out security threats and ..read more

As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Services Criteria) and the CSA Cloud Controls Matrix. Listen as we interview Debbie Zaller; Pri ..read more