34 episodes

CSA STAR is the industry's most powerful program for security assurance in the cloud.The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.This podcast series explores CSA STAR as well as CSA best practices and research along with associated technologies and tools.

CSA Security Update John DiMaria; Assurance Investigatory Fellow

    • Arts
    • 5.0 • 1 Rating

CSA STAR is the industry's most powerful program for security assurance in the cloud.The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.This podcast series explores CSA STAR as well as CSA best practices and research along with associated technologies and tools.

    STAR Attestation - One of the most powerful programs to evaluate the cloud sector

    STAR Attestation - One of the most powerful programs to evaluate the cloud sector

    As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles,AT 101) and the CSA Cloud Controls Matrix.

    Requirements for the cloud can be quite different than non-cloud environments, so a generic approach to security compliance is not a viable solution for providing evidence of assurance in the cloud. Unique considerations must be given to:
    • Understanding the scope of the cloud computing environment.
    • Do the current security controls cover the unique aspects of the cloud environment?
    • Can the current risk assessment capture the risks correctly?
    • Audit trails that prove the effectiveness

    Join me as I interview  two Principles from Schellman, Ryan Mackie and Gary Nelson as they take you on a journey down the road to Cloud Attestation and provide details of the audit,  advice on implementation and the value proposition. 

    • 36 min
    Application Security - The Importance of Future Proofing Your Process

    Application Security - The Importance of Future Proofing Your Process

    As we’re seeing more cyber attacks in software, open-source software, etc., there is a crucial need for businesses to future-proof against emerging threats. 

    - How  can companies take preventative (vs reactive) measures, including embedding security into the software as it’s being built (security by design)
    - Urgency for daily scans
    - How the CCM and STAR Program can facilitate reducing risk and understanding the Shared Responsibility Model.
    - What to expect in 2022 (more supply chain attacks expected)

    Get the answers to all these topics and more as we interview Farshad Abasi, Founder and Chief Security Officer of Forward Security. In this episode, we discuss software design and development, network and system architecture and cybersecurity, management. 

    • 32 min
    CSA STAR and CCM V4 Case Study Guest: Ronald Tse; CEO and Founder of RIBOSE

    CSA STAR and CCM V4 Case Study Guest: Ronald Tse; CEO and Founder of RIBOSE

    STAR Certification is the internationally recognized cloud security certification program from CSA that specifies comprehensive and stringent cloud security requirements on CSPs. The CSA Cloud Controls Matrix (CCM) is the de-facto standard for cloud security assurance and compliance, widely used in assessing cloud security performance of cloud implementations.

    Ribose Achieved the world’s first STAR Certification with CSA Cloud Controls Matrix v4 that was released in January 2021. 

    Recorded live from Hong Kong, Ronald Tse; CEO and founder of RIBOSE, takes us through their journey with STAR over the years and discusses the value, ROI and future of STAR and the work being done to increase the value of the auditing and compliance landscape.

    • 47 min
    Who moved my cheese? Changes to the ISO standards and how they will affect you.

    Who moved my cheese? Changes to the ISO standards and how they will affect you.

    As the businesses change the world changes and so does the standards industry. Being up to speed on those changes and paying attention to such changes can help company's succeed.

    CSA is dedicated to keep our followers up-to-date on these changes and how they may affect the users and provide guidance and information on what can be expected moving forward as well as what organizations should be concerned about as well as tips on preparing for these changes.

    Listen as we interview Ryan Mackie of Schellman and Eric Hibbard of Samsung, both members of SC27 and discuss the most critical changes already released as well as those yet to come and what organizations can expect as well as what you should be thinking about.

    • 32 min
    Fighting Ransomeware in the Cloud

    Fighting Ransomeware in the Cloud

    In order to fight against ransomware in the cloud, you need to have a multifaceted strategy so you can be better prepared to protect against and respond to attacks. But IT organizations often struggle to understand the priorities and the appropriate approach to mitigate risk and minimize the impact of ransomware. With more tools and software, organizations many times throw money at technology solutions and do not address people and processes not to mention sector-specific controls to help detect, prevent, respond to ransomware not to mention other malware attacks.

    Listen as we discuss the subject and solutions with Greg Edwards; CEO of CryptoStopper.
    In this episode we get into:
    Practical steps to defend against RansomewareThe importance of implementing sector-specific controls as there is no "Onesize fits all solution".The powerful impact you can have by including all of People, Process and Technology

    • 19 min
    CSA STAR Case Study, Guest: Nick Murison; CISO of Ardoq

    CSA STAR Case Study, Guest: Nick Murison; CISO of Ardoq

    Cloud computing has created new security vulnerabilities, including security issues whose full impacts are still emerging.  With the massive growth the cloud industry is experiencing, it's a "buyer beware" environment for sure. The procurement process can be a daunting task for clients since each cloud service provider shows its security methods unique ways, making comparisons between sellers time-consuming. CSA facilitates this process.
     
    "We take security very seriously, focusing on protecting our customers and ourselves. In a constantly shifting landscape, we map out security threats and risks to plan current and future dangers. As the next step in our security journey, we’ve joined the Cloud Security Alliance (CSA), where we will be actively participating in an organization that raises awareness for cloud security best practices globally. With our membership, we will help and participate in cloud security-specific research, education, certification, events, and products". ~Nick Murison; Ardoq~

    Listen as we interview Nick Murison; CISO of Adoq and explore yet another case of how organizations are utilizing the STAR program and associated tools to help them improve their security posture meet compliance requirements and decrease risk and complexity.

    • 36 min

Customer Reviews

5.0 out of 5
1 Rating

1 Rating

Top Podcasts In Arts

The Moth
NPR
Roman Mars
The New York Times
Snap Judgment and PRX
Jason Weiser, Carissa Weiser