CSA STAR is the industry's most powerful program for security assurance in the cloud.The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.This podcast series explores CSA STAR as well as CSA best practices and research along with associated technologies and tools.
Why CPA Firms Excel in Cybersecurity Attestations
In the latest CSA Security Update Podcast episode, we delve into the fascinating world of cybersecurity attestations and explore why CPA firms are increasingly leading the charge in this domain. Host John DiMaria is joined by Pawel Wilczynski, Cybersecurity Manager at Baker Newman Noyes (BNN), a top-ranked tax, assurance, and advisory firm and an accredited CSA STAR Assessment Firm.
The episode delves into why CPA firms, traditionally known for financial audits, are exceptionally well-suited for cybersecurity attestations and how they apply their expertise in ensuring rigorous processes and adherence to standards like CSA STAR when performing cybersecurity assurance over cloud systems.
This episode is a must-listen for anyone interested in understanding the critical role of CPA firms in the evolving landscape of cybersecurity attestations.
Cloud Security Unveiled: Navigating CSA STAR Attestation and SOC2 in the Digital Age
In today's digital landscape, cloud security and governance are paramount. But how do we measure and attest to the security controls of cloud service providers? Enter the Cloud Security Alliance STAR Attestation and SOC2 - two prominent frameworks for assessing and ensuring cloud security. In this episode, we dive deep into the intricacies of CSA STAR Attestation, its relationship with SOC2, and their collective impact on cloud governance and cybersecurity. Join the CSA and our guests, Pat Nester and Michael Nouguier, as they shed light on these intertwined topics, helping businesses navigate the cloudy (pun intended) waters of modern IT infrastructure.
Bridging Cloud Security and Compliance: Government Cloud, FEDRAMP, and CCM/STAR Integration
In our enlightening interview with Steve Orrin, Federal CTO at Intel, we delve into the intricate world of government cloud technologies, the key role of FEDRAMP, and the future of CCM/STAR integration. Orrin provides an insider's perspective on how these powerful tools are shaping the landscape of data security and regulatory compliance in the digital age. We also explore the challenges and opportunities presented by these technologies, offering valuable insights for stakeholders navigating the complex government cloud infrastructure. This engaging conversation promises to deepen your understanding of these critical domains and their transformative impact on today's digital governance landscape.
Securing Cloud Technology: Insights from NCC Group. Adopting and Implementing CSA Cloud Control Matrix
In this podcast interview, we sit down with Nandor Csonka, the global practice lead for cloud security services at NCC Group, to explore their adoption and implementation of the CSA Cloud Control Matrix (CCM). Nandor shares the initial process of why NCC Group adopted the CCM and the challenges they encountered as a non CSP (Cloud Service Provider), along with their strategies for overcoming them.
He also highlights the specific benefits and improvements that resulted from the adoption within NCC Group. Furthermore, Nandor delves into the common challenges faced by clients when implementing the CSA CCM and provides insights on successful adoption strategies.
We discuss the transition from older versions to CSA CCM V4 and its associated challenges. Lastly, Nandor sheds light on NCC Group's future involvement with the CSA CCM, including their journey to become an accredited CB (Certification Body) and CSA STAR (Security, Trust & Assurance Registry) auditing firm. He also shares his perspective on areas where organizations may need to focus more attention and allocate resources in the coming years. Join us for an insightful discussion on securing cloud technology and reducing risk with NCC Group's cloud security expert.
Shining Bright with Dell: A Case Study on Embracing CSA STAR Program for Cloud Security
This case study highlights Dell Technologies' journey towards adopting the Cloud Security Alliance's (CSA) Security, Trust, and Assurance Registry (STAR) program to enhance its cloud security.
Dell Technologies addressed the continued challenges of the cloud by adopting the CSA STAR program, which provided a framework for assessing and documenting cloud providers' security and compliance posture.
Join us as we talk to Andrea Doherty; Technical lead for the Dell Technologies Security and Resiliency Organization's Trusted Cloud and Services program where she discusses Dell's challenges, objectives, and implementation outcomes.
Find out how they were able to enhance their comprehensive security and compliance program, gain a competitive advantage, and enhance customer trust.
Private Cloud Computing - Security Considerations, Risks and Shared Responsibility
Private cloud computing refers to a computing infrastructure setup where an organization operates its own cloud environment within its data center.
What are the unique information security challenges faced day to day. VS other types of cloud, and how does one use the CSA Cloud Control Matrix to mitigate the risks?
Due to heightened security issues over the last few years, are companies considering moving to a private cloud? What are the pros and cons and what is the best advise from those doing it?
Listen as we interview Balasubramanian (Bala) Krishnamurthy; Head of Cloud Security & Cloud Automation Services at Nokia. Bala will take us on a virtual case study concerning the private cloud, its advantages, challenges, and their journey to achieving CSA STAR Certification, along with advice to all CSPs in the process of considering STAR Certification.