Menu
Sign In Search Podcasts Charts People & Topics Add Podcast API Pricing
Podcast Image

CSA Security Update

Arts

Activity Overview

Episode publication activity over the past year

Episodes

AI Governance Gets Real: How ISO/IEC 42001 Elevates Cloud GRC

11 Dec 2025

Contributed by Lukas

As AI rapidly integrates into cloud environments, organizations are facing governance, risk, and compliance challenges that traditional frameworks lik...

Internal Audit in the Age of Cloud & AI: Navigating the New Risk Frontier

11 Dec 2025

Contributed by Lukas

As organizations accelerate their adoption of cloud and AI technologies, internal audit teams are being pushed into a new era of complexity. In this e...

Continuous verifiable proof is the new standard

04 Nov 2025

Contributed by Lukas

In this episode of CSA Security Update, host John DiMaria and guest Scott Fuhriman of Invary discuss the evolving landscape of cloud security, focusin...

The Human Side of AI Security: Leadership, Culture, and Change

23 Oct 2025

Contributed by Lukas

SummaryIn this episode, John DiMaria and John Earle discuss the rapid rise of AI in cybersecurity, drawing parallels to the early adoption of cloud se...

Guardrails for Generative AI: Balancing Innovation with Responsibility

22 Sep 2025

Contributed by Lukas

As organizations embrace generative AI, ensuring applications align with safeguards is critical. Today, we are here to explore how proper Guardrails c...

Empowering Cloud Providers: The EU Cloud Code of Conduct and GDPR Explained

26 Sep 2024

Contributed by Lukas

In this insightful episode, we explore the intricate world of GDPR compliance and how tools like codes of conduct can support cloud service providers....

Real-talk: Opportunities for Security Teams to Fight AI with AI

21 Aug 2024

Contributed by Lukas

The attack surface has expanded and evolved dramatically in an era where the industry is investing nearly a trillion dollars in cloud infrastructure, ...

ISO/IEC 27001:2022 Unpacked: Embracing Auditing Themes

23 Jul 2024

Contributed by Lukas

In our latest episode, we delve into the innovative approach of auditing "themes" as introduced in the ISO/IEC 27001:2022 revision. This reo...

From Concept to Competence: The Impact of CSA's Zero Trust Training

27 Jun 2024

Contributed by Lukas

In this exclusive interview, we have the honor of speaking with a representative from the Cloud Security Alliance (CSA), the esteemed recipient of the...

Decoding Security Solutions: ASPM vs CSPM vs CNAPP

28 May 2024

Contributed by Lukas

In the ever-expanding digital world, securing applications and the infrastructure they rely on is critical. This episode tackles three key security fi...

Aligning Security Standards: Maximizing Synergy Between CSA STAR Level 2 and ISO 27001

02 May 2024

Contributed by Lukas

In this episode, John DiMaria & Cameron Kline, Director of Attest Services at BARR Advisory, delve into the relationship between CSA STAR Level 2 ...

Navigating the New Age of Compliance

30 Apr 2024

Contributed by Lukas

In a world where the speed of business is only outpaced by the speed of regulatory changes, staying compliant without slowing down has become the new ...

Why CPA Firms Excel in Cybersecurity Attestations

17 Jan 2024

Contributed by Lukas

In the latest CSA Security Update Podcast episode, we delve into the fascinating world of cybersecurity attestations and explore why CPA firms are inc...

Cloud Security Unveiled: Navigating CSA STAR Attestation and SOC2 in the Digital Age

27 Nov 2023

Contributed by Lukas

In today's digital landscape, cloud security and governance are paramount. But how do we measure and attest to the security controls of cloud ser...

Bridging Cloud Security and Compliance: Government Cloud, FEDRAMP, and CCM/STAR Integration

24 Jul 2023

Contributed by Lukas

In our enlightening interview with Steve Orrin, Federal CTO at Intel, we delve into the intricate world of government cloud technologies, the key role...

Securing Cloud Technology: Insights from NCC Group. Adopting and Implementing CSA Cloud Control Matrix

16 May 2023

Contributed by Lukas

In this podcast interview, we sit down with Nandor Csonka, the global practice lead for cloud security services at NCC Group, to explore their adoptio...

Shining Bright with Dell: A Case Study on Embracing CSA STAR Program for Cloud Security

18 Apr 2023

Contributed by Lukas

This case study highlights Dell Technologies' journey towards adopting the Cloud Security Alliance's (CSA) Security, Trust, and Assurance Re...

Private Cloud Computing - Security Considerations, Risks and Shared Responsibility

30 Jan 2023

Contributed by Lukas

Private cloud computing refers to a computing infrastructure setup where an organization operates its own cloud environment within its data center.Wha...

STAR Attestation - One of the most powerful programs to evaluate the cloud sector

17 May 2022

Contributed by Lukas

As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly asses...

Application Security - The Importance of Future Proofing Your Process

22 Apr 2022

Contributed by Lukas

As we’re seeing more cyber attacks in software, open-source software, etc., there is a crucial need for businesses to future-proof against emerging ...

CSA STAR and CCM V4 Case Study Guest: Ronald Tse; CEO and Founder of RIBOSE

21 Mar 2022

Contributed by Lukas

STAR Certification is the internationally recognized cloud security certification program from CSA that specifies comprehensive and stringent cloud se...

Who moved my cheese? Changes to the ISO standards and how they will affect you.

17 Mar 2022

Contributed by Lukas

As the businesses change the world changes and so does the standards industry. Being up to speed on those changes and paying attention to such changes...

Fighting Ransomeware in the Cloud

11 Mar 2022

Contributed by Lukas

In order to fight against ransomware in the cloud, you need to have a multifaceted strategy so you can be better prepared to protect against and respo...

CSA STAR Case Study, Guest: Nick Murison; CISO of Ardoq

10 Dec 2021

Contributed by Lukas

Cloud computing has created new security vulnerabilities, including security issues whose full impacts are still emerging.  With the massive growth t...

Multi-party Recognition (MPRF) - Reduces cost and facilitates lower risk all the while building a culture of resiliency.

08 Nov 2021

Contributed by Lukas

Through a funded initiative called the EU-SEC Project, CSA has analyzed the issue of the proliferation of cloud security standards and compliance sche...

SAXO Bank - First Bank to achieve STAR Attestation

27 Jul 2021

Contributed by Lukas

Saxo Bank became the first bank in the world to earn the Cloud Security Alliance STAR Level 2 Attestation and Trusted Cloud Provider accreditation.Thi...

CSA CxO Trust Initiative Understanding the priorities of your peers within the C-Suite

25 Jun 2021

Contributed by Lukas

The  mission of the CSA CxO Trust is to help Chief Information Security Officers (CISOs) better understand the priorities of their peers within the C...

Objectives-based Security - Enabling Security Teams to deliver desired outcomes

08 Jun 2021

Contributed by Lukas

"There is a proliferation of security products. As more high-value assets come online, the cybersecurity threats grow and the application environ...

The advantages and future of the Cloud Control Matrix

03 Mar 2021

Contributed by Lukas

The Cloud Control Matrix (CCM) is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology. I...

A case study – CCM and STAR –Integrating with third-party assessments and regulations to avoid duplication of effort and cost.

01 Feb 2021

Contributed by Lukas

The CCM is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance, and Risk (STAR) registry. The STAR ...

The Business Value of STAR Attestation

16 Oct 2020

Contributed by Lukas

As organizations look to cloud services to process more sensitive and critical data, security, and risk management teams require tools to quickly asse...

How to Engage with Cloud Customers

27 Jul 2020

Contributed by Lukas

As a cloud service provider (CSP) customer engagement is crucial. It impacts customer loyalty, which directly impacts the bottom line. The potential ...

CSA STAR + SOC2 - From Readiness to Attestation

26 May 2020

Contributed by Lukas

As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly asses...

CSA STAR Certification Case Study Guest: Larry Greenblatt, CISSP, CCSP; Information Security Specialist at QAD

25 Mar 2020

Contributed by Lukas

The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Co...

IoT and SMART Nations - Building Resilience - Guest: David Mudd; BSI Group

02 Mar 2020

Contributed by Lukas

IoT defines the journey of digital technology and data to enable organizations to perform better, boost well-being and respond to local and global cha...

Sneak Preview of CSA Summit and RSA February 24 - 27 2020

11 Feb 2020

Contributed by Lukas

Excerpt from the most recent PODCAST interview with Jim Reavis; Co-Founder and CEO of Cloud Security Alliance discussing the activities and speakers a...

CSA 2019 Year in Review and look into 2020 with Co-Founder & CEO Jim Reavis

17 Jan 2020

Contributed by Lukas

2019 was another great year for CSA and it sets the stage for an even greater year in 2020.Listen to this insightful interview with Jim Reavis; Co-Fou...

The STAR Certification Journey - Guest:Willibert Fabritius; Global Head of Information Security and Business Continuity, BSI Group

11 Dec 2019

Contributed by Lukas

The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Co...

CSA STAR Attestation; The first cloud-specific attestation program. Guest: Debbie Zallar; Principle, Schellman & Company LLC

19 Nov 2019

Contributed by Lukas

As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly asses...

Reducing Business Risk with Forensic Readiness – Guest: Lamont Orange; CISO, Netskope

06 Nov 2019

Contributed by Lukas

Forensic readiness is defined as the ability of an organization to maximize its potential to use good quality digital evidence to protect the organiza...

EU-SEC-Multiparty Recognition Framework – Guest Damir Savanovic; Senior Analyst & Researcher; CSA

21 Oct 2019

Contributed by Lukas

Security compliance based on third-party audit is becoming increasingly complex –especially as a result of the considerable number of national, inte...

CSA STAR Case Study - Guest: Deepak Gupta; Co-founder and CTO at LoginRadius

08 Oct 2019

Contributed by Lukas

As a cloud service provider, there are many security challenges that organizations have to face which include providing customers and regulators with ...

What Executives Should Know About Security Breaches and Prevention - Guest: Phillip Merrick; CEO, Fugue

24 Sep 2019

Contributed by Lukas

Security is not simply a CIO, CSO, or IT department issue. It is critical that organizations have a system in place that can prove the all important &...

Live from Hong Kong! Meeting Business Requirements with CSA STAR - Guest: Ron Tse; CEO of Ribose

12 Sep 2019

Contributed by Lukas

Ribose has achieved STAR Attestation, Certification and C-STAR along with being one of the first adopters of STAR Continuous. What was the main driver...

CSA Research – Providing solutions for tomorrow's problems today – Guest: John Yeoh; Global V.P. of Research

28 Aug 2019

Contributed by Lukas

CSA research is such a big part of what CSA does, providing high quality relevant papers, studies and data free for all to take advantage of, yet in s...

Business Email Compromise Scams Remain a Billion-Dollar Problem - Guest: Ken Dunham, Optiv

14 Aug 2019

Contributed by Lukas

Business email compromise (BEC) scams are not going away anytime soon. For such a relatively low-tech type of financial fraud, it has proved to be a h...

Measuring the Value that Information Sharing adds to Threat Intelligence - Guest: Paul Kurtz; Co-Founder, CEO, TruStar

30 Jul 2019

Contributed by Lukas

Information sharing activities when combined  with other threat intelligence activities  can be seen as important part of the arrangements of human ...

The Business Case Behind Continuous Monitoring - Guest: Stephen Boyer; Founder & CTO, BitSight

22 Jul 2019

Contributed by Lukas

Continuous Monitoring enables automation of the current security practices of cloud providers. Providers publish their security practices according to...

CSA CAIQ-Lite – When is a more Streamlined Vendor Security Assessment option applicable? Guest: Nick Sorensen, CEO, Whistic

03 Jul 2019

Contributed by Lukas

CSA and Whistic identified the need for a lighter-weight assessment questionnaire in order to accommodate the shift to cloud procurement models, and t...

The growing complexity around cybersecurity and evolving technology Guest: Dr. Ron Ross, NIST

18 Jun 2019

Contributed by Lukas

Dr. Ron Ross, Fellow and Senior Computer Scientist and Information Security Researcher in the computer security division at the National Institute of ...

Trust and Transparency - The continued challenges in the cloud - Guest: Jim Reavis

04 Jun 2019

Contributed by Lukas

An interview with Jim Reavis; Co-Founder and CEO of CSA addressing the many challenges and solutions regarding trust and transparency in the cloud as ...

Pilot Episode - CVE Vulnerability, Information Sharing and applicability to CSA STAR

13 May 2019

Contributed by Lukas

https://cloudsecurityalliance.org/star/