John DiMaria; Director of Operations Excellence
CSA Security Update
CSA STAR is the industry's most powerful program for security assurance in the cloud. The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings. This podcast series explores CSA STAR as well as CSA best practices and research along with associated technologies and tools.
Author
John DiMaria; Director of Operations Excellence
Category
Podcast website
Latest episode
Apr 17, 2026
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
STAR Attestation - One of the most powerful programs to evaluate the cloud sector 17.05.2022 36:23
As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the...
Application Security - The Importance of Future Proofing Your Process 22.04.2022 32:44
As we’re seeing more cyber attacks in software, open-source software, etc., there is a crucial need for businesses to future-proof against emerging threats. - How can companies take preventative (vs reactive) measures, including embedding security into the software as it’s being built (security by design) - Urgency for daily scans - How the CCM and STAR Program can facilitate reducing risk and u...
CSA STAR and CCM V4 Case Study Guest: Ronald Tse; CEO and Founder of RIBOSE 21.03.2022 47:28
STAR Certification is the internationally recognized cloud security certification program from CSA that specifies comprehensive and stringent cloud security requirements on CSPs. The CSA Cloud Controls Matrix (CCM) is the de-facto standard for cloud security assurance and compliance, widely used in assessing cloud security performance of cloud implementations. Ribose Achieved the world’s first STA...
Who moved my cheese? Changes to the ISO standards and how they will affect you. 17.03.2022 32:32
As the businesses change the world changes and so does the standards industry. Being up to speed on those changes and paying attention to such changes can help company's succeed. CSA is dedicated to keep our followers up-to-date on these changes and how they may affect the users and provide guidance and information on what can be expected moving forward as well as what organizations should be...
Fighting Ransomeware in the Cloud 11.03.2022 19:40
In order to fight against ransomware in the cloud, you need to have a multifaceted strategy so you can be better prepared to protect against and respond to attacks. But IT organizations often struggle to understand the priorities and the appropriate approach to mitigate risk and minimize the impact of ransomware. With more tools and software, organizations many times throw money at technology solu...
CSA STAR Case Study, Guest: Nick Murison; CISO of Ardoq 10.12.2021 36:07
Cloud computing has created new security vulnerabilities, including security issues whose full impacts are still emerging. With the massive growth the cloud industry is experiencing, it's a "buyer beware" environment for sure. The procurement process can be a daunting task for clients since each cloud service provider shows its security methods unique ways, making comparisons betwe...
Multi-party Recognition (MPRF) - Reduces cost and facilitates lower risk all the while building a culture of resiliency. 08.11.2021 48:11
Through a funded initiative called the EU-SEC Project, CSA has analyzed the issue of the proliferation of cloud security standards and compliance schemes, and has observed that many security requirements and control objectives in different standards are largely overlapping. As a consequence, the process of adhering to different standards, laws and regulations for CSPs is inefficient, with a lot of...
SAXO Bank - First Bank to achieve STAR Attestation 27.07.2021 22:58
Saxo Bank became the first bank in the world to earn the Cloud Security Alliance STAR Level 2 Attestation and Trusted Cloud Provider accreditation. This milestone in the bank’s technology aspirations means Saxo Bank qualifies for and adheres to the highest and most comprehensive principles in terms of transparency, privacy, security and harmonization of standards across its IT systems, services an...
CSA CxO Trust Initiative Understanding the priorities of your peers within the C-Suite 25.06.2021 29:55
The mission of the CSA CxO Trust is to help Chief Information Security Officers (CISOs) better understand the priorities of their peers within the C-Suite and to also enable CISOs with tools to communicate business risk, governance, and compliance issues of cloud computing and cybersecurity in the proper context to their peers within the C-Suite and their boards of directors. This initiative will...
Objectives-based Security - Enabling Security Teams to deliver desired outcomes 08.06.2021 32:33
"There is a proliferation of security products. As more high-value assets come online, the cybersecurity threats grow and the application environments rapidly change. Security teams are stretched thin trying to continuously map the desired business outcomes to disparate product configurations in these environments". "What we lack as an industry is a cohesive and a high-level approac...
The advantages and future of the Cloud Control Matrix 03.03.2021 31:21
The Cloud Control Matrix (CCM) is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology. It can be used as a tool for the systematic assessment of cloud implementation and provides guidance on which security controls should be implemented by which actor within the cloud supply chain. The CCM is considered the de-facto standard for cloud s...
A case study – CCM and STAR –Integrating with third-party assessments and regulations to avoid duplication of effort and cost. 01.02.2021 27:07
The CCM is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance, and Risk (STAR) registry. The STAR program promotes flexible, incremental, and multi-layered certifications that integrate with popular third-party assessments to avoid duplication of effort and cost. Security providers can fill out the extended question set that aligns with the CCM a...
The Business Value of STAR Attestation 16.10.2020 37:59
As organizations look to cloud services to process more sensitive and critical data, security, and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. Based on the CSA’s Cloud Controls Matrix (CCM), STAR is th...
How to Engage with Cloud Customers 27.07.2020 24:19
As a cloud service provider (CSP) customer engagement is crucial. It impacts customer loyalty, which directly impacts the bottom line. The potential cost of incompetent customer engagement should be concerning to CSPs. The lines between cloud providers and cloud consumers keep getting fuzzier every day. What are the main challenges of cloud computing that users face? What is the growing paradigm...
CSA STAR + SOC2 - From Readiness to Attestation 26.05.2020 31:09
As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the...
CSA STAR Certification Case Study Guest: Larry Greenblatt, CISSP, CCSP; Information Security Specialist at QAD 25.03.2020 36:00
The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings. The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry al...
IoT and SMART Nations - Building Resilience - Guest: David Mudd; BSI Group 02.03.2020 28:32
IoT defines the journey of digital technology and data to enable organizations to perform better, boost well-being and respond to local and global challenges – presenting a huge opportunity but risk as well. With SMART Cites and SMART Nations emerging, a sustainable, pragmatic approach is necessary, ensuring the people, processes, and systems are secure. With predictions that three-quarters of th...
Sneak Preview of CSA Summit and RSA February 24 - 27 2020 11.02.2020 5:30
Excerpt from the most recent PODCAST interview with Jim Reavis; Co-Founder and CEO of Cloud Security Alliance discussing the activities and speakers at the upcoming CSA Summit at RSA! https://cloudsecurityalliance.org/star/
CSA 2019 Year in Review and look into 2020 with Co-Founder & CEO Jim Reavis 17.01.2020 26:14
2019 was another great year for CSA and it sets the stage for an even greater year in 2020. Listen to this insightful interview with Jim Reavis; Co-Founder and CEO of the Cloud Security Alliance as he provides a look back at the accomplishments and milestones achieved in 2019 and provides a look into the journey we will be taking in 2020. If you're not already, it is a great starting point to...
The STAR Certification Journey - Guest:Willibert Fabritius; Global Head of Information Security and Business Continuity, BSI Group 11.12.2019 38:04
The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings. The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry al...
CSA STAR Attestation; The first cloud-specific attestation program. Guest: Debbie Zallar; Principle, Schellman & Company LLC 19.11.2019 28:55
As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the...
Reducing Business Risk with Forensic Readiness – Guest: Lamont Orange; CISO, Netskope 06.11.2019 24:56
Forensic readiness is defined as the ability of an organization to maximize its potential to use good quality digital evidence to protect the organization, support the investigators while minimizing the costs of an investigation. Trust in the cloud is constantly under attack, so good data-driven decisions are critical. Determining whether a data source provides an acceptable level of digital evide...
EU-SEC-Multiparty Recognition Framework – Guest Damir Savanovic; Senior Analyst & Researcher; CSA 21.10.2019 27:29
Security compliance based on third-party audit is becoming increasingly complex –especially as a result of the considerable number of national, international and industry-specific standards and certification schemes present in the market, generating "compliance fatigue", not to mention sometimes contradicting audit reports related to similar controls, That often translates into substanti...
CSA STAR Case Study - Guest: Deepak Gupta; Co-founder and CTO at LoginRadius 08.10.2019 22:49
As a cloud service provider, there are many security challenges that organizations have to face which include providing customers and regulators with the proper level of transparency and assurance that is needed to achieve the required level of trust. Many organizations are turning to CSA STAR in answer to mandates, provide a marketing differentiator or just raising the bar in terms of their leve...
What Executives Should Know About Security Breaches and Prevention - Guest: Phillip Merrick; CEO, Fugue 24.09.2019 36:33
Security is not simply a CIO, CSO, or IT department issue. It is critical that organizations have a system in place that can prove the all important "Standard of Care" was deployed and maintained. Breaches, leaked documents, and cybersecurity attacks impact stock prices and competitive edge. It is a responsibility that must be shared amongst all employees. It is a matter of resilience an...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.