Never Trust User Inputs—And AI Isn't an Exception: A Security-First Approach
Blog Published: 09/13/2024
Originally published by Tenable. Written by Rémy Marot. Artificial Intelligence (AI) is transforming industries and beginning to be widely adopted by software developers to build business applications. However, it’s critical that organizations ensure the security of their users, their data and ...
Burdens and Benefits of Shared Security Responsibility Model (SSRM) in Cloud Computing
Blog Published: 09/13/2024
Originally published by CAS Assurance. What is the SSRM?The SSRM is the concept in cloud computing that defines and assigns security responsibilities in the cloud ecosystem between the Cloud Service Providers (CSPs) and the Cloud Service Customers (CSCs). As with many things on the planet earth,...
5 Key Data Privacy and Compliance Trends in 2024
Blog Published: 09/13/2024
Originally published by Scrut Automation.SMBs Juggle Compliance, Competition, and Chaos This year has already seen some monumental changes in the works pertaining to data privacy and compliance. SMBs constantly need to make tradeoff and prioritization decisions when it comes to not only these thi...
IDC Analyst Brief Findings: Trust Centers Can Help Organizations Save Time and Accelerate Sales
Blog Published: 09/12/2024
Originally published by Vanta.It's never been more important for organizations to demonstrate their security practices in order to win the trust of customers. Historically, companies have used static web pages to demonstrate their security posture. And while these can act as helpful marketing to...
What are OAuth Tokens, and Why are They Important to Secure?
Blog Published: 09/12/2024
Originally published by Astrix.What are OAuth Tokens? OAuth (Open Authorization) Tokens are Non-Human Identities that work as a secure authentication mechanism. They delegate access to third parties or external apps without exposing your environment’s sensitive credentials. Organizations that rel...
As Non-Human Identity Attacks Soar, Cloud Security Alliance and Astrix Security Reveal Critical Gaps in Non-Human Identity Protection
Press Release Published: 09/12/2024
New data shows that one in five organizations have experienced a security incident related to non-human identities; and only 15% remain confident in their ability to secure themSeattle - September 12, 2024 - The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining...
7 Essential SaaS Security Best Practices
Blog Published: 09/12/2024
Originally published by Suridata.No More SaaS Security TradeoffsIf your organization is like most, you are probably using upwards of a hundred Software-as-a-Service (SaaS) applications. The reasons for this are many, including convenience, instant access to enterprise software, and flexibility. O...
Maximize Cloud Security Excellence: The Power of CSA Corporate Membership
Blog Published: 09/10/2024
Written by Martin Hall.Staying on top of cloud security has never been more important for organizations. Since 2009, CSA Corporate Membership has provided invaluable benefits to security, cloud, technology, and business stakeholders.If you’re a solution provider, enterprise organization, or part ...
A Step-by-Step Guide to Improving Large Language Model Security
Blog Published: 09/10/2024
Originally published by Normalyze.Written by Ravi Ithal.Over the past year, the buzz around large language models (LLMs) has skyrocketed, prompting many of our customers to ask: How should we think about securing AI? What are the security implications? To answer these questions, it’s good to actu...
AI Regulations on the Horizon: Transforming Corporate Governance and Cybersecurity
Blog Published: 09/10/2024
Written by Sukhomoy Debnath.Corporate Governance in Cybersecurity and GRC:Corporate governance in cybersecurity and GRC involves establishing frameworks to manage cybersecurity strategies aligned with business objectives, legal requirements, and standards. It encompasses setting strategic directi...
An IT Veteran’s Guiding Principles for Successfully Implementing Zero Trust
Blog Published: 09/09/2024
Originally published by CXO REvolutionaries.Written by Guido Sacchi, Former Senior Executive Vice President and Chief Information Officer, Global Payments.Over the course of my career as a consultant, executive, and advisor, I have spent a good deal of time reflecting on my personal imperatives f...
Responding to Cyberattacks—Creating a Successful Contingency Plan
Blog Published: 09/09/2024
Originally published by BARR Advisory.In today’s digital age, all organizations are exposed to some level of risk. As a baseline, companies are expected to have appropriate controls and safeguards in place to protect their customer’s information—but even the most well-postured organizations may s...
7 Most Commonly Asked PCI Compliance Questions
Blog Published: 09/09/2024
Originally published by CyberGuard Compliance.Ignorance is not an excuse for failing a PCI DSS audit or, worse yet, being victimized by a data breach. The Payment Card Industry Data Security Standard (PCI DSS) clearly defines responsibilities and guidelines for protecting sensitive information su...
Discover Cloud Security Services That are Enabled with CSA STAR
Blog Published: 09/06/2024
Cloud computing security services help organizations protect their cloud environments from threats, unauthorized access, data breaches, and other security risks. With a myriad of offerings out there, choosing the right cloud security service can be a daunting task. Fortunately, CSA’s Security, Tr...
Pioneering Transparency: Oklahoma’s Proposed Artificial Intelligence Bill of Rights
Blog Published: 09/06/2024
Originally published by Truyo.In the ever-evolving landscape of technology, the emergence of artificial intelligence (AI) has brought both promise and challenge. With AI permeating various aspects of our lives, from customer service interactions to content creation, ensuring transparency, account...
The DORA Quest: Beware of Vendors with Magic Beans
Blog Published: 09/06/2024
Originally published by Own Company.Written by Matthew O'Neill, Field CTO, Own Company.You can't escape the sheer volume of vendors sharing information about the Digital Operational Resilience Act (DORA) and how buying their tooling will make you compliant, which we all know is nonsense. DORA is ...
Mechanistic Interpretability 101
Blog Published: 09/05/2024
Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR.Why are neural networks so notoriously difficult to interpret, and how have researchers attempted to crack this black box in the past? This blog post is an initial attempt to discuss this and introduce Mechanistic Inter...
Building Secure and Compliant SaaS Apps – Identity Security Best Practices
Blog Published: 09/05/2024
Originally published by CyberArk.Written by Sam Flaster. Do you need to secure high-risk access to the back end of your customer-facing apps? Yes, you do – assuming you care about cybersecurity risk, uptime or compliance with SOC II and NIST and AWS, Azure and GCP architecture frameworks. To me...
The Why and the How of Managed CNAPP
Blog Published: 09/05/2024
Originally published by Tamnoon.Written by Ran Nahmias, CBO, Tamnoon.CNAPP is a fundamental piece of the cloud security puzzle – but poor implementations, lack of in-house expertise, and insufficient prioritization can lead to disappointing outcomes. At a time when security teams are stretched to...
Zero Footprint Attacks: 3 Steps to Bypass EDR with Reflective Loading
Blog Published: 09/04/2024
Originally published by Pentera.EDR (Endpoint Detection and Response) evasion techniques are becoming increasingly common amongst attackers as they evolve their strategies to bypass security measures without being detected. There are many different types of EDR evasion techniques, many of which a...