Cloud 101CircleEventsBlog
Help shape the future of cloud security! Take our quick survey on SaaS Security and AI.

All Articles

All Articles
Never Trust User Inputs—And AI Isn't an Exception: A Security-First Approach

Blog Published: 09/13/2024

Originally published by Tenable. Written by Rémy Marot. Artificial Intelligence (AI) is transforming industries and beginning to be widely adopted by software developers to build business applications. However, it’s critical that organizations ensure the security of their users, their data and ...

Burdens and Benefits of Shared Security Responsibility Model (SSRM) in Cloud Computing

Blog Published: 09/13/2024

Originally published by CAS Assurance. What is the SSRM?The SSRM is the concept in cloud computing that defines and assigns security responsibilities in the cloud ecosystem between the Cloud Service Providers (CSPs) and the Cloud Service Customers (CSCs). As with many things on the planet earth,...

5 Key Data Privacy and Compliance Trends in 2024

Blog Published: 09/13/2024

Originally published by Scrut Automation.SMBs Juggle Compliance, Competition, and Chaos This year has already seen some monumental changes in the works pertaining to data privacy and compliance. SMBs constantly need to make tradeoff and prioritization decisions when it comes to not only these thi...

IDC Analyst Brief Findings: Trust Centers Can Help Organizations Save Time and Accelerate Sales

Blog Published: 09/12/2024

Originally published by Vanta.It's never been more important for organizations to demonstrate their security practices in order to win the trust of customers. ‍Historically, companies have used static web pages to demonstrate their security posture. And while these can act as helpful marketing to...

What are OAuth Tokens, and Why are They Important to Secure?

Blog Published: 09/12/2024

Originally published by Astrix.What are OAuth Tokens? OAuth (Open Authorization) Tokens are Non-Human Identities that work as a secure authentication mechanism. They delegate access to third parties or external apps without exposing your environment’s sensitive credentials. Organizations that rel...

As Non-Human Identity Attacks Soar, Cloud Security Alliance and Astrix Security Reveal Critical Gaps in Non-Human Identity Protection

Press Release Published: 09/12/2024

New data shows that one in five organizations have experienced a security incident related to non-human identities; and only 15% remain confident in their ability to secure themSeattle - September 12, 2024 - The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining...

7 Essential SaaS Security Best Practices

Blog Published: 09/12/2024

Originally published by Suridata.No More SaaS Security TradeoffsIf your organization is like most, you are probably using upwards of a hundred Software-as-a-Service (SaaS) applications. The reasons for this are many, including convenience, instant access to enterprise software, and flexibility. O...

Maximize Cloud Security Excellence: The Power of CSA Corporate Membership

Blog Published: 09/10/2024

Written by Martin Hall.Staying on top of cloud security has never been more important for organizations. Since 2009, CSA Corporate Membership has provided invaluable benefits to security, cloud, technology, and business stakeholders.If you’re a solution provider, enterprise organization, or part ...

A Step-by-Step Guide to Improving Large Language Model Security

Blog Published: 09/10/2024

Originally published by Normalyze.Written by Ravi Ithal.Over the past year, the buzz around large language models (LLMs) has skyrocketed, prompting many of our customers to ask: How should we think about securing AI? What are the security implications? To answer these questions, it’s good to actu...

AI Regulations on the Horizon: Transforming Corporate Governance and Cybersecurity

Blog Published: 09/10/2024

Written by Sukhomoy Debnath.Corporate Governance in Cybersecurity and GRC:Corporate governance in cybersecurity and GRC involves establishing frameworks to manage cybersecurity strategies aligned with business objectives, legal requirements, and standards. It encompasses setting strategic directi...

An IT Veteran’s Guiding Principles for Successfully Implementing Zero Trust

Blog Published: 09/09/2024

Originally published by CXO REvolutionaries.Written by Guido Sacchi, Former Senior Executive Vice President and Chief Information Officer, Global Payments.Over the course of my career as a consultant, executive, and advisor, I have spent a good deal of time reflecting on my personal imperatives f...

Responding to Cyberattacks—Creating a Successful Contingency Plan

Blog Published: 09/09/2024

Originally published by BARR Advisory.In today’s digital age, all organizations are exposed to some level of risk. As a baseline, companies are expected to have appropriate controls and safeguards in place to protect their customer’s information—but even the most well-postured organizations may s...

7 Most Commonly Asked PCI Compliance Questions

Blog Published: 09/09/2024

Originally published by CyberGuard Compliance.Ignorance is not an excuse for failing a PCI DSS audit or, worse yet, being victimized by a data breach. The Payment Card Industry Data Security Standard (PCI DSS) clearly defines responsibilities and guidelines for protecting sensitive information su...

Discover Cloud Security Services That are Enabled with CSA STAR

Blog Published: 09/06/2024

Cloud computing security services help organizations protect their cloud environments from threats, unauthorized access, data breaches, and other security risks. With a myriad of offerings out there, choosing the right cloud security service can be a daunting task. Fortunately, CSA’s Security, Tr...

Pioneering Transparency: Oklahoma’s Proposed Artificial Intelligence Bill of Rights

Blog Published: 09/06/2024

Originally published by Truyo.In the ever-evolving landscape of technology, the emergence of artificial intelligence (AI) has brought both promise and challenge. With AI permeating various aspects of our lives, from customer service interactions to content creation, ensuring transparency, account...

The DORA Quest: Beware of Vendors with Magic Beans

Blog Published: 09/06/2024

Originally published by Own Company.Written by Matthew O'Neill, Field CTO, Own Company.You can't escape the sheer volume of vendors sharing information about the Digital Operational Resilience Act (DORA) and how buying their tooling will make you compliant, which we all know is nonsense. DORA is ...

Mechanistic Interpretability 101

Blog Published: 09/05/2024

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR.Why are neural networks so notoriously difficult to interpret, and how have researchers attempted to crack this black box in the past? This blog post is an initial attempt to discuss this and introduce Mechanistic Inter...

Building Secure and Compliant SaaS Apps – Identity Security Best Practices

Blog Published: 09/05/2024

Originally published by CyberArk.Written by Sam Flaster. Do you need to secure high-risk access to the back end of your customer-facing apps? Yes, you do – assuming you care about cybersecurity risk, uptime or compliance with SOC II and NIST and AWS, Azure and GCP architecture frameworks. To me...

The Why and the How of Managed CNAPP

Blog Published: 09/05/2024

Originally published by Tamnoon.Written by Ran Nahmias, CBO, Tamnoon.CNAPP is a fundamental piece of the cloud security puzzle – but poor implementations, lack of in-house expertise, and insufficient prioritization can lead to disappointing outcomes. At a time when security teams are stretched to...

Zero Footprint Attacks: 3 Steps to Bypass EDR with Reflective Loading

Blog Published: 09/04/2024

Originally published by Pentera.EDR (Endpoint Detection and Response) evasion techniques are becoming increasingly common amongst attackers as they evolve their strategies to bypass security measures without being detected. There are many different types of EDR evasion techniques, many of which a...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.