CSA Community Spotlight: Bolstering the Mission of Cybersecurity with CEO Avani Desai
Published 10/02/2024
The Cloud Security Alliance (CSA) has established itself as the leading authority in cloud security by building deep collaborations with industry experts and pioneers in cybersecurity. Since its incorporation in 2009, CSA has worked closely with a vast network of professionals, researchers, and thought leaders to develop a suite of industry-leading resources, including the Security, Trust, Assurance and Risk (STAR) program, the world's largest and most complete cloud security assurance program. In celebration of CSA’s 15th anniversary, we’re highlighting 15 of these distinguished partners and contributors who have been instrumental in shaping CSA’s efforts to enhance cloud security standards.
Today we’re speaking with Avani Desai, Partner and Chief Executive Officer at Schellman, a CPA firm that focuses on technology and security assessments. At Schellman, Avani focuses on growth strategies, strategic client and market development, industry analysis, and new services. She has been featured in Forbes, CIO.com, and the Wall Street Journal, and is a sought after speaker for a variety of emerging topics, including security, privacy, technology trends, and the expansion of women in tech. Below, learn more about Avani’s passion for cybersecurity and the CSA community, as well as Schellman’s contributions as a Certified STAR Auditor.
What are the various ways you’ve been involved with CSA over the years?
I’ve had the privilege of engaging with CSA in several meaningful ways, from speaking engagements to contributing through working groups, particularly around CSA STAR. These working groups are a fantastic opportunity to provide both a practitioner’s and an auditor’s perspective on the excellent work CSA is doing. I’ve enjoyed being part of the conversation, ensuring that the standards we set are not only aspirational but also actionable for those on the ground implementing them.
Additionally, I’ve had the honor of sharing the stage with CSA leaders like Troy Leach to discuss how emerging technologies like AI are reshaping cybersecurity. It’s been a rewarding journey, and I look forward to continuing to contribute to CSA’s mission.
What’s your favorite memory of the CSA community?
My favorite memory has to be receiving the Philippe Courtot Leadership Award. It was such a humbling experience to be recognized by a community that I have so much respect for. Philippe Courtot was a visionary in our field, and to receive an award in his name was a reminder of the responsibility we all share in advancing cybersecurity. It wasn't just about the recognition—it was a moment of deep gratitude for all the people I've collaborated with in the CSA community over the years. It reinforced why I continue to be passionate about this work and this incredible group of professionals.
Why do you continue to be a part of the CSA ecosystem?
The CSA community has always been about collaboration and innovation. It’s not just about what we do today, but about how we can shape the future. The shared mission to create a more secure digital landscape aligns with my own professional goals, and I continue to stay involved because the work we do collectively matters. What I love most is working with really, really smart people—it’s awesome to be in a room where everyone has the same passion and drive for cybersecurity. That energy keeps me inspired and reminds me of why this work is so important.
What do you see as one of CSA’s most significant contributions to the cybersecurity industry?
CSA’s leadership in establishing globally recognized standards for cloud security has been a game changer. The Cloud Controls Matrix, in particular, has empowered organizations worldwide to improve their security postures. What I also love about CSA is its commitment to education and advocacy—making cloud security more accessible for businesses at every level.
On top of that, we’re one of the providers for CSA STAR Attestation and Certification, which our clients see as a true differentiator. It gives them the confidence that their cloud security meets the highest standards, and it’s been incredibly rewarding to help them achieve that level of trust and assurance.
What are your predictions for CSA in the next 15 years?
This is tough because the world of cloud, AI, and emerging technologies is changing so fast—but that’s exactly why CSA is one of the few organizations that can keep up. As sovereign cyber needs evolve and the increase in regulation and frameworks continues, CSA will lead the charge in addressing the security challenges posed by AI, IoT, and multi-cloud environments. They’ll play a critical role in defining security standards for these emerging technologies, ensuring that innovation doesn’t outpace security. I also see CSA expanding its global presence, partnering with more industries, and influencing policy as cybersecurity becomes even more important for governments and enterprises alike.
Question from interviewee Rick Doten: What is the one thing you tell people is different about cloud security as opposed to traditional on-premise security?
One of the biggest differences is the shared responsibility model in cloud security. Unlike traditional on-premise security, where companies have complete control over their infrastructure, in the cloud, security is a shared responsibility between the service provider and the customer. This shift requires organizations to be more proactive in understanding and managing the security of their cloud deployments.
As an auditor, I’ve seen firsthand how this shared responsibility can lead to gaps if not properly managed—especially when organizations assume their cloud provider handles more than they actually do. It’s no longer just about building a strong perimeter; it’s about ensuring security across the application layers, access controls, and continuous monitoring. For organizations, this means they need to be diligent in understanding their role within that shared model and implementing controls that ensure the full environment is secure, not just what the provider manages.
Do you have a question for the next interviewee to answer?
What’s one lesson you’ve learned from the CSA community that has had a lasting impact on your approach to cybersecurity?
Make sure to check out more insights from the CSA community here.
Related Articles:
Top Threat #6 - Code Confusion: The Quest for Secure Software Development
Published: 12/02/2024
Defining Identities, Accounts, and the Challenge of Privilege Sprawl
Published: 12/02/2024