Cloud 101CircleEventsBlog
Have a chance to win a free CCSK v5 token by taking the Non-Human Identity Security Survey!

All Articles

All Articles
AI Safety vs. AI Security: Navigating the Commonality and Differences

Blog Published: 03/19/2024

Written by Ken Huang, Co-Chair of Two CSA AI Safety Working Groups, VP of Research of CSA GCR, and CEO of Distributedapps.ai. 1: Introduction AI safety and security are fundamental aspects that play distinct yet interconnected roles in the development and deployment of AI systems. AI security...

How Pentesting Fits into AI’s ‘Secure By Design’ Inflection Point

Blog Published: 03/18/2024

Originally published by Synack. Written by James Duggan, Solutions Architect, U.K. and Ireland, Synack. The gamechanging potential of generative AI technology has caught the eye of attackers and defenders in the cybersecurity arena. While it’s unclear how the threat landscape will evolve with the...

2024 State of Cloud Security Report Shows That More Risk Prioritization is Needed

Blog Published: 03/18/2024

Originally published by Orca Security. Written by Shir Shadon and Deborah Galea. Orca Security has released the 2024 State of Cloud Security Report, which leverages unique insights into cloud risks captured by the Orca Cloud Security Platform. Based on risks found in actual production environ...

National Cybersecurity Authority Drives Saudi Arabia's Essential Controls Framework (ECC)

Blog Published: 03/18/2024

Written by AuditCue.The Kingdom of Saudi Arabia's Essential Cybersecurity Controls (ECC), established by the National Cybersecurity Authority (NCA), is a significant leap towards enhancing the nation's cyber defense mechanisms. This set of regulations spans across five critical domains, emphasizi...

Innovating Without Stagnating: Strategies for Security Remediation in 2024

Blog Published: 03/15/2024

Originally published by Dazz. Written by Jordan McMahon, Corporate Marketing, Dazz.In the fast-paced world of cybersecurity, staying ahead of threats while driving innovation is a delicate balance that requires teamwork and clarity. But as the recent CSA State of Security Remediation report noted...

Avoid IAM Drifts Using Explicit-Deny

Blog Published: 03/15/2024

Written by Israel Chorzevsk. Background Over the last decade, cloud providers advanced their authorization mechanism, and added more and more ways to grant access to resources. Having multiple ways to grant access may lead to authorization drifts. This post describes several authorization featur...

Defend Against Azure Cross-Tenant Synchronization Attacks

Blog Published: 03/15/2024

Originally published by CrowdStrike. Azure cross-tenant synchronization (CTS) was made generally available on May 30, 2023, and introduced a new attack surface on Microsoft Entra ID (formerly Azure Active Directory) where attackers can move laterally to a partner tenant or create a backdoor on an...

2023 Threat Intelligence Year in Review: Key Insights and Developments

Blog Published: 03/14/2024

Originally published by Microsoft Security.It has been an incredible year for Microsoft Threat Intelligence. The sheer volume of threats and attacks revealed through the more than 65 trillion signals we monitor daily has given us many inflection points, especially as we notice a shift in how thre...

A Comprehensive Guide to Business Cyber Security

Blog Published: 03/14/2024

Originally published by CAS Assurance. In the digital age, online security is among the most critical factors for any business. As more and more people are living their lives online, security has become a priority for those giving up sensitive information – including financial data – via the Worl...

Understanding and Preventing Business Email Compromise

Blog Published: 03/14/2024

Originally published by CXO REvolutionaries.Written by Gary Parker, CTO in Residence, Zscaler.Businesses of all sizes face a growing cybersecurity and financial threat known as business email compromise (BEC) simply because they use email. BEC attacks have become increasingly sophisticated, posin...

Lessons Learned from HIPAA Compliance Breaches

Blog Published: 03/13/2024

Originally published by BARR Advisory.Written by Claire McKenna. According to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), there has been a considerable upward trend in healthcare data breaches since the office began tracking data breach statistics in 2009. You...

Taking Back Control: The Growing Appeal of On-Premise and Hybrid Solutions

Blog Published: 03/13/2024

Written by Ascertia. The digital age demands robust security and unwavering trust. While cloud-based solutions have dominated recent years, organisations across the globe are increasingly turning to on-premise and hybrid-based digital trust solutions. This blog explores the factors driving thi...

Cybersecurity Regulations and the Impact on Consumers

Blog Published: 03/13/2024

Originally published by RegScale.The theme for this year’s Cybersecurity Awareness Month, “Secure Our World,” underscores the importance of cybersecurity in our daily lives. This theme serves as a reminder that despite the convenience and connectivity of the digital age, there are inherent risks ...

CSA Community Spotlight: Propelling the Industry Forward with Larry Whiteside Jr.

Blog Published: 03/12/2024

Now 15 years old, the Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. In 2009, CSA was officially incorporated and we released the first version of our Security Gui...

A Guide to GCP Organization Policy: Managing Access

Blog Published: 03/12/2024

Originally published by Sonrai Security. Written by Tally Shea.Governance, security and compliance become difficult projects at scale. If you’re an enterprise operating out of Google Cloud, you’re likely looking for ways to manage access, enforce guardrails, and make configuration constraints to ...

Checklist for Designing Cloud-Native Applications – Part 2: Security Aspects

Blog Published: 03/12/2024

Written by Eyal Estrin.In Chapter 1 of this series about considerations when building cloud-native applications, we introduced various topics such as business requirements, infrastructure considerations, automation, resiliency, and more. In this chapter, we will review security considerations wh...

The Implications of AI in Cybersecurity - A Transformative Journey

Blog Published: 03/11/2024

The emergence of Artificial Intelligence (AI) stands as both a beacon of hope and a subject of intricate debate. This transformative technology, with its dual-edged potential, demands a careful examination of its implications in the realm of cybersecurity. The integration of AI into cybersecurity...

Phishing in Azure Cloud: A Targeted Campaign on Executive Accounts

Blog Published: 03/11/2024

Originally published by Adaptive Shield.Written by Hananel Livneh.In recent weeks, a concerning wave of cyber attacks has been targeting Microsoft Azure environments, compromising crucial user accounts, including those of senior executives. Proofpoint researchers have identified an ongoing malici...

The Future Role of AI in Cybersecurity

Blog Published: 03/11/2024

Originally published by DigiCert.Written by Dr. Avesta Hojjati.With an estimated market size of $102 billion by 2032, it’s no secret that Artificial intelligence (AI) is taking every industry by storm. We all know the basic idea of AI – it’s like creating really clever computers by showing them l...

Five Lessons Learned From Okta’s Support Site Breach

Blog Published: 03/11/2024

Originally published by Valence. Written by Adrian Sanabria. On September 29th, 2023, security vendor 1Password discovered unauthorized activity in their Okta tenant. An employee unexpectedly received an email that they had requested a report listing Okta administrators. A 1Password employee had ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.