Navigating Your Cloud Journey in 2024: Key Resources from the Cloud Security Alliance
Blog Published: 04/05/2024
Written by Nicole Krenz, Web Marketing Specialist, CSA.The cloud security landscape is ever-evolving, presenting new opportunities and challenges, especially in the realms of AI, compliance and governance, and continuous security education and advancement. The Cloud Security Alliance (CSA) is at ...
The Modern Data Stack Has Changed the Security Landscape
Blog Published: 04/05/2024
Written by Uday Srinivasan, CTO, Acante.The way businesses analyze, transform and share data has radically changed over the past few years. We are in the post-Hadoop era with the Apache Software Foundation retiring over 10 Hadoop-related projects over the last three years. The shift of enterprise...
How the Sys:All Loophole Allowed Us to Penetrate GKE Clusters in Production
Blog Published: 04/05/2024
Originally published by Orca Security. Written by Ofir Yakobi. Following our discovery of a critical loophole in Google Kubernetes Engine (GKE) dubbed Sys:All, we decided to conduct research into the real-world impacts of this issue. Our initial probe already revealed over a thousand vulnerable G...
CSA Turns 15: Kicking Off the Next 85 Years of Cloud Security Excellence
Blog Published: 04/04/2024
As we celebrate the 15th anniversary of the Cloud Security Alliance (CSA), I'm compelled to marvel at our journey from ambitious upstarts to a critical global stakeholder for cybersecurity. Our goal, audacious as it may sound, is not just to leave a mark on the cloud security landscape, but to et...
Runtime is the Way
Blog Published: 04/04/2024
Originally published by Sysdig. Written by James Berthoty. The cloud security market has been totally bizarre ever since it started. Why are we being given a python script to count our workloads? How do we handle sending alerts like “new unencrypted database” to a SOC? What’s the difference betwe...
Detecting Compromised Accounts in Microsoft 365
Blog Published: 04/04/2024
Originally published by InsiderSecurity.IntroductionIn today's digital age, cybersecurity is of paramount importance, with organizations facing an ever-evolving landscape of cyber threats and attacks. InsiderLab (our dedicated team of cybersecurity experts) conducts in-depth research and analysis...
CSA Community Spotlight: Establishing Cloud Security Standards with Dr. Ricci Ieong
Blog Published: 04/03/2024
CSA began establishing standards for cloud security assurance and compliance back in 2009, when the company was officially incorporated and we released the first version of our cloud security best practices. The following year, we developed the Cloud Controls Matrix (CCM), and in 2012, the CSA Se...
More Than Half of Organizations Plan to Adopt Artificial Intelligence (AI) Solutions in Coming Year, According to Report from Cloud Security Alliance and Google Cloud
Press Release Published: 04/03/2024
Significant Generative AI (GenAI) adoption expected in 2024, driven by C-suite prioritizationSEATTLE – April 3, 2024 – A new survey from the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure ...
Designed to Deceive: 6 Common Look-alike Domain Tactics
Blog Published: 04/03/2024
Originally published by Abnormal Security.Written by Mick Leach.With threat actors lurking around every digital corner, it can sometimes make scrolling through an inbox feel like traversing a minefield. Employing various strategies to deceive their targets, attackers count on end-user oversight t...
Key Findings from the 2024 State of Application Security Report
Blog Published: 04/03/2024
Originally published by CrowdStrike. As organizations shift their applications and operations to the cloud and increasingly drive revenues through software, cloud-native applications and APIs have emerged among the greatest areas of modern security risk. According to publicly available data, eigh...
Privacy Isn't Just About Data: It's About Dignity
Blog Published: 04/02/2024
Written by Dr. Chantal Spleiss, CSA AI Governance and Compliance Working Group Co-Chair.The consequences of a privacy breach extend far beyond data loss, potentially triggering deep feelings of shame. Less than 15% of countries do not have or are drafting a privacy law emphasizing the huge import...
How We Can Help Corporate Boards with Cybersecurity
Blog Published: 04/02/2024
Originally published by RegScale. Recently the Wall Street Journal featured an article titled Why Corporate Boards Need More Cybersecurity Experience, and it got me thinking about what we can do to help them; we can do a lot. What’s the situation you ask? According to the WSJ, “Directors currentl...
Cloud Security Alliance Artificial Intelligence (AI) Webinar Series Will Address Pivotal Cloud Computing Topics in Leadup to AI Summit at RSA
Press Release Published: 04/02/2024
Thought-leadership webinars to provide key insights on elevating organizations’ cybersecurity postureSEATTLE – April 2, 2024 – Throughout the month of April, the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to ...
“Toxic Combinations” are Inadequate: A Case Study
Blog Published: 04/02/2024
Originally published by Skyhawk Security.Written by Chen Burshan, CEO, Skyhawk Security.Posture management has turned into an exercise in prioritization, but this hasn’t made us safer.If a Tree Falls in the Forest…We all know the adage, “If a tree falls in the forest and nobody is there to hear i...
UN AI Resolution, EU AI Act, and Cloud Security Alliance's Recent Efforts: White Paper on AI Organizational Responsibility for Core Security
Blog Published: 04/01/2024
Updated 5/8/24.In a world where artificial intelligence (AI) is rapidly becoming an integral part of our lives, ensuring its secure and responsible development and deployment is more critical than ever. The Cloud Security Alliance (CSA) has taken a significant step forward in this direction with ...
10 Essential Identity and Access Management (IAM) Terms
Blog Published: 03/30/2024
Identity and access management is kind of a big deal. People are working from anywhere and everywhere on all kinds of devices, so it's essential to know who's who in the digital world and to confirm that our digital communications are secure. If you’re just starting out on your IAM journey, don’t...
The Elephant in the Cloud
Blog Published: 03/29/2024
Originally published by Pentera.Written by Aviv Cohen.As much as we love the cloud, we fear it as well.We love it because cloud computing services of Amazon, Azure, and Google have transformed operational efficiency and costs, saving us money, time, and alleviating much of the IT burden. We also ...
Artificial Intelligence and Cybersecurity: What to Know Right Now
Blog Published: 03/29/2024
Originally published by Schellman.Similar to the way the launch of the first satellite, Sputnik, both introduced a new technology era—the space race—and raised some alarm, the ongoing adoption of generative artificial intelligence (AI) is beginning to permeate industries worldwide, prompting ques...
Security Compliance for Cloud Services
Blog Published: 03/29/2024
Written by Ashwin Chaudhary, CEO, Accedere. Cloud computing is a model for enabling on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management eff...
Beyond the Black Box: How XAI is Building Confidence
Blog Published: 03/28/2024
Written by Dr. Chantal Spleiss, Co-Chair for the CSA AI Governance & Compliance Working Group.While "AI" has become a broadly used word, there are key distinctions within AI to keep in mind. Narrow AI systems excel at specific tasks, like playing chess or recognizing objects in images. Genera...
