Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
How to Maximize Alignment Between Security and Compliance Teams

Blog Published: 10/04/2024

Written by David Balaban.Security and compliance are both serious issues that can keep you awake at night. In theory, they should be perfect partners, complementing each other to keep your organization resilient and its digital assets safe.Thankfully, this kind of alignment is finally being in...

Reflections on NIST Symposium in September 2024, Part 1

Blog Published: 10/04/2024

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR.Yesterday (September 24, 2024), I had the privilege of attending the NIST symposium “Unleashing AI Innovation, Enabling Trust.” The first day of the event had two panels. The first panel, titled “Advancing Generativ...

FedRAMP Loves Compliance as Code: Insights from the OMB’s Recent Memo

Blog Published: 10/08/2024

Originally published by RegScale on July 26, 2024.Written by Travis Howerton.Today, July 26, 2024, the Office of Management and Budget (OMB) released a memo on their plans to modernize the FedRAMP program titled Modernizing the Federal Risk and Authorization Management Program (FedRAMP). This ...

Healthcare & Cybersecurity: Navigating a Vast Attack Surface

Blog Published: 10/08/2024

Originally published by Synack.Healthcare systems have been under constant attack in recent months, with threat groups demanding top-dollar ransoms in the aftermath of successful, high-profile breaches. Think United Healthcare, Kaiser Permanente, Cherry Health … the list grows every month. Se...

CSA Community Spotlight: Bolstering the Mission of Cybersecurity with CEO Avani Desai

Blog Published: 10/02/2024

The Cloud Security Alliance (CSA) has established itself as the leading authority in cloud security by building deep collaborations with industry experts and pioneers in cybersecurity. Since its incorporation in 2009, CSA has worked closely with a vast network of professionals, researchers, an...

CSA Community Spotlight: Guiding Industry Research with CEO Jason Garbis

Blog Published: 10/09/2024

As the Cloud Security Alliance (CSA) celebrates its 15th anniversary, we reflect on the pivotal role CSA volunteers and contributors have played in shaping the future of cloud security. Founded in 2009, CSA quickly established itself as the world’s leading organization dedicated to defining an...

AI Regulations, Cloud Security, and Threat Mitigation: Navigating the Future of Digital Risk

Blog Published: 10/02/2024

Written by Thales.Artificial intelligence (AI) and cloud computing have become central to modern data environments. The convergence of these technologies promises a wealth of opportunities, enabling businesses to leverage powerful AI tools at scale and with greater efficiency. AI, once accessi...

Elevating Application Security Beyond “AppSec in a Box”

Blog Published: 10/02/2024

Originally published by Dazz.In the ever-evolving landscape of application security, traditional "AppSec in a box" solutions, which bundle static analysis (SAST), software composition analysis (SCA), secrets detection, API security, and other code analysis tools, have been a popular approach f...

Aligning Security Testing with IT Infrastructure Changes

Blog Published: 10/03/2024

Originally published by Pentera.With 73% of organizations tweaking their IT setups every quarter, it’s concerning that only 40% are aligning their security checks accordingly. This frequency gap leaves organizations vulnerable to prolonged risk and highlights a critical area for improvement. E...

What is Session Hijacking? A Technical Overview

Blog Published: 10/10/2024

Originally published by AppOmni.Written by Justin Blackburn, Sr. Cloud Threat Detection Engineer, AppOmni.Sessions are a vital component of modern websites and SaaS applications because they enable streamlined communication between devices and servers. But adversaries frequently target session...

Embracing AI in Cybersecurity: 6 Key Insights from CSA’s 2024 State of AI and Security Survey Report

Blog Published: 10/04/2024

Originally published by Abnormal Security.The integration of artificial intelligence (AI) into cybersecurity practices is transforming the landscape, offering both promising advancements and new challenges. The State of AI and Security Survey Report, sponsored by the Cloud Security Alliance, p...

To Secure the AI Attack Surface, Start with Fundamental Cyber Hygiene

Blog Published: 10/10/2024

Originally published by Tenable. Written by Lucas Tamagna-Darr. Confusion and unknowns abound regarding the risks of AI applications. Many vendors are offering solutions to AI application security problems that aren't clearly defined. Here we explain that to boost AI application security and ...

AI and ML for Adopting, Implementing, and Maturing Zero Trust Network Access

Blog Published: 10/15/2024

Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.In today's evolving cyber threat landscape, traditional network security models are increasingly inadequate. More robust and dynamic security paradigms like zero trust network access (ZTNA) are needed....

Why You Should Have a Whistleblower Policy for AI

Blog Published: 10/07/2024

Originally published by Truyo.Considering the evolving regulatory landscape surrounding artificial intelligence (AI), including the EU AI Act and potential future directives from bodies like the U.S. Department of Health and Human Services (HHS), establishing a whistleblower policy has emerged...

Creating a Cyber Battle Plan

Blog Published: 10/07/2024

Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.Nearly every day (certainly every week) the headlines scream of massive data breaches. It's enough to make you wonder: with companies supposedly pouring resources into cybersecurity, why are cyber inci...

Cybersecurity Risk Mitigation Recommendations for 2024-2025

Blog Published: 10/08/2024

Originally published by Entro.Written by Itzik Alvas, CEO & Co-founder, Entro.The Rise of Non-Human Identities Non-human identities (NHIs) such as automated systems, devices, APIs, and services, are playing an increasingly large role in IT ecosystems. These entities are essential for daily...

AI and Data Protection: Strategies for LLM Compliance and Risk Mitigation

Blog Published: 10/09/2024

Originally published by Normalyze.Written by Vamsi Koduru.Artificial Intelligence is evolving at a breakneck pace, with new models and applications being deployed across industries daily. However, this rapid advancement has brought with it a host of compliance challenges.As data security metho...

Top Threat #3 - API-ocalypse: Securing the Insecure Interfaces

Blog Published: 10/09/2024

Written by CSA’s Top Threats Working Group.In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whe...

Reflections on NIST Symposium in September 2024, Part 2

Blog Published: 10/10/2024

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR.1. Introduction and Background On September 24, 2024, I had the privilege of attending the NIST symposium "Unleashing AI Innovation, Enabling Trust." This event brought together leading experts, policymakers, and ...

Unleashing the Power of Managed Endpoint Security: Crafting Effective SD-WAN and SASE Strategies

Blog Published: 10/15/2024

Written by Andrew Winney, General Manager and Global Head of SASE Business, Tata Communications.Originally published on CXOtoday.In today's digitally connected world, businesses face unprecedented challenges in securing their expanding network of endpoints. As Distributed Enterprises embrace r...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
181
182
183
185
187
188
189
Last »