ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

All Articles
Cloud Security Alliance Issues Comprehensive Guidelines for Auditing Artificial Intelligence (AI) Systems, Beyond Compliance

Press Release Published: 11/14/2024

Paper presents a holistic overview and applicable methodology for impartially assessing intelligent systemsSEATTLE – Nov. 14, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure c...

How AI Changes End-User Experience Optimization and Can Reinvent IT

Blog Published: 11/15/2024

Originally published by CXO Revolutionaries.Written by Christopher Jablonski, Director, CXO REvolutionaries & Community.Improving the user experience is a top priority as businesses adapt to hybrid work, increase usage of SaaS applications, and new business demands. Everyone — employees, p...

Group-Based Permissions and IGA Shortcomings in the Cloud

Blog Published: 11/18/2024

Originally published by Britive.Groups make it easier to assign permissions to multiple users at once, reducing the administrative burden and shortening delays on getting appropriate levels of access. Traditional identity governance and administration (IGA) solutions have been pivotal in manag...

Managing AI Risk: Three Essential Frameworks to Secure Your AI Systems

Blog Published: 11/19/2024

Originally published by BARR Advisory.Artificial intelligence (AI) is transforming the way businesses operate across industries, driving advancements in automation, decision-making, and customer experiences. From healthcare to finance, AI has unlocked new opportunities for efficiency and innov...

Why Application-Specific Passwords are a Security Risk in Google Workspace

Blog Published: 11/19/2024

Originally published by Valence.Written by Jason Silberman.The digital world is constantly changing, and with it, the methods used to secure sensitive information. Decisions made years ago continue to shape today’s landscape. The inception of Gmail by Google marked a pivotal moment in history,...

Top Threat #5 - Third Party Tango: Dancing Around Insecure Resources

Blog Published: 11/18/2024

Written by CSA’s Top Threats Working Group.In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whether...

CSA Community Spotlight: Addressing Emerging Security Challenges with CISO Pete Chronis

Blog Published: 11/18/2024

As the Cloud Security Alliance (CSA) celebrates its 15th anniversary, we reflect on the pivotal role CSA volunteers and contributors have played in shaping the future of cloud security. Founded in 2009, CSA quickly established itself as an instrumental leader in the cloud security space, dedic...

Cloud Security Alliance Announces Winners of the 2024 Juanita Koilpillai Awards

Press Release Published: 11/20/2024

Award honors volunteers for their valuable contributions towards fulfilling CSA’s mission of promoting best practices to help ensure a secure cloud computing environmentSEATTLE – Nov. 20, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raisi...

The Lost Art of Visibility, in the World of Clouds

Blog Published: 11/20/2024

Written by Vito Nozza, Softchoice.“The power of visibility can never be underestimated” Margaret ChoAs many of you have read my past blogs, I like to quote individuals who have had experience in certain subjects. Although the above quote was meant for a different context, it bears true for thi...

It’s Time to Split the CISO Role if We Are to Save It

Blog Published: 11/22/2024

Originally published by CXO REvolutionaries.Written by David Cagigal, Former CIO of the State of Wisconsin.The chief information security officer role carries with it huge responsibility. Today's CISOs manage a 24/7 cybersecurity operation, stay ahead of cybercriminals, and comply with an ever...

5 Big Cybersecurity Laws You Need to Know About Ahead of 2025

Blog Published: 11/20/2024

Originally published by Schellman.Written by Jordan Hicks.Generally, with new cybersecurity regulations, organizations affected are provided a “grace period” to make the necessary adjustments to achieve full compliance before enforcement begins. Looking toward the horizon and 2025, many new la...

AI-Powered Cybersecurity: Safeguarding the Media Industry

Blog Published: 11/20/2024

Written by Satyavathi Divadari, Founder and President of the CSA Bangalore Chapter, in collaboration with the AI Technology and Risk Working Group.In the fast-paced world of media, where delivering authentic news quickly is essential, cybersecurity plays a critical role in protecting data, ens...

A Vulnerability Management Crisis: The Issues with CVE

Blog Published: 11/21/2024

For decades, the cybersecurity industry has relied on the Common Vulnerabilities and Exposures (CVE) program to standardize vulnerability documentation and guide threat intelligence. The program assigns a unique identifier to each discovered security vulnerability. Then, it ranks the vulnerabi...

CSA Community Spotlight: Nerding Out About Security with CISO Alexander Getsin

Blog Published: 11/21/2024

As the Cloud Security Alliance (CSA) celebrates its 15th anniversary, we take pride in the organization's extensive research accomplishments throughout the years that have defined the trajectory of cloud security. Since its founding in 2009, CSA has produced groundbreaking research that has se...

How Cloud-Native Architectures Reshape Security: SOC2 and Secrets Management

Blog Published: 11/22/2024

Written by Adam Cheriki, Co-Founder & CTO, Entro Security.As cloud-native architectures transform business operations, they bring unique security challenges. The rapid expansion of microservices, containers, and serverless functions has increased the number of secrets, making their protect...

The Evolution of DevSecOps with AI

Blog Published: 11/22/2024

Written by Rahul Kalva.Abstract The integration of artificial intelligence (AI) into DevSecOps is reshaping the way organizations approach security within their software development and deployment processes. As DevSecOps aims to embed security practices seamlessly into the DevOps pipeline, AI...

Cross-Platform Account Takeover: 4 Real-World Scenarios

Blog Published: 11/25/2024

Originally published by Abnormal Security.Account takeover (ATO) is a well-known attack method that has been documented for years. However, a less common type of attack occurs when ATO is used as the initial attack vector to gain access to another account, this is known as cross-platform ATO. ...

How the Alert Readiness Framework Supports Augmented Cybersecurity

Blog Published: 11/25/2024

Originally published by Devoteam.Traditional cybersecurity models that focus solely on prevention are no longer enough. Gartner’s “Augmented Cybersecurity“ whitepaper highlights the urgent need for organisations to adopt a more balanced approach—one that prioritises response and recovery as we...

What Are the ISO 42001 Requirements?

Blog Published: 11/25/2024

Originally published by Schellman. Written by Megan Sajewski. When seeking ISO 42001:2023 certification, you must ensure that your artificial intelligence management system (AIMS) aligns with the standard’s key clauses (4-10), each of which focuses on a specific facet—context, leadership, pla...

Cyber Essentials vs. Cyber Essentials Plus: Key Differences

Blog Published: 11/26/2024

Originally published by Vanta.If you wish to fortify your organization’s cybersecurity posture, obtaining a Cyber Essentials certification is a good idea. It enables IT managers to be more aware of the cybersecurity risks in their environment and take actionable steps to mitigate them. Before ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.