ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

All Articles
Bringing the Security vs. Usability Pendulum to a Stop

Blog Published: 11/26/2024

Originally published by CXO REvolutionaries.Written by Jay Patty, CTO in Residence, Zscaler.Like death and taxes, the tradeoff between robust security and a seamless user experience has long been a challenge for organizations across industries. On the one side, stringent security measures are ...

Defining Identities, Accounts, and the Challenge of Privilege Sprawl

Blog Published: 12/02/2024

Originally published by Britive.Identity and access management (IAM) has always been crucial for maintaining security within organizations. Traditionally, IAM and other identity-focused solutions prioritize managing these identities and permissions within on-premises environments.However, the ...

Legacy MFT Solutions Might Not Look Broken, But They Are

Blog Published: 12/03/2024

Originally published by Axway.Written by Shari Lava, Senior Director, AI and Automation at IDC.Introduction by Emmanuel Verge, Senior Product & Solutions Marketing Director at Axway.IntroductionAxway is happy to contribute to the discussion within the CSA community about new emerging trend...

What Can We Learn from Recent Cloud Security Breaches?

Blog Published: 11/26/2024

Originally published by Skyhawk Security.Over the past year there have been several prominent cyber incidents involving the cloud. These incidents have illustrated the dependency of organizations on the cloud, the vulnerability of the cloud, and the motivation of attackers to utilize this to t...

A Wednesday in the Life of a Threat Hunter

Blog Published: 11/27/2024

Written by Chandra Rajagopalan, Principal Software Engineer, Netskope. Imagine you have a role in making sure your enterprise is secure and on a typical Wednesday, you suddenly suspect that something is amiss or you come to know of a new threat intelligence about a specific technique or too...

AI in Cybersecurity - The Double-Edged Sword

Blog Published: 11/27/2024

Written by Jithu Joseph, Information Security Analyst and Member of the CSA Bangalore Chapter.Artificial Intelligence (AI) is revolutionizing cybersecurity, providing tools and techniques that can detect, prevent, and respond to cyber threats with unimaginable speed and precision. While AI emp...

CSA Community Spotlight: Creating Globally-Recognized Cybersecurity Assessments with Willy Fabritius

Blog Published: 11/27/2024

Celebrating 15 years of innovation, the Cloud Security Alliance (CSA) has established itself as the premier organization shaping the future of cloud security through the development of transformative security frameworks. Since the release of our inaugural Security Guidance for Critical Areas o...

Readiness Assessments: A Crucial Part of Your SOC Engagement

Blog Published: 12/02/2024

Originally published by BARR Advisory.In the world of data security, a readiness assessment is your organization’s first step toward completing a successful SOC engagement. Readiness assessments test the controls that will be examined during your audit, which will provide recommendations for a...

Top Threat #6 - Code Confusion: The Quest for Secure Software Development

Blog Published: 12/02/2024

Written by CSA’s Top Threats Working Group.In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whe...

Upcoming CPPA Meeting and Proposed Data Broker Rulemaking Made Public

Blog Published: 12/04/2024

Originally published by Truyo. Written by Dan Clarke, President, Truyo. The California Privacy Protection Agency (CPPA) remains actively engaged, not only in the prominent new rulemaking on automated decision-making but also in the ongoing refinement of existing policies. The CPPA will host a ...

Cyber Essentials Certification Cost and Related Expenses: A Detailed Breakdown

Blog Published: 12/05/2024

Originally published by Vanta.The Cyber Essentials assurance scheme is one of the best accreditations you can obtain for improving your organization's cybersecurity posture and reducing the risk of cyberattacks. It offers a robust set of controls you can implement to fortify the security of yo...

AI-Enhanced Penetration Testing: Redefining Red Team Operations

Blog Published: 12/06/2024

Written by Umang Mehta, Global Delivery Head and Member of the CSA Bangalore Chapter. In the ever-evolving world of cybersecurity, penetration testing has long been a cornerstone for identifying vulnerabilities and assessing the resilience of systems. Traditional penetration testing involves s...

Why Continuous Controls Monitoring is Not GRC: Transforming Compliance and Risk Management

Blog Published: 12/09/2024

Originally published by RegScale.Written by Esty Peskowitz.Governance, risk, and compliance (GRC) have long been the cornerstone of organizational operations, ensuring that enterprises adhere to regulatory standards and effectively manage risks. However, as technology continues to evolve at a ...

Phishing Attacks on State and Local Governments Surge 360%

Blog Published: 12/04/2024

Originally published by Abnormal Security.Written by Mike Britton.A successful email attack on a private organization can undoubtedly have costly consequences. But a single successful attack on a government agency can be absolutely devastating—putting public utilities, emergency services, and ...

Evolutionary vs. Revolutionary Growth: Striking a Balance at Sunbelt Rentals

Blog Published: 12/05/2024

Originally published by CXO REvolutionaries.Written by JP Saini, CTO, Sunbelt Rentals, Inc.Every enterprise knows the importance of extending seamless connectivity to customers and employees without compromising security. The objectives seem – and sometimes are – at odds with one another. Best...

Microsoft Power Pages: Data Exposure Reviewed

Blog Published: 12/09/2024

Originally published by AppOmni.Written by Aaron Costello, Chief of SaaS Security Research, AppOmni.This blog post explores a significant data exposure issue within Microsoft Power Pages, a low-code SaaS platform, due to misconfigured access controls. It highlights how sensitive PII can be ina...

Strengthening Cybersecurity with a Resilient Incident Response Plan

Blog Published: 12/10/2024

Written by Itzik Alvas, Entro.As ransomware and phishing threats rise, having a robust Cybersecurity Incident Response Plan (CSIRP) has become essential. Forbes notes that 2023 saw a 72% spike in data breaches compared to 2021, largely from compromised non-human identities as well as email-dri...

The Service Accounts Guide Part 1: Origin, Types, Pitfalls and Fixes

Blog Published: 12/10/2024

Originally published by Astrix.Written by Tal Skverer.When you hear “Service Account” what comes to mind? Unrotated passwords? MSSQL Server 2008?Terminator-style robots? 🤖These “OGs of non-human identities” are the interconnection point between automated processes for accessing sensitive data,...

The Transformative Power of Multifactor Authentication

Blog Published: 12/11/2024

Written by Abel E. Molina, Softchoice."It is easier to resist at the beginning than at the end."- Leonardo da VinciThe quote stated above aligns perfectly with the principles of multifactor authentication (MFA), emphasizing early and proactive security measures. MFA requires users to provide m...

It’s Time for Ushered Access to Replace Free Reign for Third-Party Partners

Blog Published: 12/12/2024

Originally published by CXO REvolutionaries.Written by Maneesh Sahu, Contributor, Zscaler.Consider a familiar scene for office goers. Upon entering the building, employees, long-term contractors, and building staff typically swipe a key fob or a mobile key to gain access to the company office ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.