Your complete SaaS security guide—with best practices for ensuring it
Blog Published: 03/05/2025
Originally published by Vanta. SaaS security requires constantly monitoring and preparing to mitigate the latest industry threats and vulnerabilities. According to the 2024 State of SaaS Security Report, 58% of organizations experienced a SaaS security incident in the past year ...
Implementing CCM: Cryptography, Encryption, and Key Management
Blog Published: 03/10/2025
The Cloud Controls Matrix (CCM) is a framework of controls (policies, procedures, and technical measures) that are essential for cloud computing security. It is created and updated by CSA and aligned to CSA best practices. You can use CCM to systematically assess and guide the security of an...
Why GRC is key to safely unlocking ROI from design, hosting, and AI
Blog Published: 03/07/2025
Originally published by Scrut Automation. What’s the one thing businesses want from their software investments? Quick results. According to G2’s State of Software Report 2024, tools in design, hosting, and AI categories are leading the way in delivering faster ROI than any other sof...
Understanding UEBA: Essential Guide to User and Entity Behavior Analytics in Cybersecurity
Blog Published: 03/10/2025
Originally published by InsiderSecurity. Visibility into user actions is one of the critical challenges in the modern digital landscape. Traditional rule-based security solutions that generate a high number of alerts within modern environments are no longer practical; a new approach ...
From Ransomware to Regulation: Lessons from the Worst Year of Healthcare Cyber Breaches
Blog Published: 03/12/2025
Originally published by Censys. In 2024, it’s estimated that the two largest healthcare cyber incidents impacted over 100 million people, including patients and vendors across an interconnected digital landscape of insurers and healthcare providers. By October of 2024, 386 cybersecur...
What you need to know about South Korea’s AI Basic Act
Blog Published: 03/12/2025
Originally published by Schellman&Co. *Disclaimer: This article was written using a translated copy of the South Korea AI Basic Act* After the European Union paved the way for creating a legal framework for artificial intelligence (AI) in early 2024, many wondered what gove...
The Hidden Costs of Manual GRC in a Cloud-First World
Blog Published: 03/13/2025
Originally published by RegScale. Before I joined RegScale, I was a big buyer of legacy GRC tools. I won’t name any particular tools, but most of them featured 20-year-old approaches and “automation” in name only. At the end of the day, they left teams heavily reliant on manual proces...
AI Security and Governance
Blog Published: 03/14/2025
Written by Suresh Kumar Akkemgari, Hyland Software. Artificial Intelligence (AI) has become an integral part of our daily lives and business operations, permeating various industries with its advanced capabilities. However, the rapid adoption of AI technologies also brings signi...
Top Threat #11 - APT Anxiety: Battling the Silent Threats
Blog Published: 03/17/2025
Written by CSA’s Top Threats Working Group. In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we discuss the 11 top cybersecurity threats, their business impact, and how to tackle th...
One Percent Better Can Change Your World
Blog Published: 03/20/2025
Originally Published by CXO Revolutionaries on January 28, 2025. Written by: Nat Smith, Contributor, Zscaler. New resolutions already fading? This hack, inspired by British Cycling, can get you back on track. Now that we are at the tail end of the first month of the new year...
What the File Transfer Breach Crisis Means for MFT Security
Blog Published: 03/24/2025
Originally Published by Axway. Written by Emmanuel Vergé. File transfer solutions have been around for decades, but the conversation around its security is changing. In the words of Axway’s MFT Product Line Senior Director Paul Lavery, “MFT teams are in a once-in-...
Forget the Corporate Ladder and ‘Rock-Climb’ Your Way to Success
Blog Published: 03/25/2025
Originally Published by CXO Revolutionaries. Written by: Ben Corll, Contributor, Zscaler. It's time to put the 'corporate ladder' away. The modern professional journey is more like climbing an unfamiliar rock face with no obvious path to the top. For years, the corporate world...
Cloud Security Alliance’s Certificate of Cloud Security Knowledge (CCSK) Wins Cybersecurity Excellence Award
Press Release Published: 03/19/2025
CCSK, the benchmark for cloud security expertise, earns Best Cloud Security Certification SEATTLE – March 19, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud comp...
How to Address Cloud Identity Governance Blind Spots
Blog Published: 03/18/2025
Written by Gerry Gebel, VP of Products and Standards, Strata. Working directly with organizations that are navigating the complexities of multi-cloud environments, one thing has become clear: managing identities across cloud and on-prem systems isn’t getting any easier. Whether i...
3 Time-Consuming Security Functions to Automate in 2025
Blog Published: 03/18/2025
Originally published by Vanta. Our most recent State of Trust report found that 55 percent of global businesses think security risks for their organization have never been higher. Naturally, to mitigate an increase in risks in today’s complex threat landscape, businesses inv...
Privacy Concerns and Corporate Caution: The Double-Edged Sword of Generative AI
Blog Published: 03/19/2025
Originally published by Truyo. As generative AI technologies like OpenAI’s GPT-4o continue to evolve, they bring both incredible potential and significant risks. The capabilities of the latest AI models are more advanced and human-like than ever before, offering everything from solv...
From Risk to Revenue with Zero Trust AI
Blog Published: 03/18/2025
Written by Richard Beck, Director of Cyber Security, QA Ltd. AI security governance is fast becoming the boardroom’s new obsession, and with good reason. From biased models and hallucinated outputs to intellectual property leakage and regulatory scrutiny, the risks of unche...
Cloud Security Alliance’s Certificate of Competence in Zero Trust (CCZT) Recognized for Excellence in the 21st 2025 Globee® Awards for Cybersecurity
Press Release Published: 03/26/2025
CCZT is the industry’s first authoritative Zero Trust training and credential SEATTLE – March 26, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing envir...
Gaining the Edge (Literally!) Through Edge Computing
Blog Published: 03/19/2025
Written by Neelakantan Venkataraman, Vice President & Global Head of Cloud & Edge Business, Tata Communications. Originally published by Frontier Enterprise. The world is captivated by AI's impressive deployment, but the real profits lie in reassessing operational ...
Assessing the Security of FHE Solutions
Blog Published: 03/19/2025
Written by Joseph Wilson and the CSA FHE Working Group. Questions of privacy and security are at the forefront of every deployment of Fully Homomorphic Encryption (FHE). In this blog post, we provide insight that will help you to evaluate FHE solutions when answering the following qu...