What 2024’s SaaS Breaches Mean for 2025 Cybersecurity
Blog Published: 12/03/2024
Originally published by AppOmni.Written by Julia Benson, Technical Content Marketing Manager, AppOmni.In 2024, we witnessed a significant evolution in SaaS-based TTPs, which enabled bad actors to bypass traditional entry points, exploit SaaS misconfigurations and identity systems, and compromise ...
Legacy MFT Solutions Might Not Look Broken, But They Are
Blog Published: 12/03/2024
Originally published by Axway.Written by Shari Lava, Senior Director, AI and Automation at IDC.Introduction by Emmanuel Verge, Senior Product & Solutions Marketing Director at Axway.IntroductionAxway is happy to contribute to the discussion within the CSA community about new emerging trends w...
Top Threat #6 - Code Confusion: The Quest for Secure Software Development
Blog Published: 12/02/2024
Written by CSA’s Top Threats Working Group.In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whethe...
Defining Identities, Accounts, and the Challenge of Privilege Sprawl
Blog Published: 12/02/2024
Originally published by Britive.Identity and access management (IAM) has always been crucial for maintaining security within organizations. Traditionally, IAM and other identity-focused solutions prioritize managing these identities and permissions within on-premises environments.However, the rap...
Readiness Assessments: A Crucial Part of Your SOC Engagement
Blog Published: 12/02/2024
Originally published by BARR Advisory.In the world of data security, a readiness assessment is your organization’s first step toward completing a successful SOC engagement. Readiness assessments test the controls that will be examined during your audit, which will provide recommendations for any ...
CSA Community Spotlight: Creating Globally-Recognized Cybersecurity Assessments with Willy Fabritius
Blog Published: 11/27/2024
Celebrating 15 years of innovation, the Cloud Security Alliance (CSA) has established itself as the premier organization shaping the future of cloud security through the development of transformative security frameworks. Since the release of our inaugural Security Guidance for Critical Areas of F...
AI in Cybersecurity - The Double-Edged Sword
Blog Published: 11/27/2024
Written by Jithu Joseph, Information Security Analyst and Member of the CSA Bangalore Chapter.Artificial Intelligence (AI) is revolutionizing cybersecurity, providing tools and techniques that can detect, prevent, and respond to cyber threats with unimaginable speed and precision. While AI empowe...
A Wednesday in the Life of a Threat Hunter
Blog Published: 11/27/2024
Written by Chandra Rajagopalan, Principal Software Engineer, Netskope. Imagine you have a role in making sure your enterprise is secure and on a typical Wednesday, you suddenly suspect that something is amiss or you come to know of a new threat intelligence about a specific technique or tool o...
Bringing the Security vs. Usability Pendulum to a Stop
Blog Published: 11/26/2024
Originally published by CXO REvolutionaries.Written by Jay Patty, CTO in Residence, Zscaler.Like death and taxes, the tradeoff between robust security and a seamless user experience has long been a challenge for organizations across industries. On the one side, stringent security measures are cri...
Cyber Essentials vs. Cyber Essentials Plus: Key Differences
Blog Published: 11/26/2024
Originally published by Vanta.If you wish to fortify your organization’s cybersecurity posture, obtaining a Cyber Essentials certification is a good idea. It enables IT managers to be more aware of the cybersecurity risks in their environment and take actionable steps to mitigate them. Before you...
What Can We Learn from Recent Cloud Security Breaches?
Blog Published: 11/26/2024
Originally published by Skyhawk Security.Over the past year there have been several prominent cyber incidents involving the cloud. These incidents have illustrated the dependency of organizations on the cloud, the vulnerability of the cloud, and the motivation of attackers to utilize this to thei...
How the Alert Readiness Framework Supports Augmented Cybersecurity
Blog Published: 11/25/2024
Originally published by Devoteam.Traditional cybersecurity models that focus solely on prevention are no longer enough. Gartner’s “Augmented Cybersecurity“ whitepaper highlights the urgent need for organisations to adopt a more balanced approach—one that prioritises response and recovery as well ...
What Are the ISO 42001 Requirements?
Blog Published: 11/25/2024
Originally published by Schellman. Written by Megan Sajewski. When seeking ISO 42001:2023 certification, you must ensure that your artificial intelligence management system (AIMS) aligns with the standard’s key clauses (4-10), each of which focuses on a specific facet—context, leadership, planni...
Cross-Platform Account Takeover: 4 Real-World Scenarios
Blog Published: 11/25/2024
Originally published by Abnormal Security.Account takeover (ATO) is a well-known attack method that has been documented for years. However, a less common type of attack occurs when ATO is used as the initial attack vector to gain access to another account, this is known as cross-platform ATO. In ...
The Evolution of DevSecOps with AI
Blog Published: 11/22/2024
Written by Rahul Kalva.Abstract The integration of artificial intelligence (AI) into DevSecOps is reshaping the way organizations approach security within their software development and deployment processes. As DevSecOps aims to embed security practices seamlessly into the DevOps pipeline, AI br...
How Cloud-Native Architectures Reshape Security: SOC2 and Secrets Management
Blog Published: 11/22/2024
Written by Adam Cheriki, Co-Founder & CTO, Entro Security.As cloud-native architectures transform business operations, they bring unique security challenges. The rapid expansion of microservices, containers, and serverless functions has increased the number of secrets, making their protection...
It’s Time to Split the CISO Role if We Are to Save It
Blog Published: 11/22/2024
Originally published by CXO REvolutionaries.Written by David Cagigal, Former CIO of the State of Wisconsin.The chief information security officer role carries with it huge responsibility. Today's CISOs manage a 24/7 cybersecurity operation, stay ahead of cybercriminals, and comply with an ever-gr...
CSA Community Spotlight: Nerding Out About Security with CISO Alexander Getsin
Blog Published: 11/21/2024
As the Cloud Security Alliance (CSA) celebrates its 15th anniversary, we take pride in the organization's extensive research accomplishments throughout the years that have defined the trajectory of cloud security. Since its founding in 2009, CSA has produced groundbreaking research that has set t...
A Vulnerability Management Crisis: The Issues with CVE
Blog Published: 11/21/2024
For decades, the cybersecurity industry has relied on the Common Vulnerabilities and Exposures (CVE) program to standardize vulnerability documentation and guide threat intelligence. The program assigns a unique identifier to each discovered security vulnerability. Then, it ranks the vulnerabilit...
Establishing an Always-Ready State with Continuous Controls Monitoring
Blog Published: 11/21/2024
Originally published by RegScale.Written by Esty Peskowitz.Securing and maintaining compliance has become increasingly challenging. Organizations must be agile, proactive, and continuously prepared to address evolving threats and regulatory demands. Are you looking for a way to stay ahead of thes...