Forging Robust Cloud Defenses for Modern Businesses
Blog Published: 04/23/2025
Originally published by Reemo. Written by Florent Paret. The wholesale adoption of cloud technology has become a cornerstone of digital transformation, empowering enterprises with unprecedented agility and scalability within today’s fiercely competitive landscape. Yet, this ev...
Implementing CCM: Data Protection and Privacy Controls
Blog Published: 04/22/2025
The Cloud Controls Matrix (CCM) is a framework of essential cloud security controls that follow CSA best practices. You can use CCM to assess and guide the security of any cloud implementation. CCM also provides guidance on which actors within the cloud supply chain should implement which...
A New Era for Compliance: Introducing the Compliance Automation Revolution (CAR)
Blog Published: 04/29/2025
Written by Daniele Catteddu, CTO, Cloud Security Alliance (CSA). Introducing the Compliance Automation Revolution (CAR) Initiative In today’s rapidly evolving digital landscape, it is of strategic importance that technology providers are not only secure but can, at any time, demon...
New Cloud Security Alliance Certification Program Equips Professionals With Skills to Ensure Responsible and Safe Development and Management of Artificial Intelligence (AI)
Press Release Published: 04/28/2025
Partnership with Northeastern University to deliver critical education for the future of IT and cybersecurity SAN FRANCISCO (RSA Conference) and SEATTLE – April 28, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications,...
Threat Modeling Google's A2A Protocol with the MAESTRO Framework
Blog Published: 04/30/2025
Written by Ken Huang, CSA Fellow and Co-Chair of AI Working Groups, CEO of DistributedApps.ai, and AI Book Author; and Dr. Idan Habler, Staff AI Security Researcher at Intuit, specializing in AI application security. 1: Introduction Google's A2A (Agent-to-Agent) protocol holds i...
5 Steps of the Security Questionnaire Process to Automate Today
Blog Published: 05/01/2025
Originally published by Vanta. Written by Lucia Giles. As organizations sell to more discerning buyers, scrutiny on security and compliance practices grows. It’s certainly warranted—the frequency of third-party breaches is on the rise. In our State of Trust Report, almost ...
Bridging the Gap: Using AI to Operationalize Zero Trust in Multi-Cloud Environments
Blog Published: 05/02/2025
Written by Advait Patel, Senior Site Reliability Engineer, Broadcom. Reviewed by Aparna Achanta, Principal Security Architect, IBM Federal Consulting. Many businesses are integrating multi-cloud strategies today. The approach provides flexibility and eliminates dependence on ...
Why MFT Matters for Enterprise Compliance and Risk Reduction
Blog Published: 05/05/2025
Originally published by Axway. Written by Chandu Manda, Field CTO, Axway. Compliance is no longer just a checkbox—it’s a moving target. As organizations move toward automating and integrating B2B file transfers across cloud and hybrid environments, compliance is no ...
Phishing Tests: What Your Provider Should Be Telling You
Blog Published: 04/24/2025
Originally published by Schellman. Written by Austin Bentley. It's no secret: many organizations view and treat phishing as a periodic checkbox assessment. It’s often a basic email template sent to an entire organization. If someone clicks the link, they are recorded and possibly enr...
Implementing CCM: Enterprise Risk Management Controls
Blog Published: 04/25/2025
The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. It is created and updated by CSA and aligned to CSA best practices. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provides guid...
Understanding SAQ A and SAQ A-EP Eligibility: A Streamlined Approach to PCI DSS Compliance
Blog Published: 04/28/2025
Originally published by BARR Advisory. For businesses that accept online payments, compliance with the Payment Card Industry Data Security Standard (PCI DSS) is essential, but it doesn’t have to be overwhelming. If your business does not store, process, or transmit cardho...
Cloud Security Alliance Honors CrowdStrike Founder and CEO George Kurtz with 2025 Philippe Courtot Leadership Award
Press Release Published: 04/28/2025
Kurtz recognized for outstanding efforts in advancing cloud security, cybersecurity worldwide SAN FRANCISCO (RSA Conference) and SEATTLE – April 28, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices ...
Why We’re Launching a Trusted AI Safety Knowledge Certification Program
Blog Published: 04/26/2025
Written by Anna Campbell Schorr, Training Program Director, Cloud Security Alliance. Over the years, we’ve witnessed security paradigms evolve—from the early days of perimeter defense, to the rise of Zero Trust, and most recently, the challenges introduced by Artificial Intellig...
Cloud Security Alliance Issues Top Threats to Cloud Computing Deep Dive 2025
Press Release Published: 04/29/2025
Case studies articulate cloud computing’s most significant and pressing issues SAN FRANCISCO (RSA Conference) and SEATTLE - April 29, 2025 - The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a...
The Evolving Role of GDPR Auditors
Blog Published: 04/29/2025
Originally published by Scrut Automation. Written by Nicholas Muy. The evolving role of GDPR Auditors As businesses continue to rely more on data, the need for strong privacy and compliance measures has never been greater. The General Data Protection Regulation (GDPR) ...
Cloud Security Alliance Transforms IT Compliance and Assurance with Launch of Compliance Automation Revolution (CAR)
Press Release Published: 04/29/2025
CAR to solve real-world compliance problems with practical and effective solutions SAN FRANCISCO (RSA Conference) and SEATTLE – April 29, 2025 – Today's organizations have to comply with hundreds of data security and privacy laws, while grappling with an influx of even more regulations tha...
Knowing the Difference Between the Two Types of Technical Challenges is the Key to Smarter Decisions
Blog Published: 04/30/2025
Originally published by CXO REvolutionaries. Written by Jay Patty, CTO in Residence, Zscaler. Know the difference between vendor-related and technology-related problems to determine the fastest resolution. Thomas Jefferson famously proclaimed that all men are created equal, ...
Secure Vibe Coding: Level Up with Cursor Rules and the R.A.I.L.G.U.A.R.D. Framework
Blog Published: 05/06/2025
Written by Ken Huang, CSA Fellow; Youssef Harkati, BrightOnLABS; Jean-François Linteau Labonté, BrightOnLABS; and Albert Hui, Security Ronin. 1: Introduction As Code Agents such as Cursor, Windsurf, and Replit become widely used due to their capability to support fast proof of...
Building Identity Resilience for the Front Lines of Disruption
Blog Published: 05/07/2025
Written by Eric Olden, Strata Identity. Originally published on Forbes. No group relies on reliability and predictability more than the military. Human lives and critical data depend on safe and secure systems. Yet, operations frequently occur under extremely challenging condit...
A CISO's Guide to Reporting on Cloud Security (Without Putting Everyone to Sleep)
Blog Published: 05/09/2025
Written by Sarah Elkaim, Sweet Security. Let’s be honest—reporting isn't the most glamorous part of our job as CISOs. But it’s one of the most important. It’s the difference between “trust me, we’re secure” and actually proving it with data that matters. Today’s cloud environ...