Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Align cybersecurity controls with evolving regulations and make a real impact in the industry. Join CSA's Regulatory Analysis and Compliance Engineering Working Group!

All Articles

Home
All Articles
CISO's Guide for Defending against the Top 8 Cyber Threats in 2025

Blog Published: 05/19/2025

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler.   24 specific things you can do to strengthen your security program against today's top threats As we move further into 2025, the cyber threat landscape changes continuously and alarm...

The Rising Threat of Consent Phishing: How OAuth Abuse Bypasses MFA

Blog Published: 05/20/2025

Originally published by Valence Security. Written by John Filitz.   A sophisticated attack vector known as “consent phishing” has emerged as a significant SaaS security threat. Unlike traditional phishing that targets credentials directly, consent phishing exploits legiti...

When AI Breaks Bad: What High-Profile Failures Teach Us About Resilience

Blog Published: 05/20/2025

Written by Olivia Rempe, Community Engagement Manager, CSA.   In recent years, artificial intelligence has shown extraordinary promise—but also a troubling vulnerability: when it fails, it often fails fast, loud, and in the public eye. The Cloud Security Alliance’s AI Resilience ...

MCP: The Protocol That’s Quietly Revolutionizing AI Integration

Blog Published: 05/21/2025

Originally published by Enkrypt AI. Written by Nitin Aravind Birur, AI Researcher, Enkrypt AI.   Picture this: every time you picked up a new charger, you had to crack open your wall outlet and rewire the whole thing. Sounds exhausting, right? Well, that’s pretty much the kind ...

Managing Identity Risk to Strengthen Business Continuity

Blog Published: 05/21/2025

Written by Gerry Gebel, Strata. Originally published by Forbes.   Running applications and processes in the cloud has profoundly reshaped business and society. It has introduced remarkable gains in speed, efficiency, and convenience. Today, about 70% of organizations report ...

Sustainability Reporting: Key Insights for Businesses

Blog Published: 05/22/2025

Originally published by Schellman. Written by Stu Block.   Among the growing concerns regarding climate change and corporate responsibility, sustainability reporting has become a valuable tool for businesses to demonstrate their commitment to identifying and managing non-financial ris...

Taking the Pressure Off Employees When Protecting the Organization from Phishing Campaigns

Blog Published: 05/23/2025

Written by David Balaban.   At this point, it’s hardly news that the vast majority of cybersecurity breaches start with social engineering campaigns, most commonly phishing attacks. It’s not just breaches, either: according to some estimates, a whopping 45% of ransomware attacks b...

CSA Releases Comprehensive EATO Framework to Address Security Challenges for Small Cloud Providers

Blog Published: 05/20/2025

Written by Jim Reavis, CEO, CSA.   Small and mid-sized cloud service providers often face significant challenges when attempting to meet the rigorous security and compliance requirements set by their enterprise customers, especially those operating within highly regulated industries su...

The Hidden Risk in Your Cloud Stack: How Overlooked AWS Resources Become Entry Points for Hackers

Blog Published: 05/22/2025

Originally published by CheckRed. Written by Amardip Deshpande, Senior Security Researcher, CheckRed.   In February, Angel One, one of India’s leading financial services platforms, disclosed a security breach stemming from unauthorized access to its Amazon Web Services...

Exploring the Complex Relationship Between Privacy and Cybersecurity

Blog Published: 05/23/2025

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler.   Cybersecurity and privacy are foundational concerns for most organizations. While these concepts are often discussed together, they are distinct yet interconnected disciplines with ...

AI Model Scanning vs. AI Red Teaming

Blog Published: 05/27/2025

Originally published by TrojAI. Written by Julie Peterson.   Security for AI Self-driving cars, facial recognition software, automated hiring tools, AI chatbots. AI is everywhere. And like any transformative technology, it brings with it a whole new set of security challenges. We’re n...

Building Retail Trust Through Compliance and Transparency

Blog Published: 05/27/2025

Written by New Black.   Trust matters in retail. Period. The commerce platform you choose should earn your trust through verifiable compliance practices and transparent operations that protect your business and customers. No empty promises—just audited security standards and clear comm...

One AI System, Ten Different Regulators: Navigating GenAI’s Global Patchwork of Laws

Blog Published: 05/28/2025

Written by Olivia Rempe, Community Engagement Manager, CSA.   Innovative companies are building powerful Generative AI systems—only to find that their compliance obligations change every time they cross a border. From Europe’s sweeping GDPR and EU AI Act, to California’s CCPA/CPR...

The True Costs of Legacy PAM: What an Outdated System is Really Costing You

Blog Published: 05/29/2025

Originally published by Britive.   When it comes to evaluating your Privileged Access Management (PAM) solution, it’s easy to get tunnel vision around licensing fees. But let’s be honest: what you’re paying for that license is just the tip of the iceberg. The real costs of maintaining...

Implementing CCM: Identity & Access Management Controls

Blog Published: 05/30/2025

The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. The CCM is created and updated by CSA and aligned to CSA best practices. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provides ...

MCP, OAuth 2.1, PKCE, and the Future of AI Authorization

Blog Published: 05/28/2025

Originally published by Aembit. Written by Kevin Sapp.   How the MCP Authorization Spec reshapes security for LLM-powered autonomous agents.   Agentic AI systems – where large language models (LLMs) power autonomous, goal-driven agents – are rapidly transitioning from experi...

Multimodal AI at Risk: New Report Exposes Critical Risks

Blog Published: 05/29/2025

Originally published by Enkrypt AI. Written by Prashanth Harshangi, CTO, Enkrypt AI.   Red teaming tests expose major gaps in multimodal AI safety.   As generative AI rapidly evolves to process both text and images, a new Multimodal Safety Report released by Enkr...

AI Cybersecurity Regulations: What CISOs Need to Know

Blog Published: 05/30/2025

Originally published by CXO REvolutionaries. Written by Kyle Fiehler.   Many enterprise organizations are seeking to balance AI deployment with rapidly emerging global regulations. For many organizations, adopting artificial intelligence (AI) is proving to be a difficult balanc...

A Global Snapshot of AI Laws and How Compliance with ISO 42001 Can Help

Blog Published: 06/02/2025

Originally published by Schellman. Written by Jared Barczak.   As artificial intelligence continues to become increasingly integrated into regular business operations, the need for its responsible development and use also continues to grow. From bias and fairness to data priva...

Taming the Wild West of SaaS Data Sharing

Blog Published: 06/02/2025

Originally published by Valence Security. Written by John Filitz.   SaaS applications have become the backbone of productivity and collaboration, but the convenience of cloud-based tools brings significant security challenges that often fly under the radar. As security leaders, it’s ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
200
201
202
204
206
Last »