Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersEventsBlog
Join us on September 3rd for The Evolution of Cloud Network Security webinar. Register now!

All Articles

Home
All Articles
Proactive Defense Starts with the Platform: Why Security Can’t Just Be a Checklist

Blog Published: 08/19/2025

Cybersecurity teams are stuck in a paradox: the faster organizations innovate, the more vulnerabilities they create. Yet the traditional "scan-and-block" playbook—layering on tools after code is written or infrastructure deployed—isn’t just inefficient; it’s obsolete. We’ve all seen the fall...

"Set It and Forget It” Access Control is No Longer Enough

Blog Published: 08/20/2025

We’ve all felt it—RBAC isn’t holding the line like it used to. I had an interesting conversation with a CISO last week that crystallized something I’ve been thinking about for a while. We were discussing their access governance challenges when she said: “We have developers jumping between s...

A Breakdown of the ISO 27001 Certification Process

Blog Published: 08/21/2025

ISO 27001 is the international standard for information security management, providing a structured, risk-based framework for identifying threats, implementing effective security controls, and safeguarding sensitive data. By pursuing ISO 27001 certification, organizations demonstrate their ...

Vulnerability Management Needs Agentic AI for Scale and Humans for Sense

Blog Published: 08/22/2025

If we’re in AI’s Wild West, this much is clear: When it comes to vulnerability management, agentic AI technologies need human wranglers. (Though the humans need not ride horseback.)  AI agents are upending vuln management by scaling up identification of suspected software flaws. ...

What Internal Auditors Wish Every Company Knew About SOC 2

Blog Published: 08/25/2025

In 2025, SOC 2 is no longer the badge of excellence it once was — it’s the bare minimum. A staggering 92% of organizations now conduct at least two audits annually, and 58% go through four or more. It reflects how critical compliance has become to win customer trust and stay in business. M...

The Urgent Need for Hypervisor Security in Healthcare

Blog Published: 08/26/2025

Originally published by Vali Cyber.   Healthcare organizations increasingly rely on virtualization to consolidate infrastructure, streamline IT, and improve patient care. But this shift comes with a growing risk: hypervisors have become key targets for ransomware groups exploiting the...

The Definitive Catch-Up Guide to Agentic AI Authentication

Blog Published: 08/18/2025

Over the last six months, the world has gone from zero to 60 mph on agentic AI. I’ve been a fairly avid LLM user (for software development, polishing text, and other needs). However, I’ve barely touched on agentic AI, model context protocol (MCP), and other modern approaches that have pop...

The Emerging Identity Imperatives of Agentic AI

Blog Published: 08/28/2025

There is no shortage of exaggerated claims about artificial intelligence, but some of the most consequential developments remain poorly understood. AI agents, autonomous software systems designed to reason, plan, and act across digital environments, are quietly reshaping how work gets done. T...

Understanding HIPAA: Key Regulations and Compliance

Blog Published: 08/29/2025

In an era where data breaches and privacy concerns are prevalent, understanding HIPAA regulations is crucial for safeguarding sensitive health information.   What is HIPAA and Why It Matters The Health Insurance Portability and Accountability Act (HIPAA) is a critical piece of legisla...

Agentic AI and Zero Trust

Blog Published: 08/07/2025

Agentic AI is a different kind of AI. It’s not like the generative AI everyone’s talking about—the one that stitches together an answer based on what it knows or guesses when it doesn’t. That’s great for content creation, for generating reports, for summarizing data, or for writing code. B...

Announcing the AI Controls Matrix and ISO/IEC 42001 Mapping — and the Roadmap to STAR for AI 42001

Blog Published: 08/20/2025

Today, CSA is releasing the official mapping of the AI Controls Matrix (AICM v1.0) to ISO/IEC 42001:2023—with companion references to ISO/IEC 27001 and 27002. This practical guide helps organizations integrate AI-specific controls into existing ISMS programs, accelerate gap analysis, and bui...

Securing the Agentic AI Control Plane: Announcing the MCP Security Resource Center

Blog Published: 08/20/2025

Introducing CSA’s MCP Security Resource Center — the first open industry hub for securing the Model Context Protocol and the broader agentic AI control plane.   How fast can a technology standard be adopted? The Model Context Protocol (MCP) gives us the answer. Its core specificati...

Introducing DIRF: A Comprehensive Framework for Protecting Digital Identities in Agentic AI Systems

Blog Published: 08/27/2025

  As generative AI technologies continue to advance at a breakneck pace, they bring unprecedented opportunities for personalization and efficiency. However, they also introduce profound risks to personal privacy and security particularly in the realm of digital identities. From voic...

Risk-Based vs. Compliance-Based Security: Why One Size Doesn’t Fit All

Blog Published: 08/27/2025

Compliance frameworks establish essential security baselines. The challenge: They often fall short of addressing the nuanced and ever-changing nature of cyber risks. This underscores the necessity of integrating risk-based security measures to enhance an organization’s overall security post...

Achieving Resilience Through Zero Trust

Blog Published: 08/29/2025

“The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.” - Sun Tzu “Resilience is the ability to remain viable am...

Understanding U.S. AI Policy: Executive Orders, the Big Beautiful Bill, & America’s AI Action Plan

Blog Published: 09/02/2025

The global push to both regulate and strategically accelerate the development of artificial intelligence (AI) has gained momentum over the past year, resulting in a diverse landscape of evolving frameworks, policies, and executive directives. In the United States, this dual focus on oversig...

A Successful SIM Swap Attack: Unpacking the 2022 FTX Hack

Blog Published: 09/02/2025

CSA’s Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world security breaches. The report presents the narrative of each incident, as well as the relevant cloud security risks and mitigations. Today we’re reflecting on the seventh incident covered in the Deep Dive...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
206
207
208
210