Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersEventsBlog
Join Cyera’s DataSecAI in Dallas, Nov 12–14 to adopt, activate, and scale AI security for the future.

All Articles

Home
All Articles
10 Questions to Evaluate Cloud Email Security Solutions

Blog Published: 09/04/2025

Email remains the most common entry point for cyberattacks—and AI is reshaping how those attacks unfold. Today’s threats to cloud email use AI to impersonate trusted contacts, mimic real workflows, and blend seamlessly into day-to-day communication. To stop these attacks, security teams req...

AB 1018: California’s Upcoming AI Regulation and What it Means for Companies

Blog Published: 09/05/2025

Introduction As artificial intelligence (AI) becomes entrenched within every part of the modern business process, it increasingly has the power to shape companies, as well as the humans it touches. AI may even decide who gains access to economic opportunities and who does not. Today, nearl...

Fueling the AI Revolution: Modernizing Nuclear Cybersecurity Compliance

Blog Published: 09/09/2025

The relentless growth of AI demands an unprecedented surge in energy production. Is the nuclear sector prepared? Today, OpenAI’s ChatGPT will process over 2 billion prompts worldwide, consuming more electricity than a small city. Tomorrow, it will process even more. Now multiply that by ev...

API Security in the AI Era

Blog Published: 09/09/2025

Application Programming Interfaces have been the connective tissue of modern IT environments for decades, but the way they're being used is undergoing a fundamental shift. Once primarily a behind-the-scenes integration layer for web and mobile apps, APIs are now the primary gateway for AI sys...

What is Continuous Compliance, and How Can Your Team Actually Achieve It?

Blog Published: 09/08/2025

Originally published by Scrut Automation. Written by Amrita Agnihotri. How often does your team scramble just before an audit, only to go quiet once the reports are filed? It’s a pattern most organizations recognize, but it’s also one that leaves gaps in security and compliance. In...

From Policy to Prediction: The Role of Explainable AI in Zero Trust Cloud Security

Blog Published: 09/10/2025

You trust AI to protect your systems. It spots threats, blocks risks, and makes fast calls. But do you know how it reaches those decisions? In a Zero Trust model, that question becomes critical. You can’t afford to just trust outcomes. You need to understand how AI gets there. You need tran...

The Hidden Security Threats Lurking in Your Machine Learning Pipeline

Blog Published: 09/11/2025

Machine learning operations (MLOps) have rapidly evolved from experimental workflows to production-critical systems powering everything from fraud detection to autonomous vehicles. But as organizations rush to deploy ML models at scale, they're discovering that traditional cybersecurity appr...

Fortifying the Agentic Web: A Unified Zero Trust Architecture Against Logic-Layer Threats

Blog Published: 09/12/2025

Written by: Ken Huang, CSA Fellow, Co-Chair of CSA AI Safety Working Groups Hammad Atta Founder & AI Technology Advisor – Qorvexconsulting Research Dr. Zeeshan Baig – Global Partner, AI Threat Modeling & Security – Qorvexconsulting Research Dr. Yasir Mehmood –, AI 5G & IoT...

EDR Killers: How Modern Attacks Are Outpacing Traditional Defenses

Blog Published: 09/15/2025

Originally published by Invary. Endpoint Detection and Response (EDR) solutions have become a necessary final line of defense on endpoints. They monitor processes, flag anomalies, respond automatically to suspicious activity, and provide important telematics for incident responders. But...

Reflecting on the 2024 Microsoft Breach

Blog Published: 09/15/2025

CSA’s Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world security breaches. The report presents the narrative of each incident, as well as the relevant cloud security risks and mitigations. Today we’re reflecting on the final incident covered in the Deep Dive: ...

The Third-Party Access Problem: The Elephant in the Room for Every CISO’s Identity Strategy

Blog Published: 09/16/2025

Why legacy access models fail, and how modern identity platforms are redefining third-party risk. As a long-time CISO and before that having led B2B and Third-Party Connectivity technology service teams, I’ve witnessed firsthand how third-party access remains one of security’s most persiste...

Global Email Threat Landscape: Eye-Opening VEC and BEC Engagement Trends by Region

Blog Published: 09/17/2025

Your vendors are trusted partners, essential to daily operations. But to cybercriminals, they're the perfect disguise. Much like traditional business email compromise (BEC), vendor email compromise (VEC) involves the misuse of a familiar identity. In these attacks, however, the person being...

An Update on European Compliance: NIS2, CRA, DORA

Blog Published: 09/18/2025

As the EU's digital landscape evolves, so does its regulatory environment. With the NIS2 Directive, the Cyber Resilience Act (CRA), and the Digital Operational Resilience Act (DORA) all advancing on different timelines, organizations must prepare for a complex yet increasingly harmonized set...

Identity Security: Cloud’s Weakest Link in 2025

Blog Published: 09/19/2025

Identity security has officially overtaken all other risks as the top concern in cloud environments. According to CSA’s State of Cloud and AI Security 2025 survey report, insecure identities and risky permissions are the top cloud security risk. Hybrid and multi-cloud settings are now the n...

Do Your CI/CD Pipelines Need Identities? Yes.

Blog Published: 09/22/2025

If one principal can do anything, one mistake can undo everything. I’ve read too many incident reviews where the “automation user” turned out to be the attacker’s best friend. One token. All the doors. Code, artifacts, production. We built CI/CD to go fast. We accidentally made it the fast...

Controls vs. Key Security Indicators: Rethinking Compliance for FedRAMP

Blog Published: 09/23/2025

In the world of FedRAMP authorization, a common stumbling block is the complexity and volume of security controls that organizations must implement and continuously monitor. But a more recent FedRAMP 20x development, the Key Security Indicators (KSI), is emerging as a powerful alternative t...

What is Protected Health Information (PHI)?

Blog Published: 09/24/2025

What is PHI? Protected Health Information (PHI) is any data within a medical record that can be used to identify an individual. This information is created, used, or disclosed in the process of providing healthcare services, such as diagnosis or treatment. PHI is a critical component in the ...

EQS Group Achieves EU Cloud Code of Conduct Compliance through the Cloud Security Alliance Framework

Press Release Published: 09/15/2025

BRUSSELS – 10 September 2025 – The EU Cloud CoC General Assembly is pleased to announce that EQS Group is the first cloud service provider to successfully declare services adherent to the EU Cloud Code of Conduct (EU Cloud CoC) through the dedicated framework established in collaboration ...

Why I'm Joining CSA

Blog Published: 09/16/2025

After a world-record-setting 15-year interview process, I'm insanely excited to officially join the Cloud Security Alliance as Chief Analyst. Okay, this is the part where I should probably explain what the Chief Analyst is, what it adds for CSA members, how it helps the broader community, a...

RiskRubric: A New Compass for Secure and Responsible Model Adoption

Blog Published: 09/18/2025

Over the past decade, the Cloud Security Alliance has been at the forefront of helping organizations navigate the cloud’s risks and opportunities. As we now enter the generative AI era, the challenge is even greater: security teams must enable innovation while ensuring that developers select ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
207
208
209
211
213
214
Last »