Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersEventsBlog
Register now for the December 11 session on the rise of DeepSeek, AI experimentation, and critical security gaps.

All Articles

Home
All Articles
Why Identity Is the Cornerstone of Zero Trust Architecture

Blog Published: 10/16/2025

  Introduction Imagine giving a stranger your house keys just because they walked past your driveway. That’s effectively what many organizations still do—granting implicit trust to users or systems based on network location. Zero Trust flips this model on its head by treating every ...

What to Know About the EU AI Code of Practice

Blog Published: 10/20/2025

As the need for innovative artificial intelligence grows, regulatory bodies are working quickly to create frameworks that balance acceleration with safety, accountability, and trust. Notably, the European Union’s AI Act is poised to reshape how organizations approach AI governance, especial...

How to Improve Risk Management with an Application Fabric

Blog Published: 10/21/2025

With enterprise applications increasingly distributed across on-premises data centers, cloud environments, and SaaS platforms, this fragmentation makes it difficult to secure access, govern usage, and manage compliance. As the application footprint grows, so does risk. For example, mergers ...

Using an LLM as a Judge

Blog Published: 10/28/2025

What is using an LLM as a judge? Using an LLM as a judge is the practice of using a large language model to evaluate the quality of AI-generated content, essentially letting one model serve as the “judge” of another model’s output. At its core, using an LLM as a judge involves leveraging t...

Science Stymied by Spreadsheets? Modernizing DOE Compliance

Blog Published: 10/23/2025

The National Laboratories of the Department of Energy stand at the forefront of scientific innovation, tackling complex challenges and advancing research across the world. But behind these groundbreaking discoveries lies a less glamorous reality: the overwhelming number of compliance processe...

Passwordless Authentication - A Digital Trust Transformation in Combating Credential-Based Attacks

Blog Published: 10/29/2025

Passwordless Authentication is becoming more relevant in the modern era of digital security by offering organizations a strong defence against credential based cyber-attacks that have always been the most prevalent cause for data breaches. In this article we will explore how passwordless tec...

SASE: Securing the New Enterprise Perimeter with Zero Trust

Blog Published: 10/27/2025

The definition of enterprise security has evolved beyond recognition. Traditionally enterprises used to secure their applications, data and users within their physical locations from external threats. However, enterprise boundaries have moved beyond these physical walls due to emergence of em...

Hypervisor Security in Finance: Why Virtual Infrastructure is a Growing Ransomware Target

Blog Published: 10/30/2025

Written by Chris Goodman, Vali Cyber. Imagine a financial institution where all virtual machines—responsible for everything from customer transactions to trade executions—suddenly go dark. Operations freeze, data is locked, and millions are at stake. This is no hypothetical scenario; i...

Building an AI Native Engineering Organization: Lessons in Speed, Culture, and Security

Blog Published: 10/29/2025

Not long ago, I led the transformation of a fast moving technology company’s engineering organization. Our goal was to move from a traditional, high functioning team to one built entirely around AI native principles. It didn’t begin with a sweeping strategy. It started with uncomfortable ex...

Regulatory Reckoning: The Hidden Cost of an Immature Compliance Program

Blog Published: 10/30/2025

Remember when it was enough for companies just to have a compliance program, any compliance program? Those days are over. Permanently. Today, organizations face mounting pressure to demonstrate not bare-bones compliance but full maturity in their approach to managing regulatory requirement...

Implementing CCM: Incident Response Controls

Blog Published: 10/14/2025

The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. Created by CSA, the CCM aligns with CSA best practices. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provides guidance on whic...

New Study from Cloud Security Alliance Finds AI Improves Analyst Accuracy, Speed, and Consistency in Security Investigations

Press Release Published: 10/07/2025

Security operations center (SOC) analysts assisted by AI are faster and more accurate compared to counterparts working manually SEATTLE – Oct. 7, 2025 – Beyond the Hype: A Benchmark Study of AI in the SOC, a new report from the Cloud Security Alliance (CSA), the world’s leading not-for-pro...

Secure Use of the Agent Payments Protocol (AP2): A Framework for Trustworthy AI-Driven Transactions

Blog Published: 10/06/2025

Written by Ken Huang, CEO at DistributedApps.ai and Jerry Huang, Engineering Fellow, Kleiner Perkins.   Abstract AI agents used in e-commerce necessitates secure payment protocols capable of handling high-determinism user authorization, agent authentication, and non-repudia...

How Organizations Can Lead the Way in Trustworthy AI

Blog Published: 10/16/2025

Artificial intelligence is reshaping the world at a pace that few technologies have ever matched. From healthcare to customer support, AI systems now influence decisions with profound consequences. Yet alongside its promise, AI carries risks such as bias, hallucinations, privacy breaches, an...

AI-Integrated Cloud Pentesting: How LLMs Are Changing the Game

Blog Published: 10/24/2025

Cloud environments have become central to modern business operations, but their scale, complexity, and dynamic nature create significant security challenges. Traditional penetration testing methods, manual exploits, and scripted scans often struggle to cover rapidly evolving multi-cloud infr...

Introducing TAISE: The Trusted AI Safety Expert Certificate

Blog Published: 10/22/2025

Artificial intelligence is shaping the future of business, society, and daily life at an unprecedented pace. Yet, alongside innovation comes urgent responsibility: ensuring that AI systems are safe, secure, ethical, and resilient. CSA, together with Northeastern University, has created the T...

Quantum Heist? Not So Fast — How Financial Institutions Can Fight Back

Blog Published: 10/10/2025

Do you have a bank account, cryptocurrency, and/or any assets managed by a financial institution or bank? I bet you want the financial institutions that handle them for you to keep those assets safe from any threat, including, a Cryptographically Relevant Quantum Computer (CRQC) which is on t...

Cyber Threat Intelligence: AI-Driven Kill Chain Prediction

Blog Published: 10/20/2025

Written by: Ken Huang, Fellow and Co-chair of AI Safety Working Groups, CSA and CEO, DistributedApps.ai Monisha Dhanraj, CEO, Frondeur Labs Chitraksh Singh, AI Security Researcher, Frondeur Labs   In this blog, we'll talk about KillChainGraph and what it's trying to a...

Implementing CCM: Supply Chain Management Controls

Blog Published: 10/24/2025

The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. Created by CSA, the CCM aligns with CSA best practices. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provides guidance on whic...

Calibrating AI Controls to Real Risk: The Upcoming Capabilities-Based Risk Assessment (CBRA) for AI Systems

Blog Published: 10/27/2025

Governing generative and agentic AI while enabling AI innovation at the same time can feel like whiplash. In the upcoming Cloud Security Alliance (CSA) whitepaper, we introduce the Capabilities-Based Risk Assessment (CBRA). This structured methodology for evaluating enterprise AI risk looks...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
209
210
211
213
215
216
Last »