Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersEventsBlog

All Articles

Home
All Articles
Understanding STAR for AI Level 2: A Practical Step Toward AI Security Compliance

Blog Published: 11/19/2025

The landscape of AI governance continues to evolve rapidly, presenting significant challenges for organizations trying to establish robust compliance frameworks. The Cloud Security Alliance (CSA) has introduced an initial version of the STAR for AI Level 2 designation, which leverages ...

How to Measure SOC Efficiency and Performance (Lessons from the Frontlines)

Blog Published: 11/24/2025

Written by Ben Brigida, Expel. This blog is based on a recent session where Ray and I (Ben) discussed the key aspects to measuring security operations center (SOC) effectiveness. Over the years leading SOCs, I've learned that measuring success is one of the toughest challenges we face. A ...

3 Vulnerabilities in Generative AI Systems and How Penetration Testing Can Help

Blog Published: 11/24/2025

Originally published by Schellman. With proven real-life use cases, it’s a no-brainer that companies are looking for ways to integrate large language models (LLMs) into their existing offerings to generate content. A combination that’s often referred to as Generative AI, LLMs enable chat i...

Cloud Security Alliance Announces Availability of STAR for AI Level 2 and Valid-AI-ted for AI

Press Release Published: 11/20/2025

Microsoft and Zendesk recognized as first organizations to achieve STAR for AI Level 2 certification SEATTLE – November 20, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud ...

The Internet is a Single Point of Failure

Blog Published: 11/21/2025

Resiliency through multicloud looks great on paper, but the reality is far more complex (and expensive). Thanks to Amazon, Microsoft, and Google, my calendar over the past few weeks spiked with members calling to discuss cloud resiliency. Each of these outages was rare, and none of them sha...

The Ghost in the Machine is a Compulsive Liar

Blog Published: 12/12/2025

We built AI in our own image, but we forgot the blueprint – and now we’re shocked when it lies to us? The fix isn’t in the code, but our philosophy of perception. Forget technical manuals - the best explanation of AI risk I ever heard came from the neuroscientist Andrew Gallimore talking...

MCP Can Be RCE for You and Me

Blog Published: 11/25/2025

Before I get into the meat of this post, I want to emphasize that I am a huge fan of MCP (Model Context Protocol) servers and I believe the technology offers more than enough value to justify its use in the enterprise. But, like everything else on the planet, MCP is a double edged sword. And...

Enhancing the Agentic AI Security Scoping Matrix: A Multi-Dimensional Approach

Blog Published: 12/16/2025

  Introduction AWS recently launched the Agentic AI Security Scoping Matrix, a framework designed to help organizations securely deploy autonomous AI systems. The AWS framework categorizes AI systems into four scopes based on agency and autonomy levels: Scope 1 (No Agency): Human...

How to Build AI Prompt Guardrails: An In-Depth Guide for Securing Enterprise GenAI

Blog Published: 12/10/2025

As generative AI moves from experimentation to widespread enterprise deployment, a subtle but serious issue is becoming clear: AI models cannot inherently protect the sensitive data users provide to them. Organizations enthusiastically adopt LLMs to boost efficiency and accelerate decision-m...

Is Cloud-Native Key Management Right for You?

Blog Published: 12/19/2025

If you’re moving sensitive workloads into the cloud, the question “How will we handle key management in cloud services?” comes up quickly. Most providers make the decision feel easy. Turn on their cloud-native key management service, wire it into storage and databases, and move on. But how f...

Choosing the Right Key Responsibility Model

Blog Published: 01/05/2026

When organizations move sensitive workloads to the cloud, encryption is usually the easy part. The harder question is: who actually controls the keys? Unfortunately, terms like BYOK, HYOK, and CMK do not have an agreed-upon meaning throughout the industry. Our new Key Responsibility Models i...

The CSA Cloud Controls Matrix v4.1: Strengthening the Future of Cloud Security

Blog Published: 12/02/2025

Since its introduction in 2010, the Cloud Controls Matrix (CCM) has become a cornerstone of cloud security and compliance worldwide. Adopted across industries and geographies, it has enabled cloud service providers and cloud customers alike to evaluate their security posture, establish trust...

Killing Standing Privileges: Why Just-in-Time Access is the Future of PAM

Blog Published: 12/04/2025

If you had to pick a single control that changes the game for cloud security, you might want to choose killing standing privileges. Identity is now the easiest way in for attackers. Gartner has warned that mismanagement of identities, access, and privilege will be the top reason for cl...

IaC Security in the Age of AI: New Threats, Smarter Solutions

Blog Published: 01/05/2026

Let’s be real, Infrastructure-as-Code (IaC) is the heartbeat of modern cloud environments. It’s what allows teams to automate complex setups, keep everything consistent, and move from idea to deployment in record time. Instead of manually wiring systems together, engineers can now define thei...

The CSA Triangle Chapter’s Year of Momentum: 2025 Highlights

Blog Published: 12/11/2025

Building on a strong foundation, the CSA Triangle Chapter continued its mission in 2025 to advance education and awareness across Cloud Security, Zero Trust, and AI Safety; forge powerful partnerships; and deepen community engagement across its expanding region, which now extends beyond...

Why Compliance as Code is the Future (And How to Get Started)

Blog Published: 12/04/2025

Originally published by RegScale. If you’ve ever managed enterprise compliance, you know the drill all too well. It’s the night before the audit deadline and you’re drowning in spreadsheets, frantically gathering evidence. It’s 2025 — but you feel like you’re still doing compliance like it’...

AI Explainability Scorecard

Blog Published: 12/08/2025

Contributed by Aiceberg.   Part 1 — Why Transparency Is the True Measure of Trust When a medical AI system once recommended denying a patient treatment, the doctors hesitated—but couldn’t explain why. The algorithm’s reasoning was invisible, locked inside a mathematical “black...

Zero Trust for OT in Manufacturing: A Practical Path to Modern Industrial Security

Blog Published: 12/08/2025

  Introduction Over the past decade, manufacturing has emerged as one of the most heavily targeted industries for cyberattacks. These environments are inherently complex, built on layers of specialized and often non-standard technologies that rarely align with traditional IT lifecycl...

Security for AI Building, Not Security for AI Buildings

Blog Published: 12/09/2025

  AWS re:Invent 2025 Shows What "Shift Left" Can Mean for AI Security Although I wasn’t at AWS re:Invent in person this year (only the second one I’ve missed since 2013), I sat at home closely following the early “pre:Invent” and official conference announcements. While it’s always ri...

Deterministic AI vs. Generative AI: Why Precision Matters for Automated Security Fixes

Blog Published: 12/17/2025

Originally published by Gomboc.ai. In 2024, the dirty little secret was out: over 60% of AI-generated security fixes still had to be torn apart and rebuilt by engineers before they were safe to ship. That’s not “helping,” that’s creating rework. The reason? Guesswork dressed up as intellige...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
212
213
214
216
218
Last »