Cloud 101CircleEventsBlog
CAIQ Lite is now accepted into the STAR Registry! Showcase your cloud security readiness with a simplified assessment. Learn more today!

All Articles

All Articles
Leveraging Zero-Knowledge Proofs in Machine Learning and LLMs: Enhancing Privacy and Security

Blog Published: 09/20/2024

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR.I recently attended Cloud Security Alliance's AI Controls Working Group's face-to-face meetings in Seattle. One interesting question was asked by one of our participants on if zero-knowledge proofs (ZKPs) are used in ma...

The Metadata Minefield: Protecting All Your Sensitive Data

Blog Published: 09/20/2024

Originally published by Symmetry Systems.Written by Claude Mandy, Chief Evangelist for Data Security, Symmetry Systems.When determining the sensitivity of data, it’s easy to focus solely on the content itself. However, the metadata associated with data can potentially expose other just as sensiti...

Building a Comprehensive Trust Center

Blog Published: 09/20/2024

Originally published by Vanta.In today's digital landscape, trust is paramount. Customers want to know that their data is secure and that they can rely on the companies they do business with. ‍One of the best ways to provide this assurance is through a well-crafted, up-to-date Trust Center. But w...

FedRAMP Moderate Equivalency for Cloud Service Providers Explained

Blog Published: 09/19/2024

Originally published by Schellman.Looking back, December 2023 was a big month for the Department of Defense (DoD). Not only did they release the 32 CFR Part 170 - Cybersecurity Maturity Model Certification (CMMC) Proposed Rule, but they also published a memorandum titled Federal Risk and Authoriz...

The Cloud Security Layer Cake: Modern Use Cases for PAM

Blog Published: 09/19/2024

Originally published by CyberArk.Written by Sam Flaster.Warm. Rich. Chocolatey. The way I see it, a proper chocolate layer cake is the best sensory experience a human can have. Let’s go a bit further still: good chocolate cake is the height of human achievement.In the world of enterprise IT, one ...

Overcoming Challenges in Governing Scanner Adoption - Step by Step

Blog Published: 09/19/2024

Originally published by Dazz.IntroductionReady to tackle a challenging topic for DevSecOps and security teams in the application security space? Ready or not—let’s talk about increasing and governing the adoption of scanners.The Application Security ProcessApplication security is a labyrinth with...

Current Challenges with Managing Permissions and API Keys

Blog Published: 09/18/2024

Recent CSA survey data shows that organizations are struggling to manage permissions and API keys. (API keys are the codes used to authenticate users and applications.) Keep in mind that API keys are also a type of non-human identity (NHI). An NHI is a digital construct used for machine-to-machin...

What You Need to Know About Cyber Extortion

Blog Published: 09/18/2024

Originally published by Veeam Software.Written by Javier Perez, Sr. Director of Product Marketing for Security at Veeam Software.Cyber extortion is no longer just a headline —it's a daily challenge for organizations. Protecting your organization requires more than just defenses; it’s about being ...

Fundamentals of Cloud Security Stress Testing

Blog Published: 09/18/2024

Originally published by Pentera.“Defenders think in lists, attackers think in graphs” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them.The traditional approach for defenders is to list secur...

The Cybersecurity Scene Over the Last 3 Years: Ways Businesses Are Changing and Succeeding

Blog Published: 09/17/2024

Written by Abel E. Molina, Principal Architect in Design Studio, Softchoice.IntroductionConsider the following challenge: You are presented by your leaders to tear down and remodel a cruise ship, while keeping the overall structure intact. Where do you begin? Which team/partners would you involve...

Cybercriminals Exploit Docusign with Customizable Phishing Templates

Blog Published: 09/17/2024

Originally published by Abnormal Security.Written by Daniel Kelley.Over the past month, we've noticed a surge in Docusign phishing emails targeting our customers. To further investigate this issue, we took one of the recent attacks stopped by Abnormal and searched for it on cybercrime forums and ...

The Edge Revolution: Transforming Experiences in a Hyperconnected World

Blog Published: 09/17/2024

Originally published by Tata Communications. Written by Neelakantan Venkataraman, Vice President and Global Head - Cloud and Edge Business, Tata Communications. In today’s ever-evolving IT landscape, the surge in data generation and the proliferation of IoT devices have created what we call a "...

Lean and Mean: Cutting Cybersecurity Costs Without Cutting Corners

Blog Published: 09/16/2024

Originally published by CXO REvolutionaries.Written by Rob Sloan, VP, Cybersecurity Advocacy, Zscaler.Deciding on the appropriate amount of funding for information security in the upcoming year is a tricky task. Despite gross domestic product rising, low unemployment, and falling inflation, there...

Top Threat #2 - Identity Crisis: Staying Ahead of IAM Risks

Blog Published: 09/16/2024

Written by CSA’s Top Threats Working Group.In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whether yo...

The Top 3 Trends in LLM and AI Security

Blog Published: 09/16/2024

How can enterprises accelerate AI adoption in a safe and secure manner?Originally published by Enkrypt AI.Written by Sahil Agarwal.As a Math PhD scholar and AI expert, I’ve had the pleasure of attending numerous industry conferences and listening to Fortune 100 executives on the latest AI trends....

Never Trust User Inputs—And AI Isn't an Exception: A Security-First Approach

Blog Published: 09/13/2024

Originally published by Tenable. Written by Rémy Marot. Artificial Intelligence (AI) is transforming industries and beginning to be widely adopted by software developers to build business applications. However, it’s critical that organizations ensure the security of their users, their data and ...

Burdens and Benefits of Shared Security Responsibility Model (SSRM) in Cloud Computing

Blog Published: 09/13/2024

Originally published by CAS Assurance. What is the SSRM?The SSRM is the concept in cloud computing that defines and assigns security responsibilities in the cloud ecosystem between the Cloud Service Providers (CSPs) and the Cloud Service Customers (CSCs). As with many things on the planet earth,...

5 Key Data Privacy and Compliance Trends in 2024

Blog Published: 09/13/2024

Originally published by Scrut Automation.SMBs Juggle Compliance, Competition, and Chaos This year has already seen some monumental changes in the works pertaining to data privacy and compliance. SMBs constantly need to make tradeoff and prioritization decisions when it comes to not only these thi...

IDC Analyst Brief Findings: Trust Centers Can Help Organizations Save Time and Accelerate Sales

Blog Published: 09/12/2024

Originally published by Vanta.It's never been more important for organizations to demonstrate their security practices in order to win the trust of customers. ‍Historically, companies have used static web pages to demonstrate their security posture. And while these can act as helpful marketing to...

What are OAuth Tokens, and Why are They Important to Secure?

Blog Published: 09/12/2024

Originally published by Astrix.What are OAuth Tokens? OAuth (Open Authorization) Tokens are Non-Human Identities that work as a secure authentication mechanism. They delegate access to third parties or external apps without exposing your environment’s sensitive credentials. Organizations that rel...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.