Threats to Water: The Achilles’ Heel of Critical Infrastructure
Blog Published: 04/08/2024
Originally published by CXO REvolutionaries.Written by David Cagigal, Former CIO of the State of Wisconsin.Recent cyberattacks on the water industry raise the prospect of more frequent, widespread, damaging incidents that threaten disruption to lives and livelihoods. I know the chaos that stems f...
Why Do SOC Reports Have to Be Issued By a CPA Firm?
Blog Published: 04/08/2024
Originally published by MJD.Written by Chris Giles, CPA, Senior Manager, MJD.Q: Why do SOC reports have to be issued by a CPA firm?A: MJD AnswerThe simple answer is that SOC engagements are performed in accordance with standards set by the American Institute of Professional Accountants (AICPA). T...
Insider Data Breach at US Telecom Provider is a Wake-Up Call for HR Information Systems Security
Blog Published: 04/08/2024
Originally published by Adaptive Shield.Written by Hananel Livneh. A major player in the US telecommunications industry, with over 117,000 employees, recently experienced an insider data breach that has impacted nearly half of its workforce. The breach, discovered on December 12, 2023, occurred o...
Navigating Your Cloud Journey in 2024: Key Resources from the Cloud Security Alliance
Blog Published: 04/05/2024
Written by Nicole Krenz, Web Marketing Specialist, CSA.The cloud security landscape is ever-evolving, presenting new opportunities and challenges, especially in the realms of AI, compliance and governance, and continuous security education and advancement. The Cloud Security Alliance (CSA) is at ...
The Modern Data Stack Has Changed the Security Landscape
Blog Published: 04/05/2024
Written by Uday Srinivasan, CTO, Acante.The way businesses analyze, transform and share data has radically changed over the past few years. We are in the post-Hadoop era with the Apache Software Foundation retiring over 10 Hadoop-related projects over the last three years. The shift of enterprise...
How the Sys:All Loophole Allowed Us to Penetrate GKE Clusters in Production
Blog Published: 04/05/2024
Originally published by Orca Security. Written by Ofir Yakobi. Following our discovery of a critical loophole in Google Kubernetes Engine (GKE) dubbed Sys:All, we decided to conduct research into the real-world impacts of this issue. Our initial probe already revealed over a thousand vulnerable G...
CSA Turns 15: Kicking Off the Next 85 Years of Cloud Security Excellence
Blog Published: 04/04/2024
As we celebrate the 15th anniversary of the Cloud Security Alliance (CSA), I'm compelled to marvel at our journey from ambitious upstarts to a critical global stakeholder for cybersecurity. Our goal, audacious as it may sound, is not just to leave a mark on the cloud security landscape, but to et...
Runtime is the Way
Blog Published: 04/04/2024
Originally published by Sysdig. Written by James Berthoty. The cloud security market has been totally bizarre ever since it started. Why are we being given a python script to count our workloads? How do we handle sending alerts like “new unencrypted database” to a SOC? What’s the difference betwe...
Detecting Compromised Accounts in Microsoft 365
Blog Published: 04/04/2024
Originally published by InsiderSecurity.IntroductionIn today's digital age, cybersecurity is of paramount importance, with organizations facing an ever-evolving landscape of cyber threats and attacks. InsiderLab (our dedicated team of cybersecurity experts) conducts in-depth research and analysis...
CSA Community Spotlight: Establishing Cloud Security Standards with Dr. Ricci Ieong
Blog Published: 04/03/2024
CSA began establishing standards for cloud security assurance and compliance back in 2009, when the company was officially incorporated and we released the first version of our cloud security best practices. The following year, we developed the Cloud Controls Matrix (CCM), and in 2012, the CSA Se...
Designed to Deceive: 6 Common Look-alike Domain Tactics
Blog Published: 04/03/2024
Originally published by Abnormal Security.Written by Mick Leach.With threat actors lurking around every digital corner, it can sometimes make scrolling through an inbox feel like traversing a minefield. Employing various strategies to deceive their targets, attackers count on end-user oversight t...
More Than Half of Organizations Plan to Adopt Artificial Intelligence (AI) Solutions in Coming Year, According to Report from Cloud Security Alliance and Google Cloud
Press Release Published: 04/03/2024
Significant Generative AI (GenAI) adoption expected in 2024, driven by C-suite prioritizationSEATTLE – April 3, 2024 – A new survey from the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure ...
Key Findings from the 2024 State of Application Security Report
Blog Published: 04/03/2024
Originally published by CrowdStrike. As organizations shift their applications and operations to the cloud and increasingly drive revenues through software, cloud-native applications and APIs have emerged among the greatest areas of modern security risk. According to publicly available data, eigh...
Privacy Isn't Just About Data: It's About Dignity
Blog Published: 04/02/2024
Written by Dr. Chantal Spleiss, CSA AI Governance and Compliance Working Group Co-Chair.The consequences of a privacy breach extend far beyond data loss, potentially triggering deep feelings of shame. Less than 15% of countries do not have or are drafting a privacy law emphasizing the huge import...
How We Can Help Corporate Boards with Cybersecurity
Blog Published: 04/02/2024
Originally published by RegScale. Recently the Wall Street Journal featured an article titled Why Corporate Boards Need More Cybersecurity Experience, and it got me thinking about what we can do to help them; we can do a lot. What’s the situation you ask? According to the WSJ, “Directors currentl...
Cloud Security Alliance Artificial Intelligence (AI) Webinar Series Will Address Pivotal Cloud Computing Topics in Leadup to AI Summit at RSA
Press Release Published: 04/02/2024
Thought-leadership webinars to provide key insights on elevating organizations’ cybersecurity postureSEATTLE – April 2, 2024 – Throughout the month of April, the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to ...
“Toxic Combinations” are Inadequate: A Case Study
Blog Published: 04/02/2024
Originally published by Skyhawk Security.Written by Chen Burshan, CEO, Skyhawk Security.Posture management has turned into an exercise in prioritization, but this hasn’t made us safer.If a Tree Falls in the Forest…We all know the adage, “If a tree falls in the forest and nobody is there to hear i...
UN AI Resolution, EU AI Act, and Cloud Security Alliance's Recent Efforts: Draft White Paper on AI Organizational Responsibility for Core Security
Blog Published: 04/01/2024
In a world where artificial intelligence (AI) is rapidly becoming an integral part of our lives, ensuring its secure and responsible development and deployment is more critical than ever. The Cloud Security Alliance (CSA) has taken a significant step forward in this direction with the release of ...
10 Essential Identity and Access Management (IAM) Terms
Blog Published: 03/30/2024
Identity and access management is kind of a big deal. People are working from anywhere and everywhere on all kinds of devices, so it's essential to know who's who in the digital world and to confirm that our digital communications are secure. If you’re just starting out on your IAM journey, don’t...
The Elephant in the Cloud
Blog Published: 03/29/2024
Originally published by Pentera.Written by Aviv Cohen.As much as we love the cloud, we fear it as well.We love it because cloud computing services of Amazon, Azure, and Google have transformed operational efficiency and costs, saving us money, time, and alleviating much of the IT burden. We also ...
