Cloud 101CircleEventsBlog
Join CSA's Virtual FinCloud Security Summit to explore cloud security solutions, emerging fintech trends, and best practices for secure, compliant financial services.

All Articles

All Articles
Test Time Compute

Blog Published: 12/13/2024

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR.Everyone seems to talk about Test-Time Computation or Test Time Compute (TTC) as a way to scale the reasoning capability of large language models (LLMs). What is it about and why is it important now? This blog post is a...

Achieving Cyber Resilience with Managed Detection and Response

Blog Published: 12/13/2024

Originally published by HCLTech.Written by B. Mani Shankar, Global Manager – MDR, Cyber Threat Intel & Incident Response Services, Cybersecurity, HCLTech. In today’s hyper-connected digital landscape, cyber threats have become more sophisticated, pervasive and difficult to detect. With bus...

Vulnerability Management Isn't About Finding Issues — It's About Fixing Them in Context

Blog Published: 12/13/2024

Originally published by Dazz.Written by Daniel Miessler.I think a lot about Vulnerability Management because I think it's a proxy for a lot that's wrong with Cybersecurity. Plus I've spent a long time doing it in various forms, culminating in building and running the VM program for Robinhood a wh...

CSA Community Spotlight: Auditing Cloud Security with CEO David Forman

Blog Published: 12/12/2024

As we celebrate 15 years of advancing cloud security, the Cloud Security Alliance (CSA) reflects on our role as the world’s leading organization dedicated to establishing and promoting best practices in cloud computing. Among our many initiatives, our auditing and compliance efforts stand out as ...

It’s Time for Ushered Access to Replace Free Reign for Third-Party Partners

Blog Published: 12/12/2024

Originally published by CXO REvolutionaries.Written by Maneesh Sahu, Contributor, Zscaler.Consider a familiar scene for office goers. Upon entering the building, employees, long-term contractors, and building staff typically swipe a key fob or a mobile key to gain access to the company office spa...

Level Up Your Cloud Security Skills With This Jam-Packed Training Bundle

Blog Published: 12/11/2024

Written by Kayla Mauriello.Seasoned cybersecurity professionals from CTOs to developers are facing a challenging situation: organizations transitioning to new cloud architecture are invariably exposed to new vulnerabilities that traditional security measures don’t address. Keeping pace with the e...

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

Blog Published: 12/11/2024

Written by Ella Siman, Wing Security.Originally published by The Hacker News.With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are a...

The Transformative Power of Multifactor Authentication

Blog Published: 12/11/2024

Written by Abel E. Molina, Softchoice."It is easier to resist at the beginning than at the end."- Leonardo da VinciThe quote stated above aligns perfectly with the principles of multifactor authentication (MFA), emphasizing early and proactive security measures. MFA requires users to provide mult...

The Service Accounts Guide Part 1: Origin, Types, Pitfalls and Fixes

Blog Published: 12/10/2024

Originally published by Astrix.Written by Tal Skverer.When you hear “Service Account” what comes to mind? Unrotated passwords? MSSQL Server 2008?Terminator-style robots? 🤖These “OGs of non-human identities” are the interconnection point between automated processes for accessing sensitive data, dr...

Strengthening Cybersecurity with a Resilient Incident Response Plan

Blog Published: 12/10/2024

Written by Itzik Alvas, Entro.As ransomware and phishing threats rise, having a robust Cybersecurity Incident Response Plan (CSIRP) has become essential. Forbes notes that 2023 saw a 72% spike in data breaches compared to 2021, largely from compromised non-human identities as well as email-driven...

New Report from Cloud Security Alliance Highlights Key Aspects of Data Resiliency in the Financial Sector

Press Release Published: 12/10/2024

Findings emphasize the importance of regulatory compliance, strategic cloud adoption, regional considerations, and the need for continuous improvement in security practices SEATTLE – Dec. 10, 2024 – Financial institutions (FIs) are cautiously but increasingly adopting cloud technologies, while si...

The European Union Artificial Intelligence (AI) Act: Managing Security and Compliance Risk at the Technological Frontier

Blog Published: 12/10/2024

Originally published by Scrut Automation.Written by Amrita Agnihotri.A growing wave of AI-related legislation and regulation is building, with the most significant example being the European Union’s (EU) Artificial Intelligence (AI) Act. In March 2024, European leaders passed this sweeping legisl...

From AI Agents to MultiAgent Systems: A Capability Framework

Blog Published: 12/09/2024

Written by Ken Huang, CEO of DistributedApps.ai and Co-Chair of AI Safety Working Groups at CSA.There is no clear and consensus definition of what an AI agent is in the literature. This article does not aim to define what an AI agent is. Rather, I focus on examining AI agents from a range of capa...

Microsoft Power Pages: Data Exposure Reviewed

Blog Published: 12/09/2024

Originally published by AppOmni.Written by Aaron Costello, Chief of SaaS Security Research, AppOmni.This blog post explores a significant data exposure issue within Microsoft Power Pages, a low-code SaaS platform, due to misconfigured access controls. It highlights how sensitive PII can be inadve...

Why Continuous Controls Monitoring is Not GRC: Transforming Compliance and Risk Management

Blog Published: 12/09/2024

Originally published by RegScale.Written by Esty Peskowitz.Governance, risk, and compliance (GRC) have long been the cornerstone of organizational operations, ensuring that enterprises adhere to regulatory standards and effectively manage risks. However, as technology continues to evolve at a sta...

CSA Community Spotlight: Filling the Training Gap with Dr. Lyron H. Andrews

Blog Published: 12/06/2024

Now celebrating 15 years of advancing cloud security, the Cloud Security Alliance (CSA) is proud to be the world’s leading organization dedicated to defining best practices for a secure cloud computing environment. Since our incorporation in 2009 and the release of our inaugural Security Guidance...

AI-Enhanced Penetration Testing: Redefining Red Team Operations

Blog Published: 12/06/2024

Written by Umang Mehta, Global Delivery Head and Member of the CSA Bangalore Chapter. In the ever-evolving world of cybersecurity, penetration testing has long been a cornerstone for identifying vulnerabilities and assessing the resilience of systems. Traditional penetration testing involves simu...

Systems Analysis for Zero Trust: Understand How Your System Operates

Blog Published: 12/05/2024

If you’re excited about building a Zero Trust architecture for your organization, we understand! Zero Trust is pretty much the ultimate security strategy. However, before diving headfirst into building out your architecture, you need to perform a comprehensive systems analysis.This analysis shoul...

Cyber Essentials Certification Cost and Related Expenses: A Detailed Breakdown

Blog Published: 12/05/2024

Originally published by Vanta.The Cyber Essentials assurance scheme is one of the best accreditations you can obtain for improving your organization's cybersecurity posture and reducing the risk of cyberattacks. It offers a robust set of controls you can implement to fortify the security of your ...

Evolutionary vs. Revolutionary Growth: Striking a Balance at Sunbelt Rentals

Blog Published: 12/05/2024

Originally published by CXO REvolutionaries.Written by JP Saini, CTO, Sunbelt Rentals, Inc.Every enterprise knows the importance of extending seamless connectivity to customers and employees without compromising security. The objectives seem – and sometimes are – at odds with one another. Best pr...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.