Cloud 101CircleEventsBlog
Join us at CSA's third annual Virtual Zero Trust Summit from November 20 - 21. Register now!

All Articles

All Articles
How Multi-Turn Attacks Generate Harmful Content from Your AI Solution

Blog Published: 09/30/2024

A simple yet powerful way to break Generative AI chatbots Written by Satbir Singh, Enkrypt AI.Generative AI models have improved detecting and rejecting malicious prompts. And most models have basic safety alignment training to avoid responding to queries such as: “How can I commit financi...

Implementing the Shared Security Responsibility Model in the Cloud

Blog Published: 09/27/2024

CSA's Cloud Trust Summit 2024 featured an expert panel discussion about v2 of our CCM v4.0 Implementation Guidelines. Led by CSA's Lefteris Skoutaris, the panelists included:David Skrdla, Senior IT Auditor, Internal Audit, American Fidelity Corp/CamGen PartnersKerry Steele, Principal, Payments an...

Massive NHI Attack: 230 Million Cloud Environments Were Compromised

Blog Published: 09/27/2024

Originally published by Astrix.Massive NHI Attack: Insecure AWS Stored Credentials Lead to Compromise of 230 Million Cloud Environments. Researchers from Unit 42 have uncovered a sophisticated and large-scale cyberattack targeting over 230 million AWS, cloud and SaaS environments. The attack expl...

How to Prepare for Inevitable Risks to Your SaaS Data

Blog Published: 09/26/2024

Written by Mike Melone, Sr. Content Marketing Manager, Own Company.The phrase "it's not if, it's when" has been echoed in cybersecurity circles for years, but it’s never rang truer than it does now. In Q2 2024, Check Point Research saw a 30% YoY increase in cyber attacks globally, reaching 1,636 ...

How to Set Up Your First Security Program

Blog Published: 09/26/2024

Originally published by Vanta.There's no one size fits all when it comes to setting up your organization’s first security program. Each organization has a unique set of business needs, guardrails to implement, and data it needs to protect, which is why it’s important to remember that every securi...

CSA Community Spotlight: Promoting Data Security Best Practices with Compliance Officer Rocco Alfonzetti, Jr.

Blog Published: 09/25/2024

Celebrating 15 years of advancing cloud security, CSA has established itself as a leader in defining best practices and fostering collaboration within the industry. Since its founding in 2009, CSA's success has been deeply rooted in the innovative work of its research working groups, which drive ...

Betting on the Bank: Why People Trust Banks with Their Data

Blog Published: 09/25/2024

Written by Anastasios Arampatzis. Building and maintaining trust in data handling practices is critical for businesses in every industry. Trust is the foundation of long-lasting relationships between companies and consumers, directly impacting consumer loyalty, brand reputation, and, ultimately,...

What are the Benefits of a Social Engineering Campaign?

Blog Published: 09/25/2024

Originally published by Schellman.For as long as the concept of cybersecurity has been around, much of the focus has centered on sophisticated technical controls—firewalls, password strength, network segmentation, endpoint protection, encryption, etc. And while implementation and regular testing ...

What is the CSA STAR Program? An Intro for Beginners

Blog Published: 09/24/2024

Has someone brought up the CSA STAR Program or the CSA Cloud Controls Matrix and you have no idea what that means? This blog is the place to start for all of you non-IT professionals and cloud newbies.Cloud computing is a way to access computer resources (including networks, servers, storage, app...

AI Regulation in the United States: CA’s ADMT vs American Data Privacy and Protection Act

Blog Published: 09/24/2024

Originally published by Truyo.In the evolving landscape of artificial intelligence (AI) regulation, the United States finds itself at a crossroads, with two significant pieces of legislation vying to shape the future of AI governance: the California Automated Decisionmaking Technology law and the...

8 Ways to Reduce Data Storage Costs

Blog Published: 09/24/2024

Originally published by Normalyze.Written by Vamsi Koduru.Many organizations don’t store their data. They hoard data.Too often, organizational data accumulates in a never-ending cycle of unnecessary duplication and hoarding. As a result, they suffer ever-growing data storage fees and significant ...

Is Your Production Data Secure? That’s a Hard NO.

Blog Published: 09/23/2024

Originally published by Paperclip.Written by Mike Bridges.The culture of cybersecurity and data protection is broken. Let’s look at it from a unique point of view. You’ve got an employee who is terrible at their job, consistently makes mistakes, and puts the company in harm’s way. Even worse, whe...

Continuous Compliance Monitoring: A Must-Have Strategy

Blog Published: 09/23/2024

Originally published by BARR Advisory. Written by Cody Hewell and Brett Davis. A report by Proofpoint indicated that nearly 70% of CISOs feel their organization is at risk of experiencing a material cyber attack in the next 12 months. While annual assessments and audits will help your organizati...

Building a Resilient Manufacturing Environment Through Zero Trust OT Cybersecurity Controls

Blog Published: 09/23/2024

Originally published by CXO REvolutionaries.Written by Suvabrata Sinha, CISO in Residence, Zscaler.IntroductionIn the past five years, multiple crises and disruptions have introduced a new word to the lexicon: “resilient manufacturing.” This is an approach not pivoted on cost, productivity, or pr...

Leveraging Zero-Knowledge Proofs in Machine Learning and LLMs: Enhancing Privacy and Security

Blog Published: 09/20/2024

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR.I recently attended Cloud Security Alliance's AI Controls Working Group's face-to-face meetings in Seattle. One interesting question was asked by one of our participants on if zero-knowledge proofs (ZKPs) are used in ma...

The Metadata Minefield: Protecting All Your Sensitive Data

Blog Published: 09/20/2024

Originally published by Symmetry Systems.Written by Claude Mandy, Chief Evangelist for Data Security, Symmetry Systems.When determining the sensitivity of data, it’s easy to focus solely on the content itself. However, the metadata associated with data can potentially expose other just as sensiti...

Building a Comprehensive Trust Center

Blog Published: 09/20/2024

Originally published by Vanta.In today's digital landscape, trust is paramount. Customers want to know that their data is secure and that they can rely on the companies they do business with. ‍One of the best ways to provide this assurance is through a well-crafted, up-to-date Trust Center. But w...

FedRAMP Moderate Equivalency for Cloud Service Providers Explained

Blog Published: 09/19/2024

Originally published by Schellman.Looking back, December 2023 was a big month for the Department of Defense (DoD). Not only did they release the 32 CFR Part 170 - Cybersecurity Maturity Model Certification (CMMC) Proposed Rule, but they also published a memorandum titled Federal Risk and Authoriz...

The Cloud Security Layer Cake: Modern Use Cases for PAM

Blog Published: 09/19/2024

Originally published by CyberArk.Written by Sam Flaster.Warm. Rich. Chocolatey. The way I see it, a proper chocolate layer cake is the best sensory experience a human can have. Let’s go a bit further still: good chocolate cake is the height of human achievement.In the world of enterprise IT, one ...

Overcoming Challenges in Governing Scanner Adoption - Step by Step

Blog Published: 09/19/2024

Originally published by Dazz.IntroductionReady to tackle a challenging topic for DevSecOps and security teams in the application security space? Ready or not—let’s talk about increasing and governing the adoption of scanners.The Application Security ProcessApplication security is a labyrinth with...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.