Cloud Security Alliance Issues Comprehensive Guidelines for Auditing Artificial Intelligence (AI) Systems, Beyond Compliance
Press Release Published: 11/14/2024
Paper presents a holistic overview and applicable methodology for impartially assessing intelligent systemsSEATTLE – Nov. 14, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure clou...
Non-Human Identity Management Program: Guide Step-by-Step
Blog Published: 11/14/2024
Originally published by Oasis Security.Written by Marta Dern.We’ve covered the ins and outs of Non-Human Identity (NHI) Management—what it is, why it matters, and the best practices for handling these digital identities. But how do you translate theory into action? What does the deployment of an ...
What Do the New NIST Password Guidelines Mean for Cloud Security?
Blog Published: 11/13/2024
Originally published by Skyhawk Security.Written by Jennifer Gill.The common joke around security folks is that everyone knows what a password is, but remembering their own passwords is challenging. Despite these challenges, passwords are an essential security mechanism. NIST is updating its reco...
5 Best Practices for Executive Reporting
Blog Published: 11/13/2024
Originally published by Vanta.Written by Toni Ng.In today's complex business landscape, effective executive reporting is not just about sharing information; it's about using the insights to take action and demonstrating the value of your compliance and security efforts. This blog outlines five es...
What is Cloud Workload in Cloud Computing?
Blog Published: 11/13/2024
Written by Ashwin Chaudhary, CEO, Accedere.Cloud workload refers to the various tasks, applications, services, and processes run in cloud computing environments. Cloud workloads allow for scalability, flexibility, and efficiency, enabling businesses and individuals to access and run applications ...
ConfusedPilot: UT Austin & Symmetry Systems Uncover Novel Attack on RAG-based AI Systems
Blog Published: 11/12/2024
Originally published by Symmetry Systems.Written by Claude Mandy.Executive SummaryResearchers at the Spark Research Lab (University of Texas at Austin)[1], under the supervision of Symmetry CEO Professor Mohit Tiwari uncovered a novel attack method, dubbed ConfusedPilot. This novel attack method ...
The EU AI Act Comes Into Force: How This Pioneering Legislation Impacts Your Organization
Blog Published: 11/12/2024
Originally published by Diligent.The EU AI Act comes into force on 1 August 2024. It is the world’s first comprehensive legislation designed to address artificial intelligence (AI) risks by establishing a set of rules and obligations aimed at safeguarding the health, safety, and fundamental right...
Data Warehousing Demystified: From Basics to Advanced
Blog Published: 11/08/2024
Originally published by Actian.Written by Fenil Dedhia.Understanding the BasicsWelcome to data warehousing 101. For those of you who remember when “cloud” only meant rain and “big data” was just a database that ate too much, buckle up—we’ve come a long way. Here’s an overview:What is a Data Wareh...
When a Breach Occurs, Are We Ready to Minimize the Operational Effects
Blog Published: 11/08/2024
Written by Dr. Vito Nozza, Softchoice.“Plan for what is difficult while it is easy, do what is great while it is small” Sun TzuI love to quote Sun Tzu, as the art of war is indicative of what cyber professionals go through on a daily grind. The offensive security mindset and techniques that are r...
Threat Report: BEC and VEC Attacks Continue to Surge, Outpacing Legacy Solutions
Blog Published: 11/08/2024
Originally published by Abnormal Security.Written by Callie Hinman Baron.While the way we work has evolved throughout the digital age, two constants remain: email is still the primary hub for professional communication, and employees are the weakest link in your cybersecurity chain. This combinat...
Mitigating GenAI Risks in SaaS Applications
Blog Published: 11/07/2024
Originally published by Valence Security and Forbes.Written by Jason Silberman.Artificial Intelligence (AI) tools have revolutionized the business landscape, offering unprecedented automation, efficiency, and innovation. Among these, Generative AI (GenAI) has gained particular traction for its ab...
The Future of Compliance: Adapting to Digital Acceleration and Ephemeral Technologies
Blog Published: 11/07/2024
Originally published by RegScale.Written by Ivy Shelby.As we move towards 2030, the landscape of governance, risk, and compliance (GRC) is undergoing a seismic shift. With the rapid digital acceleration, the pervasive adoption of cloud technologies, and the rise of ephemeral tech, organizations a...
Securing Staging Environments: Best Practices for Stronger Protection
Blog Published: 11/07/2024
Originally published by Entro.Written by Itzik Alvas.Staging environments often serve as the critical last step before pushing code to production, mirroring the setup used in live systems. However, these environments are often neglected in terms of security, making them prime targets for breaches...
Modernization Strategies for Identity and Access Management
Blog Published: 11/04/2024
Originally published by Britive.Shifting technology and access needs make identity and access management (IAM) a priority for all major organizations today. As infrastructure modernization efforts accelerate and businesses are increasingly adopting cloud-first approaches to their architecture and...
ChatGPT and GDPR: Navigating Regulatory Challenges
Blog Published: 11/04/2024
Originally published by Truyo.As artificial intelligence technologies like OpenAI’s ChatGPT advance, they encounter increasing scrutiny from regulatory bodies, particularly concerning data protection and privacy. The European Data Protection Board (EDPB) has been investigating whether ChatGPT com...
Dispelling the ‘Straight Line’ Myth of Zero Trust Transformation
Blog Published: 11/04/2024
Originally published by CXO REvolutionaries.Written by Guido Sacchi, Former Senior Executive Vice President and Chief Information Officer, Global Payments.Throughout my career, I always reacted to ideas of “zero trust” the same way. It sounds great in principle, but how do we execute on it? How d...
Empowering Snowflake Users Securely
Blog Published: 11/01/2024
Originally published by Normalyze.Written by Joe Gregory.Two security leaders address data sprawl, user access, compliance, and scaleI recently moderated a webinar titled Unlocking the Power of Snowflake about the top challenges organizations face today: how to maximize their Snowflake investment...
Zero Standing Privileges: The Essentials
Blog Published: 11/01/2024
Originally published by CyberArk.Written by Josh Kirkwood.In December, I’ll have been with CyberArk for seven years, and at a similar point, I’ll have spent two years leading product marketing for cloud security at the company. In my short tenure with CyberArk Product Marketing, I’ve advocated fo...
Identity Breaches in 2024 – An Ounce of Hygiene is Worth a Pound of Technology
Blog Published: 11/01/2024
Originally published by Pentera.Identity is a key to open a doorWho are you? Yes, you reading. Who are you?There’s probably a lot of ways you can answer that question, and that is because there are a lot of attributes that make up your identity. Let’s keep things simple because that’s what’s easy...
The EU Cloud Code of Conduct: Apply GDPR Compliance Regulations to the Cloud
Blog Published: 10/31/2024
The CSA Security Update podcast is hosted by John DiMaria, Director of Operations Excellence at CSA. The podcast explores the CSA STAR program, cloud security best practices, and associated technologies. In this blog series, we edit key podcast episodes into shorter Q&As. Today’s post expl...