Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
AI Controls Matrix (AICM)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
AI Controls Matrix (AICM)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
CSAIChaptersEventsBlog
Join the Tenable Exposure Management Conference in Boston from May 19–21 to explore modern exposure management and AI risk. Register for EXPOSURE 2026 →

From Cloud to AI: Building Security Programs That Scale

Published 04/24/2026

Home
Industry Insights
From Cloud to AI: Building Security Programs That Scale
Written by Sean Martin, Co-Founder of ITSPmagazine.

At RSAC Conference 2026, Sean Martin caught up with Rich Mogull at the Cloud Security Alliance (CSA) booth for a candid on-site conversation about where enterprise security programs stand today -- and what it actually takes to keep pace with AI. Mogull, who joined CSA as Chief Analyst in October 2025, brings a practitioner's instinct to a research-first organization. The result is a new membership model designed not just to produce guidance, but to help organizations act on it.

 

What Does the Cloud Security Alliance Actually Cover?

CSA is best known for cloud security, but Mogull is quick to point out that the organization operates across three distinct pillars: cloud, zero trust, and AI. The connection is not arbitrary. Zero trust principles emerged in large part as a response to cloud adoption, and AI workloads are predominantly cloud-native. Each pillar represents a transformational technology that security teams have had to absorb without a clear roadmap -- and that is precisely where CSA has tried to fill the gap.

"Our sweet spot is these transformational, disruptive technologies," Mogull explains. He traces his own journey back to 2009, when cloud was still a fringe concept, and notes that existing security practices rarely translate cleanly into new paradigms. The frameworks that work well for on-premises environments do not map neatly onto cloud-native architectures, and the same challenge is now repeating itself with AI. CSA's role, as Mogull sees it, is to get ahead of that curve through rigorous, practitioner-informed research.

 

What Is the AI Security Maturity Model and Why Does It Matter?

The AI Security Maturity Model gives enterprise security teams a structured lens for assessing and improving their AI security posture. Unlike generic capability frameworks, it is built around measurable outcomes, key performance indicators, and categories specific to AI environments -- including model security, AI infrastructure, agentic applications, MCP servers, and AI developer enablement. The model is currently in its final review phase after receiving more than 600 comments from 60 international reviewers.

Mogull designed the model as a practical companion to CSA's existing Cloud Security Maturity Model, which he also authored. The approach is consistent: define the journey, build in measurable KPIs, and make the outputs as automatable as possible so organizations can connect tools like cloud security posture management platforms directly to their maturity tracking. "My focus is always how do I make something a usable tool, not just an interesting piece of research," he says. The AI model extends that philosophy into a domain where practitioners often feel they are flying blind.

 

How Is CSA Helping Organizations Move From Research to Implementation?

Producing research is one thing. Helping organizations apply it is another. Mogull joined CSA in part because he recognized that gap firsthand -- spending years as an independent consultant helping clients implement the very frameworks CSA had produced. That model does not scale. So one of his primary mandates is to build scalable support structures directly into the membership program.

CSA's new Enterprise Membership tiers -- announced in March 2026 -- center on what Mogull calls the Operational Maturity Roadmap. Members begin with an onboarding assessment, then work with CSA analysts on a monthly basis to receive specific, structured guidance tied to their maturity level across cloud, AI, and zero trust. The program culminates in an annual progress report tracking measurable improvement against defined goals. "I want to deliver better outcomes," Mogull says. "Not just research on a shelf, but evidence that an organization has actually moved." The three-year arc runs from foundational through operationalization to external communications -- including support for completing STAR registry entries and the Consensus Assessment Initiative Questionnaire.

Watch the full Brand Spotlight conversation with Rich Mogull and explore the Cloud Security Alliance's research, maturity models, and membership programs. Connect with Rich Mogull on LinkedIn.

Cloud Security Services ManagementZero TrustConsensus AssessmentsSTARArtificial IntelligenceEvents

Share this content on your favorite social network today!

Core Cloud
Related Resources
Top Threats to Cloud Computing
The eleven salient threats, risks, and vulnerabilities in the cloud.
Certificate of Cloud Security Knowledge (CCSK)
The industry's standard cloud security credential.
Corporate Membership
Gain knowledge and connections in the cloud industry.
Latest from CSA
Enterprise AI Security Starts with AI Agents
Using Zero Trust to Counter Identity Spoofing & Abuse
Attend the Agentic AI Security Summit & Receive 50% Off TAISE Training
Unlock Cloud Security Insights

Unlock Cloud Security Insights

Choose the CSA newsletters that match your interests:

Subscribe to our newsletter for the latest expert trends and updates

Enhance your cloud security skills with CSA's online training options.
Related Articles:
We are Fixing the Wrong Problem in Non-Human Identity Security

Published: 04/23/2026

How to Choose the Right AI Standard: A 7-Point Guide

Published: 04/22/2026

Software Supply Chain Security Needs an Upgrade

Published: 04/21/2026

New Cloud Security Alliance Survey Reveals 82% of Enterprises Have Unknown AI Agents in Their Environments

Published: 04/21/2026