Cloud 101CircleEventsBlog
Help shape cloud security standards! Join CSA’s Cloud Controls Matrix (CCM) Working Group.

CSA Official Press Release

Published 01/29/2025

Cloud Security Alliance Releases Comprehensive Guide to Navigating Artificial Intelligence (AI) Governance, Security, and Management

Cloud Security Alliance Releases Comprehensive Guide to Navigating Artificial Intelligence (AI) Governance, Security, and Management

Report equips organizations with the knowledge and strategies necessary to harness the power of AI responsibly and effectively

SEATTLE – Jan. 29, 2025 – Today, the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, released AI Organizational Responsibilities: AI Tools and Applications, the third in a series of reports centered on AI organizational responsibilities. In this report, the focus shifts to the practical implementation of AI within organizations and explores the tools, applications, supply chains, and other essential components necessary to deploy AI-driven systems successfully.

“By focusing on the practical aspects of AI adoption and management such as those covered in this report, we are equipping organizations with the essential knowledge and strategies they will need to adopt and manage AI effectively and responsibly, while also addressing the practical challenges of this fast-changing technological landscape,” said Ken Huang, co-chair of the AI Organizational Responsibilities Working Group and a lead author of the paper.

Drafted by CSA’s AI Organizational Responsibilities Working Group, the paper offers structured frameworks and practical guidance to organizations in three critical AI governance and management areas:

  • Large Language Models (LLMs) and Generative AI (GenAI) App/Tools Security, which discusses these systems' unique security challenges and focuses on the security aspects of LLMs and GenAI applications
  • Third-party/supply chain management, which focuses on the complex landscape of third-party and supply chain management in AI and underscores the importance of robust supply chain management in ensuring AI technologies' security, reliability, and ethical use
  • Additional AI implementation and operations considerations (e.g., employee use of GenAI tools, the operationalization of GenAI for Security Operations Centers, and the distinctions between AI and traditional IT responsibilities), highlighting the broader organizational implications of AI adoption and the need for clear policies and guidelines

Each area is examined through six key lenses — evaluation criteria, responsibility (RACI Model), high-level implementation strategy, continuous monitoring and reporting, access control mapping, and adherence to AI standards and best practices — providing organizations a practical guide for implementing and managing AI systems responsibly and securely.

“As AI technologies evolve and their adoption expands across industries, the need for strong governance, security protocols, and ethical considerations becomes increasingly critical. Organizations must remain vigilant, keeping up with emerging AI regulations, evolving best practices, and emerging security threats unique to AI systems,” said Michael Roza, co-chair Top Threats Working Group and a lead author of the paper.

To learn more, download AI Organizational Responsibilities: AI Tools and Applications. For additional background, download AI Organizational Responsibilities: Core Security Responsibilities, which examines critical security aspects and offers insights into safeguarding AI systems against emerging threats, and AI Organizational Responsibilities: Governance, Risk Management, Compliance, and Cultural Aspects, which focuses on governance, risk management, and compliance (GRC), addressing organizations' legal, ethical, and regulatory challenges when adopting AI technologies.

The AI Organizational Responsibilities Working Group is committed to pioneering and setting industry standards for the definition of roles and responsibilities within security teams, specifically adapted to the emerging challenges and opportunities presented by AI technologies. It aims to identify the shifts in tasks and knowledge bases that are imperative for various security sub-teams, such as product security and detection and response teams, in the age of AI. Individuals interested in becoming involved in future research and initiatives are invited to join the working group.

About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

Media Contacts
Kristina Rundquist
ZAG Communications for the CSA
kristina@zagcommunications.com

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.