Cloud Security Alliance

Originally published by Normalyze.Written by Joe Gregory.Two security leaders address data sprawl, user access, compliance, and scaleI recently moderated a webinar titled Unlocking the Power of Snowflake about the top challenges organizations face today: how to maximize their Snowflake investment, provide secure user access, and address the challenges of data sprawl and visibility, compliance, and scale. With 86% of tech leaders acknowledging that their cloud systems generate more data than t…

Originally published by Pentera.Identity is a key to open a doorWho are you? Yes, you reading. Who are you?There’s probably a lot of ways you can answer that question, and that is because there are a lot of attributes that make up your identity. Let’s keep things simple because that’s what’s easy: name, date of birth, address, and phone number. These are data points you may find on a driver’s license or an online profile. Your identity is not limited to those examples, however. Your identity …

Originally published Vanta.Most organizations today are heavily reliant on technology, regardless of the product or service they provide. This expands their data exposure points and potential attack surface, which is why there is a significant need to monitor the risks and vulnerabilities in the cybersecurity landscape.Cyber Essentials certification is a comprehensive cybersecurity strategy involving vigilance over various scattered technologies, policies, and controls. It offers a systematic…

Originally published by Richey May.In today’s cybersecurity landscape, threats are more than just a cautionary tale—they’re a daily reality, and ransomware tops the list of concerns. This aggressive form of cyberattack can grind operations to a halt and compromise sensitive data. Keep reading, we’ll unpack how ransomware works, break down its mechanics and highlight how businesses can effectively arm themselves against it.What is Ransomware?Ransomware is malicious software designed to steal a…

Report also found that over 75% of enterprises are using two or more IDPs and struggle to manage access controls and consistent security policiesSEATTLE – Oct. 30, 2024 – Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State…

In today’s rapidly evolving security landscape, it can be overwhelming to manage multiple frameworks, especially for organizations striving for excellence in cloud security. The CSA Cloud Controls Matrix (CCM) is a gold standard in cloud security governance, providing a detailed map of best practices. However, if you already have an ISO/IEC 27001 Information Security Management System (ISMS) in place, how do you address the additional requirements of the CCM without reinventing the wheel? The…

Paper bridges gap between traditional information technology security methodologies and the unique demands of critical infrastructure sectorsSEATTLE – Oct. 29, 2024 – In today’s interconnected world, critical infrastructure (CI) sectors face an ever-evolving landscape of cyber and physical threats. As these sectors embrace digital transformation and the convergence of operational technology (OT) and information technology (IT), the need for robust, adaptable security strategies has never been…

Originally published by Schellman.ISO/IEC 42001:2023 is rapidly becoming the global standard for Artificial Intelligence (AI) governance. While it is a close cousin of ISO/IEC 27001:2022, ISO 42001—rather than focusing primarily on cyber and information security—takes a more holistic approach to risk management for AI systems.At StackAware, they chose to implement ISO 42001 and subsequently performed the AI risk assessment, impact assessment, and risk treatments required to comply with the fr…

CSA extensively leverages the Cloud Controls Matrix (CCM) to enhance security practices across various domains of cloud research. The CCM is a comprehensive cloud security framework consisting of 197 security control objectives. The main purpose of the framework is to help organizations address the unique challenges of cloud computing. However, the CCM also acts as a foundational tool for other CSA research initiatives.In this blog, learn directly from our research team how they use the CCM i…

Originally published by CXO REvolutionaries.Written by Nat Smith, Sr. Director, Product Management, Zscaler.Not long ago, companies were hesitant to disclose cyber incidents, fearing a backlash and damage to their reputations, and a loss of customer trust. In 2017, Equifax waited six weeks to disclose that sensitive customer information had leaked, helping make it one of the most iconic breaches in history. Recent trends suggest that the tide is turning, with more and more companies putting g…

Originally published by Devoteam.The Gartner Security & Risk Management Summit 2024 hammered home the need for a proactive and resilient approach to cybersecurity. Sure, there were plenty of shiny new technologies and strategies on display, but the biggest takeaway for me was the resounding emphasis on a people-centric approach to security and cyber resilience. This resonated with me, because it aligns perfectly with the core principles of the Alert Readiness Framework (ARF).Simon Sinek f…

Written by CSA’s AI Organizational Responsibility Working Group.In today’s rapidly evolving technological landscape, the rise of Shadow AI poses a significant challenge to organizations. Shadow AI refers to unauthorized or undocumented AI systems within an organization, which can compromise security, compliance, and overall control of AI operations. Drawing from CSA’s recent AI Organizational Responsibilities publication, this blog will explore the essential strategies for implementing a comp…

The CSA Security Update podcast is hosted by John DiMaria, Director of Operations Excellence at CSA. The podcast explores the CSA STAR program, cloud security best practices, and associated technologies. In this blog series, we edit key podcast episodes into shorter Q&As. Today’s post explores how the European Union (EU) Cloud Code of Conduct can help cloud service providers comply with GDPR. Special guest Gabriela Mercuri of SCOPE Europe shares her insights. Take away valuable knowled…

As we move toward 2025, the adoption of multi-cloud and hybrid cloud is continuing to accelerate. While the benefits are manifold, it also means that organizations have significant challenges when securely integrating hybrid and cloud identity systems.Just some of these challenges identity and access management (IAM) leaders are grappling with include high costs related to technical debt, a pronounced talent gap, and vendor lock-in. In 2025 it will be critical to have robust identity manageme…

Originally published by Tenable. Written by Zan Liffick. Recent cloud security guidance from CISA and the NSA offers a wealth of recommendations to help organizations reduce risk. This blog highlights key takeaways, provides further insights from CIS, and explores how utilizing cloud security posture management (CSPM) and cloud-native application protection program (CNAPP) solutions/services can help. The cloud security best practices from CISA and the NSA The five cloud security best…

Written by Mark Fishburn and originally published on his website.1. Daytime Stress and Sleepless Nights Managing cybersecurity, networks, workloads, and websites can be stressful, especially when many things go bump simultaneously in the middle of the night. During calmer daytime moments, we rationalize decisions, selecting the right defensive or application architecture, analyzing problems, balancing business and technical requirements, based on logical thinking. 2. Reality Check When w…

Paper provides comprehensive, industry-neutral guidelines and best practices for various stakeholders, from CISOs and AI developers to business leaders and policymakersSEATTLE – Oct. 22, 2024 – Driven by the need to address the evolving landscape of Artificial Intelligence (AI) and its associated risks and ethical considerations, the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud…

Originally published by Normalyze.Written by Vamsi Koduru.Data is the backbone of your organization’s success—fueling informed decision-making, streamlining operations, enhancing customer experiences, and driving innovation. But without proper governance, you may not achieve these benefits. That’s where Data Access Governance (DAG) comes into play. DAG ensures that the right users have access to the right data, unlocking its full potential while reducing operational costs and mitigating risk….

Originally published by Truyo.As artificial intelligence (AI) continues to permeate various aspects of our lives, understanding the regulatory frameworks governing its development and application is becoming increasingly important. From the United States to China, different countries are adopting diverse approaches to regulate AI, each with its own set of considerations and implications. In this comprehensive overview, we’ll delve into the AI regulations of several key countries, examining th…

Written by Ashwin Chaudhary, CEO, Accedere.Organizations are quickly moving to cloud environment in today’s digital landscape due to it’s potential for cost savings, scalability, and flexibility. But this change also brings a complicated new set of compliance and security issues. Here are AI cloud security compliance technologies, cutting-edge fixes made to assist companies in overcoming these obstacles for maintaining strong security postures. What is AI Cloud Security Compliance? Artificial…