Cloud Security Alliance

Written by Satyavathi Divadari, Founder and President of the CSA Bangalore Chapter, in collaboration with the AI Technology and Risk Working Group.In the fast-paced world of media, where delivering authentic news quickly is essential, cybersecurity plays a critical role in protecting data, ensuring privacy, and upholding journalistic standards. With my experience as a Director of Cybersecurity for a media company, I’ve observed the complexities of implementing cybersecurity in the media indus…

Originally published by Schellman.Written by Jordan Hicks.Generally, with new cybersecurity regulations, organizations affected are provided a “grace period” to make the necessary adjustments to achieve full compliance before enforcement begins. Looking toward the horizon and 2025, many new laws will be coming into full effect, which means organizations will now likely be subject to various penalties if they’re not ready and haven’t satisfied all relevant requirements.So, are you ready? We kn…

Written by Vito Nozza, Softchoice.“The power of visibility can never be underestimated” Margaret ChoAs many of you have read my past blogs, I like to quote individuals who have had experience in certain subjects. Although the above quote was meant for a different context, it bears true for this conversation. The value in the adoption of cloud-based services has skyrocketed over the last 10 years. The ability for companies to utilize the cloud’s flexible, scalable, and cost-effective computing…

Award honors volunteers for their valuable contributions towards fulfilling CSA’s mission of promoting best practices to help ensure a secure cloud computing environmentSEATTLE – Nov. 20, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is pleased to announce the winners of the 2024 Juanita Koilpillai Award. The award, first established in 2012 as the Ro…

As the Cloud Security Alliance (CSA) celebrates its 15th anniversary, we reflect on the pivotal role CSA volunteers and contributors have played in shaping the future of cloud security. Founded in 2009, CSA quickly established itself as an instrumental leader in the cloud security space, dedicated to defining and promoting best practices for securing the cloud. These best practices are realized in our cloud security-specific research publications, training programs, professional certificates,…

Written by CSA’s Top Threats Working Group.In this blog series, we cover the key security challenges from CSA’s Top Threats to Cloud Computing 2024. Drawing from insights of over 500 experts, we’ll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whether you’re a professional or a beginner, this series offers a clear guide to the evolving cloud security landscape.Today’s post covers the #5 top threat: Insecure Third-Party Resources.What is Cybersecurity…

Originally published by Valence.Written by Jason Silberman.The digital world is constantly changing, and with it, the methods used to secure sensitive information. Decisions made years ago continue to shape today’s landscape. The inception of Gmail by Google marked a pivotal moment in history, setting the foundation for the Google Account as we know it today. Unfortunately, the platform’s early choices still cast a shadow on today’s security posture for everyone who uses it. This blog post wi…

Originally published by BARR Advisory.Artificial intelligence (AI) is transforming the way businesses operate across industries, driving advancements in automation, decision-making, and customer experiences. From healthcare to finance, AI has unlocked new opportunities for efficiency and innovation. However, with this rapid evolution comes a new set of challenges. As AI becomes more integrated into business processes, organizations must address the risks posed by these emerging technologies, …

Originally published by Britive.Groups make it easier to assign permissions to multiple users at once, reducing the administrative burden and shortening delays on getting appropriate levels of access. Traditional identity governance and administration (IGA) solutions have been pivotal in managing roles and groups across various systems within organizations. However, as organizations expand and modernize their cloud footprint, the limitations of traditional IGA solutions and utilizing groups f…

Originally published by CXO Revolutionaries.Written by Christopher Jablonski, Director, CXO REvolutionaries & Community.Improving the user experience is a top priority as businesses adapt to hybrid work, increase usage of SaaS applications, and new business demands. Everyone — employees, partners, and customers — seems to expect the digital world to operate flawlessly. But from an IT perspective, it’s a daily struggle. The good news is that solutions are emerging that use AI to identify i…

Paper presents a holistic overview and applicable methodology for impartially assessing intelligent systemsSEATTLE – Nov. 14, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Artificial Intelligence (AI) Risk Management: Thinking Beyond Regulatory Boundaries. Drafted by CSA’s AI Governance & Compliance Working Group, the document…

Originally published by Tamnoon.As businesses continue migrating to the cloud and expanding their cloud footprint, scaling remediation of misconfigurations and reducing cloud threat exposure becomes a continuous battle for SecOps teams. Managed cloud security services offer the much-needed solution for cloud security teams; what MDR is to SOC teams, managed cloud security services are to security engineers. In this post, we’ll explore six key benefits of managed cloud security in 2024, and wh…

Originally published by Oasis Security.Written by Marta Dern.We’ve covered the ins and outs of Non-Human Identity (NHI) Management—what it is, why it matters, and the best practices for handling these digital identities. But how do you translate theory into action? What does the deployment of an effective NHI Management program look like in practice?Just like any successful initiative, a solid plan is the foundation. As Antoine de Saint-Exupéry said, “A goal without a plan is just a wish”—and…

Originally published by Vanta.Written by Toni Ng.In today’s complex business landscape, effective executive reporting is not just about sharing information; it’s about using the insights to take action and demonstrating the value of your compliance and security efforts. This blog outlines five essential practices to help you refine your reporting skills and ensure your insights resonate with key stakeholders and support informed decision-making.‍1. Know your audience Understanding your audien…

Originally published by Diligent.The EU AI Act comes into force on 1 August 2024. It is the world’s first comprehensive legislation designed to address artificial intelligence (AI) risks by establishing a set of rules and obligations aimed at safeguarding the health, safety, and fundamental rights of EU citizens. In doing so, it seeks to support responsible, innovative AI development and build trust between EU citizens and AI.In this article, you’ll discover:What the EU Artificial Intelligenc…

Written by Dr. Vito Nozza, Softchoice.“Plan for what is difficult while it is easy, do what is great while it is small” Sun TzuI love to quote Sun Tzu, as the art of war is indicative of what cyber professionals go through on a daily grind. The offensive security mindset and techniques that are researched and planned out, that need to be top of mind for any CISO worth they weight in gold. Preventing this is the focus of an incident response plan (IRP), which takes control of events that could…

Originally published by RegScale.Written by Ivy Shelby.As we move towards 2030, the landscape of governance, risk, and compliance (GRC) is undergoing a seismic shift. With the rapid digital acceleration, the pervasive adoption of cloud technologies, and the rise of ephemeral tech, organizations are faced with unprecedented challenges… but also major opportunities. To thrive in this evolving environment, businesses are starting to embrace Continuous Controls Monitoring (CCM) and innovative GR…

Originally published by Entro.Written by Itzik Alvas.Staging environments often serve as the critical last step before pushing code to production, mirroring the setup used in live systems. However, these environments are often neglected in terms of security, making them prime targets for breaches and vulnerabilities.Staging environments are typically more controlled than development but less scrutinized than production, leading to potential risks such as data breaches, configuration drift, an…

Originally published by Normalyze.Written by Vamsi Koduru.Data security specialists know the challenges of storing, managing, and securing unstructured data. Due to the sheer volume and variety of unstructured data, its searchability and data quality challenges, and the overarching issues of security and compliance, unstructured data management can seem anything but “manageable.” Fortunately, that’s changing. In 2024, Gartner released a 2024 Strategic Roadmap for World-Class Security of Unstr…

Originally published by CyberArk.Written by Sam Flaster.Several new vendors entering the privileged access management (PAM) market are boldly claiming they can – or will soon be able to – provide access with zero standing privileges (ZSP).In reality, these lofty vendor claims likely ignore the limited use cases of their own technology. This betrays a fundamental misunderstanding of PAM – the most challenging problem in cybersecurity.ZSP is absolutely a critical component for the future of ide…