Cloud Security Alliance

We require a modern approach to accurately assess our use of current technology.This month marks 25 years since I managed my first cybersecurity attack. At the time, I was CTO for an internet service provider that suffered the compromise, which in those days was mostly script kiddies defacing webpages to show they had circumvented what limited ACL protections we had in place.It was then that I was first introduced to audit principles, derived from the financial industry, as a means to demons…

Written by Erick Tauil, Presales Engineer.Alright, let’s dive into a topic that often feels like a riddle wrapped in an enigma: Zero Trust. Communicating its concepts to non-security stakeholders can be quite frustrating and often met with a blank stare. After 15 years in cybersecurity, I’ve seen how a little confusion can derail even the best-laid plans. So, who are these stakeholders causing all the fuss? Think executives, operations managers, HR, marketing, and finance. Each of them plays…

Originally published by CXO REvolutionaries.Written by Mike Gemza, CTO, Cornerstone Building Brands.At a time when cyberthreats are becoming more advanced and network infrastructure needs are increasing, it’s not just important to use a zero trust approach to software-defined wide-area networks (SD-WAN). It’s also essential. As connectivity keeps changing, those who use new solutions like zero trust (ZT) SD-WAN will be in the best position to succeed.Limitations of traditional SD-WANThere’s n…

Originally published by Scrut Automation.Written by Nicholas Muy, Chief Information Security Officer, Scrut Automation.On July 12, 2024, the European Union (EU) Official Journal published the full text of the AI Act. This set into motion the final chapter of the most impactful security and privacy law since the General Data Protection Regulation (GDPR) came into force in 2018. It will have enormous implications for how companies do business in the EU and globally. Let’s examine the practical …

Originally published by Vanta.The security and compliance landscape is ever-evolving, meaning the demands organizations need to meet today can change rapidly. While most IT teams have defined processes to handle these requirements, they may not have the capacity to address all the tasks necessary to maintain the organization’s security posture.‍If your organization has encountered a similar situation before, appointing a managed security service provider (MSSP) can be a solution. Many organiz…

Originally published by InsiderSecurity.The Volt Typhoon campaign has raised alarms across cybersecurity circles, targeting critical infrastructure with stealthy and sophisticated techniques. This analysis breaks down the methods, exploitation tactics, and practical defenses organizations can employ to safeguard their systems.Volt Typhoon Attacks On May 24, 2023, Microsoft and the “Five Eyes Alliance” cybersecurity information sharing organization released a joint cybersecurity advisory, whic…

Written by Rahul Kalva.Abstract In today’s fast-paced DevOps environment, the demand for agile infrastructure deployment is driving innovation beyond traditional Infrastructure-as-Code (IaC). Code-less deployment solutions represent a breakthrough, enabling teams to automate infrastructure setup without the need for extensive coding. This article explores how code-less automation improves deployment efficiency while maintaining robust security and compliance. With pre-built templates and man…

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR.Everyone seems to talk about Test-Time Computation or Test Time Compute (TTC) as a way to scale the reasoning capability of large language models (LLMs). What is it about and why is it important now? This blog post is an attempt to answer this question. Key Aspects of Test-Time ComputationInference ProcessDuring TTC, the model takes input data and applies its learned parameters to produce an output. For neural netwo…

Written by Kayla Mauriello.Seasoned cybersecurity professionals from CTOs to developers are facing a challenging situation: organizations transitioning to new cloud architecture are invariably exposed to new vulnerabilities that traditional security measures don’t address. Keeping pace with the evolution of cloud infrastructure security techniques and principles requires a new approach and upgraded skill sets.The Cloud Infrastructure Security (CIS) training bundle is designed to give cybersec…

Findings emphasize the importance of regulatory compliance, strategic cloud adoption, regional considerations, and the need for continuous improvement in security practices SEATTLE – Dec. 10, 2024 – Financial institutions (FIs) are cautiously but increasingly adopting cloud technologies, while simultaneously placing greater value on multi-cloud strategies in order to avoid vendor lock-in and enhance data sovereignty, according to a new survey from the Cloud Security Alliance (CSA), the world’…

Originally published by HCLTech.Written by B. Mani Shankar, Global Manager – MDR, Cyber Threat Intel & Incident Response Services, Cybersecurity, HCLTech. In today’s hyper-connected digital landscape, cyber threats have become more sophisticated, pervasive and difficult to detect. With businesses increasingly dependent on digital infrastructure, the conversation has shifted from merely preventing attacks to asking, “How resilient are we to cyber threats?” The reality is, a successful c…

As we celebrate 15 years of advancing cloud security, the Cloud Security Alliance (CSA) reflects on our role as the world’s leading organization dedicated to establishing and promoting best practices in cloud computing. Among our many initiatives, our auditing and compliance efforts stand out as critical pillars for ensuring a secure and transparent cloud environment. Through programs like the Security, Trust, Assurance, and Risk (STAR) Registry and our collaborative work on global standards,…

Written by Ella Siman, Wing Security.Originally published by The Hacker News.With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams.Misconfigurations are silent killers, leading to major vulnerabilities.So, how can CISOs…

Originally published by Scrut Automation.Written by Amrita Agnihotri.A growing wave of AI-related legislation and regulation is building, with the most significant example being the European Union’s (EU) Artificial Intelligence (AI) Act. In March 2024, European leaders passed this sweeping legislation into law.It will clearly have huge impacts on the way business is done, both in the EU and globally. In this post we’ll go look at the implications for organizations deploying AI to drive busine…

Written by Ken Huang, CEO of DistributedApps.ai and Co-Chair of AI Safety Working Groups at CSA.There is no clear and consensus definition of what an AI agent is in the literature. This article does not aim to define what an AI agent is. Rather, I focus on examining AI agents from a range of capabilities, spanning from basic data processing to complex autonomous decision-making. This framework allows us to explore the progression of AI agents through different levels of sophistication, highli…

Now celebrating 15 years of advancing cloud security, the Cloud Security Alliance (CSA) is proud to be the world’s leading organization dedicated to defining best practices for a secure cloud computing environment. Since our incorporation in 2009 and the release of our inaugural Security Guidance, CSA has expanded our impact through a broad portfolio of initiatives, including industry-leading training programs and certificate offerings.These programs, including the foundational Certificate of…

If you’re excited about building a Zero Trust architecture for your organization, we understand! Zero Trust is pretty much the ultimate security strategy. However, before diving headfirst into building out your architecture, you need to perform a comprehensive systems analysis.This analysis should cover the functions and interactions of all devices, assets, applications, and services (DAAS) in the system. You must understand how your system accesses, processes, transmits, and shares data acro…

Written by CSA’s Top Threats Working Group.In this blog series, we cover the key security challenges from CSA’s Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we’ll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whether you’re a professional or a beginner, this series offers a clear guide to the evolving cloud security landscape.Today’s post covers the #7 top threat: Accidental Data Disclosure.What is Accidental Da…

Originally published by Truyo.Texas Attorney General Ken Paxton has successfully challenged Google’s monopolistic practices, with the U.S. District Court for the District of Columbia ruling in favor of Paxton’s allegations. The court found that Google’s business conduct violated the Sherman Act, a pivotal federal antitrust law, marking a crucial step in the ongoing battle against the tech giant’s dominance in internet search and advertising.Truyo President Dan Clarke says, “They will certainl…

Originally published by Valence Security.Written by Jason Silberman.The rapid rise of Software-as-a-Service (SaaS) has transformed business operations, offering unprecedented flexibility and scalability. However, this shift brings its own set of security challenges, particularly when it comes to managing the lifecycle of SaaS applications and their associated resources such as identities. Effective lifecycle management is crucial in safeguarding against threats and ensuring that security meas…