Cloud Security Alliance

Originally published by Prescient Assurance. Written by Frejin Arooja.   Running a compliance program is a commitment. As long as you do the right things and avoid making any wrong move, you’re okay. But one wrong move can quickly escalate a happy relationship into a nightmare.  As the day blessed by St. Valentine approaches, we’ve compiled a list of do’s and don’ts to keep you out of trouble.  Heads up before you start: there’s a lot of love metaphors.   It…

Written by Enkrypt AI.   AI race between US and China take a dark turn as red teaming report uncovers critical safety failures The launch of DeepSeek’s R1 AI model has sent shockwaves through global markets, reportedly wiping USD $1 trillion from stock markets.¹ Trump advisor and tech venture capitalist Marc Andreessen described the release as “AI’s Sputnik moment,” underscoring the global national security concerns surrounding the Chine…

Originally published by HCLTech. Written by G Kiran Raju, Business Development and Product Offerings Lead, Google, Cybersecurity, HCLTech and Ben Caisley, SecOps Specialist Lead, Google Cloud.   As cybersecurity threats continue to evolve, organizations are increasingly adopting advanced technologies to enhance the effectiveness and agility of their Security Operation Centers (SOCs). The integration of generative AI technologies is at the forefront of this transformation, aiming t…

CSA’s Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing. It contains 197 control objectives structured into 17 domains that cover all key aspects of cloud technology. You can use CCM to systematically assess a cloud implementation. CCM also provides guidance on which actors within the cloud supply chain should implement which security controls.CCM DomainsToday we’re taking a closer look at implementing the third domain of CCM: Business Continuity Manageme…

Written by Jayesh Gadewar, Scrut Automation.Generative AI is reshaping industries at an incredible pace. Tools for image creation, chatbots, and code generation are driving innovation and pushing productivity to new heights. According to G2’s recent “State of Software” report, demand for these AI solutions is surging across industries. But alongside the excitement comes a new wave of challenges in governance, risk, and compliance (GRC). Are businesses ready to harness the full potential of…

Written by CSA’s Top Threats Working Group.   In this blog series, we cover the key security challenges from CSA’s Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we’ll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whether you’re a professional or a beginner, this series offers a clear guide to the evolving cloud security landscape. Today’s post covers the #10 top threat: Unauthenticated Resource Sharing…

Originally published by Vanta.Most people know what a chief information security officer (CISO) is and how they’re essential to improving an organization’s security posture. The problem is that many organizations have limited hiring resources and it makes little sense to appoint an in-house CISO without tangible ROI.A virtual CISO or vCISO becomes an excellent solution for organizations that need to enhance their security framework within resource constraints. In this guide, you’ll learn h…

Originally published by BARR Advisory.Written by Julie Mungai.For startups, security and privacy engineering can feel daunting. Limited resources, competing priorities, and the pressure to deliver products quickly often push these considerations to the back-burner. However, embedding security and privacy from the outset saves costs, builds trust, and ensures scalability. So, how can startups get started? We’ve outlined seven steps. 1. Start with Governance LiteEven without formal governanc…

Originally published by Schellman.Written by Danny Manimbo.Since the release of ISO 42001 in late December 2023, it’s been a year of discovery and education regarding this new flagship artificial intelligence (AI) standard in terms of determining its applicability, use case(s), and benefits to organizations. For those who have since determined ISO 42001 is the right framework for them, the next step has been to prepare for certification, and that involves more than a few steps.In this blog…

Originally published by CXO REvolutionaries.Written by Tony Fergusson, CISO in Residence, Zscaler.Zero trust architecture isn’t rocket science. But, as in rocket science, stripping away unnecessary functions and streamlining existing ones is a step in the direction of simpler, more elegant solutions.“Any intelligent fool can make things bigger and more complex. It takes a touch of genius – and a lot of courage – to move in the opposite direction.” – Albert EinsteinLast October, SpaceX made…

Originally published by Truyo.Written by Dan Clarke, President, Truyo.The California Privacy Protection Agency (CPPA) has flexed its muscles yet again, taking a strong stance against dark patterns, especially in the context of the California Consumer Privacy Act (CCPA). The CPPA’s recent enforcement advisory emphasizes the detrimental effects of these manipulative designs and outlines the repercussions businesses face if they employ dark patterns in their digital platforms. This blog delve…

Originally published by Abnormal Security.Written by Emily Burns.The security operations center (SOC) has long been the nerve center of an organization’s cybersecurity efforts, monitoring, analyzing, and responding to threats in real-time. It serves as the frontline defense against increasingly sophisticated attacks, protecting sensitive data and critical systems. However, the rapid evolution of artificial intelligence (AI) is revolutionizing the SOC, promising unprecedented efficiency and…

Written by the CSA New Jersey Chapter:Stanley Mierzwa, Ph.D.; CISSP, Director, Center for Cybersecurity, Transformational Learning and External Affairs, Kean University Eliot Perez, Director, Information Technology, Township of Bedminster, New Jersey Remember Y2K, in the context of the worry for many technologists and engineers working in the computer field? For many, it may feel like a lifetime ago, a sort of worrisome digital doomsday scenario that, thankfully, fizzled, perhaps because…

Originally published by Oasis Security.Written by Guy Feinberg.As we meet with customers to discuss non-human identity security strategy, the topic of ownership comes up more frequently as one of the key component for any comprehensive Non-Human Identity Managament (NHIM) program. Our discoveries, along with the insights from our Context Reconstruction Engine have underscored the importance of clearly defined ownership in effectively managing these identities. Understanding who is responsi…

Originally published by Aembit.Written by Ashur Kanoon, Technical Product Marketing, Aembit.How much damage could an attacker do with free tools and minimal effort? That’s the question I set out to answer – and the results even surprised me. In less than 10 minutes, I managed to exploit exposed API keys, hijack resources, and prove just how vulnerable organizations can be when basic security measures are overlooked.“Resource jacking” – for those unfamiliar – is the unauthorized use of an o…

Originally published by HanaByte.Written by Otis Thrasher, Staff Security Consultant, HanaByte.Life is full of ups and downs, and no one can avoid them. This includes natural disasters, accidents, and loss of loved ones. The digital world operates on a similar principle. It’s not a question of if a cyber attack or system failure will happen; it’s when. The key is to stay resilient through preparation. Let’s discuss how to fortify organizations against disasters using effective documentatio…

Contributed by Softchoice.Written by Abel E. Molina, Principal Architect, Security, Softchoice.The Critical Need for Zero TrustThe threat of cyber-attacks is both immediate and severe. According to the Small Business Administration (SBA), 50% of SMBs have faced at least one cyber-attack, with over 60% of those businesses shutting their doors afterward. This alarming statistic underscores the necessity for robust cybersecurity measures, particularly the adoption of a Zero Trust approach.Zer…

Originally published by CXO REvolutionaries.Written by Pam Kubiatowski, Global VP, CTO in Residence, Zscaler.Enterprises transform network architectures to be more agile and better able to meet business goals. But transitioning your network from a traditional hub-and-spoke to a cloud services model can be daunting. However, the cost of change is ultimately often less than the cost of maintaining the status quo, which is investing in a liability. Transformation leaders must address connecti…

Originally published by Schellman.Written by Ryan Buckner.These days, every organization has a security program to protect themselves from escalating attacks with growing sophistication. And while much of the focus centers on defending against outsider threats, an equally important component of any security effort is safeguarding against insider threats through effective employee awareness. Maybe your organization is already aware of all this—maybe you’ve already trained employees on prope…

Originally published by CXO REvolutionaries.Written by Javier García Quintela, CISO, Repsol SA.Madrid-based global energy provider Repsol is fully committed to meeting the ambitious goal of net-zero carbon emissions by 2050, as outlined in the Paris Agreement. Technology is considered a core pillar in helping the company transition away from fossil fuels to its growing portfolio of low carbon and renewable energy sources.When generative AI (GenAI) emerged as a potential game-changer for b…