Cloud Security Alliance

Organizations collaborate on mutual goal of evaluating risks and defining controls related to Generative Artificial IntelligenceSEATTLE – Jan. 20, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, and Whistic, the leading AI-first modern platform for comprehensive third-party risk management, today announced a strategic partnership to further the responsi…

In October 2024, CSA hosted the 3-day Global AI Symposium. Experts at the forefront of artificial intelligence (AI) delivered insights into the benefits, uses, and misuses of AI. A standout session was “Quantum Artificial Intelligence: Exploring the Future of Intelligent Computing” with sisters Mehak and Megha Kalsi. Mehak is an industry leader and consultant in the cybersecurity, quantum computing, and CMMC spaces. She is also a Co-Chair of the CSA Quantum-Safe Security Working Group …

Artificial Intelligence (AI) has become a cornerstone of innovation, transforming industries and reshaping how we interact with technology. At the heart of this revolution lies Large Language Models (LLMs)—AI systems designed to understand and generate human-like text.However, even the most advanced AI needs direction from a human to perform effectively. Enter prompt engineering, the art of crafting instructions that guide AI behavior and generate meaningful outputs. Whether you’re a tech ent…

Originally published by Vanta.Many IT managers find compliance to be one of the most complex aspects of the SaaS space. For instance, in a LogicMonitor survey on cloud solutions, 60% of the respondents highlighted governance and compliance as one of their top challenges when engaging with SaaS platforms.SaaS compliance requires adherence to various standards and regulations that can present a recurring workload for security teams in any industry. From pursuing security certifications to worki…

Originally published by Truyo.Written by Dan Clarke.The European Union’s AI Act, which entered into force August 1, 2024, marks a historic milestone as the world’s first comprehensive regulation for artificial intelligence. This groundbreaking legislation, initially agreed upon in December 2023, aims to establish a robust framework for AI development and deployment, ensuring that technology advancements align with societal values and human rights.The Act adopts a risk-based approach to AI reg…

Written by Itzik Alvas, Entro.Secrets & Non-Human Identities (NHIs) security in hybrid cloud environments is a critical challenge in today’s IT landscape. Passwords, API keys, certificates, and tokens are not just digital assets; they are the lifeblood of your organization’s security. Protecting these non-human identities is essential for maintaining the integrity of your infrastructure. This guide aims to equip you with the strategies and insights needed to master secrets management in h…

Contributed by Softchoice.Written by Abel E. Molina, Principal Architect, Security, Microsoft.As we look ahead to 2025, the landscape of cyber threats is evolving at a rapid pace, posing significant challenges for businesses, governments, and individuals. As the first blog of the year, I felt it appropriate to list the top 10 emerging cybersecurity threats of 2025 and provide insights on how organizations can stay ahead of these ever-changing risks.No.1- The Rise of Sophisticated Ransomware A…

Written by Ella Siman, Wing Security.Originally published by The Hacker News.In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)—a 75% increase from last year—and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout players, unexpected underdog…

Originally published by Scrut Automation.Written by Jayesh Gadewar.Over the past year and a half, artificial intelligence (AI) has been impossible to ignore—and with good reason. Beyond the broader business implications, AI has the potential to accelerate cybersecurity and compliance efforts across organizations of all sizes. However, small and medium-sized businesses (SMBs) must approach this new technology with caution. Deploying AI securely and responsibly requires a structured approach th…

Originally published by Proofpoint DSPM (formerly Normalyze).Written by Parag Bajaria.AI’s transformative potential comes with a price—its complexity and reliance on sensitive data make it a prime target for security threats. For most organizations, the two primary use cases, custom large language models (LLMs) and tools like Microsoft Copilot, introduce unique challenges. Custom LLMs often require extensive training on organizational data, creating risks of embedding sensitive information in…

Originally published by Devoteam.Written by Kris Mandryk, Lead Consultant, Devoteam Belgium.The cybersecurity landscape is evolving with the arrival of the European Union’s NIS2 Directive and the Digital Operational Resilience Act DORA). These regulations elevate the standards for how organisations across various sectors manage and mitigate cyber risks. NIS2 and DORA reinforce existing best practices and standards, ensuring all organisations prioritize cybersecurity at a level playing field. …

Originally published by Illumio on December 9, 2024.Written by Raghu Nandakumara, Head of Industry Solutions, Illumio.Last month, I attended the Illumio World Tour stops in New York City and Sydney as well as Black Hat MEA. One topic dominated conversations: generative AI (GenAI) and its growing use in cyberattacks. Cybercriminals are using AI technology to quickly create and deploy attacks that are smarter, faster, and more convincing than ever before.One recent GenAI powered attack illustra…

Originally published by InsiderSecurity.This article kicks off a series that explores prominent cybersecurity incidents, using CSA’s Top Threats to Cloud Computing report as a foundation. In this installment, we analyze the LastPass hack, offering a user-friendly, illustrated breakdown of the attack and practical guidelines for detection and prevention.What is LastPass?LastPass is a Software-as-a-Service (SaaS) provider specializing in password vault solutions. These tools enable users to sec…

Originally published by Schellman.Written by Avani Desai, CEO, Schellman.Even as AI systems become more advanced and enmeshed in daily operations, concerns regarding whether large language models (LLMs) are generating accurate and true information remain paramount throughout the business landscape. Unfortunately, the potential for AI to generate false or misleading information—often referred to as AI “hallucinations”—is very real, and though the possibility poses some significant cybersecurit…

Written by Jordi Vilanova, Cloudtango.In early 2024, T-Mobile experienced a significant data breach where attackers exploited weak IAM controls to gain access to the personal information of over 30 million customers. The attackers used a combination of phishing attacks and stolen credentials to bypass security measures. This incident led to sensitive data, including names, addresses, Social Security numbers, and driver’s license information to be exposed. It resulted in severe financial and r…

Originally published by Vanta.Written by Jess Munday.If your business entails collecting and/or processing the personal data of European Union (EU) or United Kingdom (UK) citizens, complying with the General Data Protection Regulation (GDPR) is a priority.‍The regulation is quite comprehensive and includes numerous requirements your organization must implement. Adapting to its various requirements around transparency, accountability, and governance can get confusing, but using a GDPR complian…

Written by Rahul Kalva.Abstract As the cyber threat landscape evolves, leveraging Artificial Intelligence (AI) has become imperative for creating robust, proactive defenses. AI’s ability to detect, predict, and respond to threats in real-time sets it apart as a transformative force in cybersecurity. This article explores AI-driven cybersecurity advancements, focusing on predictive analytics, automated responses, and adaptive defense systems, emphasizing their significance in safeguarding dyn…

Originally published by Tenable. Written by Gad Rosenthal. The rapid shift to cloud computing has transformed how organizations manage and store their data. But as cloud adoption has grown, the risks have been heightened as well. Seeing opportunity, cybercriminals are increasingly targeting cloud environments, exploiting vulnerabilities such as weak access controls, misconfigurations, and unpatched systems. To ensure the security and integrity of cloud-based assets and prevent data breaches,…

Originally published by Reemo.Written by Florent Paret.In today’s digital landscape, marked by a proliferation of increasingly sophisticated cyberattacks, secure remote access to information systems has become a top priority. Protocol break, a technique that involves isolating systems by interrupting the direct flow of communication protocols, has emerged as a key element of defense in depth. This article explores the fundamental principles of protocol break, its applications in the cloud con…

Originally published by BARR Advisory.Expanding into the U.S. market offers Europe-based cloud service providers (CSPs) exciting new growth opportunities—but cybersecurity standards aren’t exactly the same across the pond. For security leaders who are used to GDPR and other European frameworks, it may come as a surprise that there is no national, comprehensive data privacy legislation in the United States. But while adhering to compliance frameworks like ISO 27001 and SOC 2 isn’t federally ma…