Cloud Security Alliance

Originally published by Skyhigh Security. Written by Hari Prasad Mariswamy Director, Product Management Data Protection, Skyhigh Security.   Overview In today’s landscape of digital transformation, data security challenges continue to evolve, exposing organizations to new threats and compliance demands. Amidst these challenges, Data Security Posture Management (DSPM) has emerged as a powerful technology to help enterprises gain comprehensive visibility and co…

Written by Sayali Paseband, Advisor, Cyber Security Engineering, Verisk.   Zero Trust has been the foundation of cloud security, focusing on principles like least privilege access, continuous verification, and micro-segmentation. These principles have helped protect against unauthorized access and movement within networks. However, as companies use multiple cloud services, face smarter AI-driven threats, and deal with more supply chain risks, Zero Trust alone is no…

Originally published by VikingCloud. Written by Natasja Bolton.   If your business processes payment card data, you’ve likely been working on transitioning from PCI DSS v3.2.1 to PCI DSS v4.x—but the work isn’t over yet.  While the initial readiness deadline for PCI DSS v4.0 was March 31, 2024, many of the most critical security changes were future-dated—giving businesses an extra year to prepare. That grace period is coming to an end. On April 1, 2025, all the f…

Originally published by CXO REvolutionaries. Written by Ritesh Agrawal, VP of Product Management at Zscaler and Co-Founder of Airgap.   There is a reason that a compromise of one smartphone doesn’t lead to a breach of every smartphone’s security: microsegmentation. Telecom companies use this ‘network of one’ strategy to isolate devices and protect against threats spreading them and it was the inspiration that led to me confounding Airgap in 2019. Securing critical…

Originally published by Scrut Automation. Written by Amrita Agnihotri.   Cyber threats in healthcare are rising at an alarming rate. Over the past five years, hacking-related breaches have surged by 256%, with ransomware incidents up by 264%, according to the U.S. Department of Health and Human Services (HHS). To combat these growing risks, covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA) must take proac…

Written by Ken Huang, CSA Fellow, Co-Chair of CSA AI Safety Working Groups.   The cybersecurity community has been rocked by a significant breach of Oracle Cloud Infrastructure (OCI), specifically targeting its Identity Manager systems. This incident provides critical lessons for organizations relying on cloud infrastructure. In this analysis, I’ll break down the technical details of what happened and propose potential mitigation strategies powered by Agentic AI security techniques….

Originally published by Sweet Security. Written by Sarah Elkaim, Head of Product Marketing, Sweet Security.   A Server-Side Request Forgery (SSRF) attack occurs when an attacker tricks a server into making requests to other internal or external services on behalf of the server itself. This can lead to unauthorized access to sensitive data, exploitation of internal systems, and even full system takeover.  At Sweet Security, we’ve seen a surge in SSRF attacks within …

Originally published by Axway. Written by Emmanuel Vergé, Senior Product & Solutions Marketing Director, Axway.   I get it. You’re probably thinking, “Cloud file transfer? We already have an MFT solution and it’s checking all our boxes. Why rock the boat now?” Large organizations that rely on MFT have mature, dedicated teams. They’ve invested time and resources into building a well-oiled process – and they really don’t want to change it. On the other hand, the comp…

Originally published by CheckRed.  Written by Amardip Deshpande, Senior Security Researcher, CheckRed.   Cloud and SaaS identities are not just about people. They also include the digital personas of applications, services, and machines. These digital identities are crucial for managing access and ensuring security in modern cloud environments.   Understanding Human Identities In the context of cloud security, human identities refer to the unique digital identif…

Award-winning program named finalist for Best Professional Certification Program SEATTLE – April 9, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, is proud to announce that its award-winning Certificate of Competence in Zero Trust (CCZT) has been named a Best Professional Certification Program finalist by the 2025 SC Awards. The CCZT, the ind…

Originally Published by Koat.   Summary Disinformation’s Impact on Reputation and Finances: Disinformation can severely damage a company’s reputation, erode consumer trust, and lead to significant financial losses. False narratives, such as rumors about product defects or unethical practices, can undermine brand integrity and customer loyalty. Role of Threat Intelligence in Combatting Disinformation: Threat intelligence tools help businesses proactively detect, analyze, a…

Written by Jeffrey Westcott, CFO, CSA.   I received one of the first Apple Macintoshes back in January 1984 when I attended Drexel University. It was branded the Apple DU with a whopping 128k of memory. And it was the same machine as the Apple Mac, soon to be released to the public. Many of you reading this are too young to remember the iconic Apple television commercial for the Apple Macintosh which aired only once during the 1984 Super Bowl, although many of you, like me, re…

Originally published by Vanta. Written by Lucia Giles.   The Cybersecurity Maturity Model Certification (CMMC) program was developed by the Department of Defense (DoD) to ensure that defense contractors and subcontractors meet the cybersecurity requirements needed to safely and responsibly handle government data. Of primary concern is how commercial vendors safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). ‍The new CMMC program is of…

Originally published by Abnormal Security. Written by Jade Hill.   Business email compromise (BEC) is one of the most financially damaging cyber threats today. According to the FBI’s latest Internet Crime Report, business email compromise resulted in over $2.7 billion in reported losses in 2023 alone—and the soon-to-be released 2024 numbers are likely to be even worse. While BEC had already solidified its position as a top threat, the rise of AI has made these attacks even m…

Originally published by Schellman. Written by Tu Nguyen.   If you’ve seen the news lately, you know that breaches stemming from third-party vendors are on the rise, and it seems no organization is truly safe. Whether you’re still actively contracted with a third party or have ceased providing services, recent incidents prove you’re still at risk, making effective third-party risk management (TPRM) a must to avoid what could be disastrous consequences.   Ho…

Originally Published by CXO REvolutionaries. Written by Aoibh Wood, Security Architect, Zscaler.   Often overlooked by security professionals, app cloaking is a powerful technique for strengthening security posture by making high-value private applications go dark from the public internet. Fundamental to our approach to zero trust architecture, app cloaking reduces an organization’s attack surface and prevents lateral movement by threat actors, safeguarding sensitive a…

Originally published by Truyo on August 21, 2024. Written by Dan Clarke, President, Truyo.   Artificial intelligence (AI) is rapidly transforming industries, offering unparalleled opportunities for innovation, efficiency, and growth. However, as AI systems become more integrated into the core operations of businesses, the need for ethical and compliant AI usage becomes increasingly critical. The recent Executive Order on the Safe, Secure, and Trustworthy Development and Use o…

Written by Olivia Rempe, Community Engagement Manager, CSA.   In today’s AI-powered world, the “Right to be Forgotten”—a principle enshrined in the EU’s General Data Protection Regulation (GDPR)—is facing one of its biggest tests yet. While traditional databases and web platforms can delete or de-index personal data upon request, AI models, especially large language models (LLMs), present a more complex and troubling question: Once personal data is used to train an AI model, is d…

Originally published by SavvyMoney. Written by Ryan Sonnenberg.   Data is necessary to drive transformative change across industries in today’s hyperconnected world. In the financial services sector, the power of real-time credit data is undeniable. It equips financial institutions with the ability to understand their consumers, predict their needs, and thrive in a competitive landscape. This data is a tool and a catalyst for growth, offering unparalleled insights into consum…

Originally published by Valence. Written by Jason Siberman.   The rise of SaaS applications has transformed the way organizations operate, enabling greater collaboration, agility, and efficiency. Business-critical tools such as Salesforce, HubSpot, Workday, NetSuite, and GitHub are essential for departments like sales, marketing, HR, finance, and R&D. These tools empower teams to work independently, adopt cutting-edge technologies, and innovate faster. However, this sa…