In his latest blog, CSA's CEO Jim Reavis provided his thoughts on 3 topics that are top of mind:
- The SolarWinds CISO's Wells Notice - "Last month, SolarWinds reported that some of its executives, including its CISO, were served with an SEC Wells Notice. An SEC Wells Notice refers to a formal communication issued by the U.S. Securities and Exchange Commission (SEC) to inform individuals or companies that the SEC staff intends to recommend enforcement action against them."
- Large Language Models and data security - "One of the biggest concerns today is the question of data security. How do we protect ourselves from sensitive corporate information being sent to ChatGPT for example, and will that information become part of the Large Language Model's training data and potentially be exposed?"
- CSA's new research on Shadow Access - "I would define Shadow Access as the tendency to grant too many permissions to too many identities in IT systems. In the cloud world, this is a consequence of a highly accelerated DevOps implementation that values speed and minimizes examination of privileges for the sake of expediency... I am excited that CSA has research in progress that addresses this topic, looks at the root causes, and provides guidance."
You can read all of Jim's insights about these topics here: https://cloudsecurityalliance.org/blog/2023/07/25/around-the-horn-with-a-cybersecurity-summer/
------------------------------
Megan Theimer
Content Program Specialist
Cloud Security Alliance
------------------------------