CSA Blog

  • Originally published by RegScale.Addressing compliance and ensuring strong security measures are increasingly complex tasks for organizations. How can you effectively manage these challenges? Continuous Controls Monitoring (CCM) offers a robust solution, leveraging automation, AI...
  • Written by Alyssa Miles, CyberArk.There’s currently a cybersecurity adage with varying verbiage and claimed origins – the point, however, is unmistakable:“Attackers don’t break in. They log in.“This saying underscores the strategic shift associated with cloud adoption’s prominence...
  • Originally published by Astrix.Non-human identity (NHI) attacks are making waves in the cybersecurity landscape, with five high-profile incidents reported in the past few weeks alone. To help you stay on top of this threat vector, our research team provides insights on the latest...
  • Written by CSA Research Analysts Marina Bregkou and Josh Buker.Based on the idea presented by Nico Popp in ‘A trust API to enable large language models observability & security (LLMs)’.IntroductionLarge Language Models (LLMs) are becoming integral to numerous applications, from...
  • Originally published by Vanta.The technology your organization uses is integral to its success. When selecting vendors, security should be at the forefront of your decision. A strong vendor review process is crucial for selecting partners that align with your company's security goals...
  • Written by Verisk.In the ever-evolving landscape of cybersecurity, where threats are becoming more sophisticated, advanced, and pervasive, conventional defense mechanisms are no longer sufficient. We need to develop new technologies and innovations to stay ahead of the cyber adversaries...
  • Originally published by Adaptive Shield.Inside the HackEarlier this week, Twilio issued a security alert informing customers that hackers had exploited a security lapse in the Authy API to verify Authy MFA phone numbers. Hackers were able to check if a phone number was registered...
  • Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.Leadership. It's a word that's often tossed around (as if we all understand what it is and how it’s performed). Yet, truly effective leaders are very hard to find. Some might see leadership...
  • Zero Trust is one of the most widely talked about cybersecurity trends today and is instrumental for raising the cybersecurity baseline and eliminating risk. Through the Zero Trust Advancement Center and Zero Trust Working Group, CSA aims to develop consistent Zero Trust standards...
  • Written by the CSA Enterprise Authority to Operate (EATO) Working Group.Introduction by Jim Reavis, CEO of the Cloud Security AllianceI would say that a lesson learned from spending many years in the cybersecurity industry is that one-size-fits-all solutions are rarely the approach...
  • Originally published by Cyera. Written by Jaye Tillson.The digital revolution has irrevocably transformed our world. From the constant stream of social media updates to the ever-growing network of internet-connected devices, we generate a staggering amount of data every single day...
  • Non-Human Identity Management

    Originally published by Oasis.Non-human identities, or NHIs, serve as digital gatekeepers, enabling secure machine-to-machine and human-to-machine access and authentication within modern enterprise systems. The push for innovation has led to the adoption of microservices, third-party...
  • Annul program recognizes individuals who best exemplify CSA valuesSEATTLE – July 11, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment...
  • Written by MJ Schwenger, Member of the CSA AI Working Group.Originally published on LinkedIn.Introduction The increasing adoption of Large Language Models (LLMs) in the supply chain presents a new challenge for traditional Third-Party Vendor Security Assessments (TPVRAs). This...
  • Originally published by BARR Advisory.The 2024 Verizon Data Breach Investigations Report (DBIR)—an annual report examining dominant trends in data breaches and cyberattacks throughout the world—is now out for review. Verizon began releasing this report in 2008, and throughout its...