CSA Blog

  • Originally published by Vanta.The technology your organization uses is integral to its success. When selecting vendors, security should be at the forefront of your decision. A strong vendor review process is crucial for selecting partners that align with your company's security goals...
  • Originally published by Adaptive Shield.Inside the HackEarlier this week, Twilio issued a security alert informing customers that hackers had exploited a security lapse in the Authy API to verify Authy MFA phone numbers. Hackers were able to check if a phone number was registered...
  • Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.Leadership. It's a word that's often tossed around (as if we all understand what it is and how it’s performed). Yet, truly effective leaders are very hard to find. Some might see leadership...
  • Originally published by Cyera. Written by Jaye Tillson.The digital revolution has irrevocably transformed our world. From the constant stream of social media updates to the ever-growing network of internet-connected devices, we generate a staggering amount of data every single day...
  • Non-Human Identity Management

    Originally published by Oasis.Non-human identities, or NHIs, serve as digital gatekeepers, enabling secure machine-to-machine and human-to-machine access and authentication within modern enterprise systems. The push for innovation has led to the adoption of microservices, third-party...
  • Annul program recognizes individuals who best exemplify CSA valuesSEATTLE – July 11, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment...
  • Written by MJ Schwenger, Member of the CSA AI Working Group.Originally published on LinkedIn.Introduction The increasing adoption of Large Language Models (LLMs) in the supply chain presents a new challenge for traditional Third-Party Vendor Security Assessments (TPVRAs). This...
  • Originally published by BARR Advisory.The 2024 Verizon Data Breach Investigations Report (DBIR)—an annual report examining dominant trends in data breaches and cyberattacks throughout the world—is now out for review. Verizon began releasing this report in 2008, and throughout its...
  • Originally published by CXO REvolutionaries. Written by Rob Sloan, VP, Cybersecurity Advocacy, Zscaler.Despite repeated predictions of cyber-fueled chaos at the Olympic and Paralympic Games since at least 2004, to date, no Olympics has ever been significantly disrupted. There is...
  • Originally published by RegScale.Written by Esty Peskowitz.Navigating FedRAMP compliance complexities is growing more challenging by the day. The use of automation in everyday activities has become a necessity for security professionals. During a fireside chat at Coalfire’s RAMPCon...
  • In the last seven years, several revolutionary developments have occurred in the cloud computing industry. Considering the impact of these changes, CSA has released a new version of our Security Guidance for Critical Areas of Focus in Cloud Computing. We have completely revamped...
  • Written by Chad Walter, CRO, Paperclip. Data breaches have surged in frequency and cost—to the tune of $8 trillion dollars globally in 2023. And this isn’t just impacting the companies who are breached; these costs impact customer trust and contribute to global inflation. We are...
  • Originally published by Abnormal Security.Written by Mick Leach.While every organization across every vertical is at risk of experiencing advanced email attacks, there are certain industries that, for various reasons, periodically become the go-to target for threat actors. Our research...
  • In today’s digital age, cloud security is more important than ever. Organizations are looking for cloud service providers that not only meet but exceed security standards. The CSA STAR (Security, Trust, Assurance and Risk) Registry is a valuable resource that highlights service providers...
  • Written by Nikhil Girdhar, Sr. Director of Data Security, Securiti AI.In cybersecurity, the old adage you 'can’t protect what you can’t see' rings especially true. While the initial step of discovering and classifying sensitive data is critical, it's just the beginning. Many security...