CSA Blog

  • Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler. Cybersecurity and privacy are foundational concerns for most organizations. While these concepts are often discussed together, they are distinct yet interconnected disciplines...
  • Originally published by CheckRed. Written by Amardip Deshpande, Senior Security Researcher, CheckRed. In February, Angel One, one of India’s leading financial services platforms, disclosed a security breach stemming from unauthorized access to its Amazon Web Services...
  • Written by Jim Reavis, CEO, CSA. Small and mid-sized cloud service providers often face significant challenges when attempting to meet the rigorous security and compliance requirements set by their enterprise customers, especially those operating within highly regulated industries...
  • Written by David Balaban. At this point, it’s hardly news that the vast majority of cybersecurity breaches start with social engineering campaigns, most commonly phishing attacks. It’s not just breaches, either: according to some estimates, a whopping 45% of ransomware attacks...
  • Originally published by Schellman. Written by Stu Block. Among the growing concerns regarding climate change and corporate responsibility, sustainability reporting has become a valuable tool for businesses to demonstrate their commitment to identifying and managing non-financial...
  • Written by Gerry Gebel, Strata. Originally published by Forbes. Running applications and processes in the cloud has profoundly reshaped business and society. It has introduced remarkable gains in speed, efficiency, and convenience. Today, about 70% of organizations report...
  • Originally published by Enkrypt AI. Written by Nitin Aravind Birur, AI Researcher, Enkrypt AI. Picture this: every time you picked up a new charger, you had to crack open your wall outlet and rewire the whole thing. Sounds exhausting, right? Well, that’s pretty much the...
  • Written by Olivia Rempe, Community Engagement Manager, CSA. In recent years, artificial intelligence has shown extraordinary promise—but also a troubling vulnerability: when it fails, it often fails fast, loud, and in the public eye. The Cloud Security Alliance’s AI Resilience...
  • Originally published by Valence Security. Written by John Filitz. A sophisticated attack vector known as “consent phishing” has emerged as a significant SaaS security threat. Unlike traditional phishing that targets credentials directly, consent phishing exploits...
  • Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler. 24 specific things you can do to strengthen your security program against today's top threats As we move further into 2025, the cyber threat landscape changes continuously...
  • Originally published by Kaot.ai. Summary Open-source models are free, customizable, and community-driven, while closed-source models are proprietary with limited customization and professional support. Open-source offers better control over data privacy, while...
  • The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. It is created and updated by CSA and aligned to CSA best practices. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also...
  • Originally published by Abnormal AI. Written by Emily Burns. The rapid integration of artificial intelligence (AI) into cybersecurity solutions has created both opportunities and challenges. AI-driven systems promise advanced threat detection, automation, and adaptability...
  • Originally published by Axway. Written by Chris Payne, Principal Product & Solutions Marketing Manager for Axway MFT. There’s an old IT saying that nobody notices MFT until something goes wrong. MFT hums along in the background at many enterprises, running on autopilot...
  • Originally published by Vali Cyber. Written by Chris Goodman. Executive Summary The NIST Cybersecurity Framework (CSF) 2.0 offers organizations a structured path to building cyber resilience in the modern cyber-scape. Its five core functions—Identify, Protect, Detect...