Written by Mehak Kalsi, Co-Chair, CSA Quantum-Safe Security Working Group.Reviewed by Bruno Huttner, Co-Chair, CSA Quantum-Safe Security Working Group.The Quantum Computing ecosystem has been waiting with bated breath for this moment and it’s finally here. The National Institute of Standards and Technology (NIST) of the United States has released three (3) Post-Quantum Cryptography (PQC) algorithms […]
Category Archives: Cloud Security Alliance
Category Added in a WPeMatico Campaign
Originally published by Zscaler.During his keynote at the CSA AI Summit (part of RSA Conference) last week in San Francisco, Caleb Sima, the Chair of the Cloud Security Alliance AI Safety Initiative, posed a reason why, despite a market saturated with vendors and worth billions of dollars, the top security challenges CISOs face remain the […]
Guide details general design principles and best practices related to authorization concernsSEATTLE – Aug. 14, 2024 – Securing LLM Backed Systems: Essential Authorization Practices, the latest report from the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, examines the […]
Originally published by Astrix.What are service accounts?Service Accounts are Non-Human Identity accounts used by machines or apps to communicate with one another within a system, unlike user or human accounts.Service Accounts, using machine credentials, provide privileged identities and permissions for applications, scripts, services, or virtual machines to perform tasks or access resources. This allows different […]
Originally published by Valence.Written by Jason Silberman.The recent attacks targeting data in customers of Snowflake, a SaaS application focused on data storage, serve as a critical reminder of the importance of understanding the Shared Responsibility Model in SaaS security. While initial reports claimed threat actors had breached Snowflake’s production system to compromise data at companies […]
Originally published by BARR Advisory.A virtual Chief Information Security Officer (vCISO) is essential for organizations that lack the resources or expertise to manage cybersecurity in-house. Typically, small to mid-sized businesses, startups, or companies undergoing rapid growth benefit the most from a vCISO. These organizations often face complex security challenges but cannot afford a full-time CISO. […]
Originally published by Vanta.According to Vanta’s 2023 State of Trust Report, respondents spend an average of nine working weeks per year on security compliance. Some security teams have accepted that governance, risk, and compliance (GRC) will inevitably take tons of time and effort. And many continue to work towards small-scale efficiencies because they don’t believe […]
Originally published by Oasis Security.In the last few days, there has been a lot of noise about an alleged Snowflake breach that impacted several companies’ supply chains. While the details remain unconfirmed, it appears that the attack is once more identity-based. It is important to remain vigilant and ensure we are doing everything in our […]
Originally published by Truyo.We all want to leverage AI, but models are only as good as the data used to train them. Often, training data is comprised of confidential information. How do you balance the need to make an AI run effectively without exposing PII? It’s not only the initial training that could be exposing […]
Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.As a CISO in Residence, one of my favorite activities is presenting on various topics at regional security summits. It lets me share ideas that I am truly passionate about with new and interesting people. Recently, I had the privilege of attending an ISACA […]