Category Archives: Cloud Security Alliance

Originally published by Vanta.   SaaS security requires constantly monitoring and preparing to mitigate the latest industry threats and vulnerabilities. According to the 2024 State of SaaS Security Report, 58% of organizations experienced a SaaS security incident in the past year despite having high confidence levels in their existing security programs. ‍ Today, SaaS applications are […]

Ambassador Program strengthens CSA’s mission to ensure AI safety and accountability SEATTLE – March 3, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, is pleased to announce the inaugural cohort of Premier Artificial Intelligence (AI) Safety Ambassadors. […]

Originally published by BARR Advisory.   The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is preparing to make sweeping changes to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. OCR published a proposal outlining major updates that could soon be coming to the HIPAA Security Rule. The potential changes […]

Originally published by RegScale.   Every January, we commit to building better habits. We buy gym memberships, download meditation apps, or swear to finally learn that new language. But here’s a thought: how well are our organizations carrying out their own New Year’s resolutions?  Looking at the state of GRC today, it’s clear that many […]

Originally published by Zscaler.   With cyberthreats rapidly increasing in sophistication, today’s CISOs cannot afford to stand alone. To outsmart some of the world’s most ingenious and nefarious criminals, we must pool our knowledge, blend our insights, and present a united front.  We have a clear and present need to collaborate across sectors, and information sharing […]

Originally published by Thales.   Two hundred years ago, safety and child labor laws were monstrously lax compared to today’s standards. In two hundred years more, our ancestors will look back with similar disbelief on our regulation of digital services. However, it is also true that regulations reflect the societal principles and values of their […]

Originally published by Aembit.   For many of today’s hybrid and data-driven enterprises, non-human identities (NHIs) – often referred to as machine and service accounts – are emerging as one of the most overlooked risks.  While much attention has been devoted to securing human credentials, countless application-to-application connections and service accounts remain dependent on static and […]

Originally published by Oasis Security. Written by Roey Rozi, Director of Solution Architecture, Oasis Security.   Active Directory (AD) has been around forever—and for good reason. If you’ve got a big on-prem setup, it’s the go-to for managing users, permissions, and access. But here’s the catch: AD wasn’t built for today’s hybrid and machine-driven environments, where on-prem meets […]

The Cloud Controls Matrix (CCM) is a framework of controls (policies, procedures, and technical measures) that are essential for cloud computing security. It is created and updated by CSA and aligned to CSA best practices. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provides guidance on […]

Originally published by Seiso. Written by Eric Lansbery.   With every new tool or layer of protection, complexity grows—along with risks. Many organizations unknowingly make common security mistakes, such as misconfigurations, reliance on manual processes, and fragmented team efforts, leaving their cloud environments vulnerable despite significant investments.   Why is Cloud Security is Becoming More Complex? […]