The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. https://cloudsecurityalliance.org/feed en Sat, 14 Jun 2025 00:11:25 -0700 https://cloudsecurityalliance.org/articles/ai-agents-vs-ai-chatbots-understanding-the-difference https://cloudsecurityalliance.org/articles/ai-agents-vs-ai-chatbots-understanding-the-difference Originally published by Astrix. Written by Alon Berger.   While AI chatbots respond, AI agents act. Both automate tasks, but the security implications differ significantly, primarily due to how they interact with NHIs. Agents make autonomous decisions, through adaptive learning, while Chatbots stick to scripts and predictable interactions. Let’s dive into what sets them apart.   Key differentiations AI Chatbots: predictable, constrained, and easier to secure AI chatb... Thu, 12 Jun 2025 11:13:54 -0700 https://cloudsecurityalliance.org/articles/why-your-saas-security-strategy-needs-automated-remediation https://cloudsecurityalliance.org/articles/why-your-saas-security-strategy-needs-automated-remediation Originally published by Valence Security. Written by John Filitz.   Your security team is operating with a dangerous blind spot. Your SaaS environment is likely the most vulnerable aspect of your security posture due to unremediated and escalating cyber risk. Even if you're using a first generation SaaS Security Posture Management (SSPM) solution, the uncomfortable truth is that you have a significant degree of unremediated risk.  This is because manual remediatio... Wed, 11 Jun 2025 18:45:50 -0700 https://cloudsecurityalliance.org/articles/implementing-ccm-interoperability-portability-controls https://cloudsecurityalliance.org/articles/implementing-ccm-interoperability-portability-controls The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. The CCM is created and updated by CSA and aligned to CSA best practices. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provides guidance on which actors within the cloud supply chain should implement which security controls. Both cloud service customers (CSCs) and cloud service providers (CSPs) use CCM in many ways. CSCs use... Wed, 11 Jun 2025 13:43:41 -0700 https://cloudsecurityalliance.org/articles/closing-the-blind-spot-in-enterprise-dns-security-why-dns-posture-management-matters https://cloudsecurityalliance.org/articles/closing-the-blind-spot-in-enterprise-dns-security-why-dns-posture-management-matters Originally published by CheckRed. Written by Derek Hammack, VP, Operations and Customer Success, CheckRed.   As enterprise security teams work to protect sprawling multi-cloud environments, one foundational layer remains dangerously underprotected: the Domain Name System (DNS). DNS is the backbone of modern digital infrastructure—translating domain names into IP addresses and routing traffic between users, applications, and services. Despite this critical role, DNS is ... Tue, 10 Jun 2025 22:55:03 -0700 https://cloudsecurityalliance.org/articles/valid-ai-ted-a-major-step-towards-real-time-cloud-assurance https://cloudsecurityalliance.org/articles/valid-ai-ted-a-major-step-towards-real-time-cloud-assurance Written by Jim Reavis, CEO & Co-Founder, Cloud Security Alliance.   Today, at our Cloud Trust Summit, we officially launched Valid-AI-ted, the industry’s first AI-assisted quality check for STAR Level 1 self-assessments. Within hours of opening the submission portal, providers were uploading CAIQs to see how they measure up, while enterprise risk teams asked how the new badge can sharpen their due-diligence process. In this post, I’d like to share where we’re headed next—an... Tue, 10 Jun 2025 22:41:33 -0700 https://cloudsecurityalliance.org/articles/boost-cloud-security-without-bugging-your-developers https://cloudsecurityalliance.org/articles/boost-cloud-security-without-bugging-your-developers Originally published by CyberArk. Written by Brooke Jameson, Senior Product Marketing Manager, CyberArk.   Developers are incredibly valuable to an organization’s progress and evolution. They must innovate quickly while simultaneously navigating changes to their day-to-day operations as companies heighten security requirements in the cloud. If developers find these security measures cumbersome, creating hurdles that plague their progress, they will likely bypass them al... Tue, 10 Jun 2025 14:29:31 -0700 https://cloudsecurityalliance.org/articles/cloud-security-alliance-brings-ai-assisted-auditing-to-cloud-computing https://cloudsecurityalliance.org/articles/cloud-security-alliance-brings-ai-assisted-auditing-to-cloud-computing Valid-AI-ted provides an automated quality check of STAR Level 1 self-assessments using state-of-the-art LLM technology SEATTLE – June 11, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an A... Tue, 10 Jun 2025 12:48:46 -0700 https://cloudsecurityalliance.org/articles/csa-ai-safety-initiative-named-a-2025-cso-awards-winner https://cloudsecurityalliance.org/articles/csa-ai-safety-initiative-named-a-2025-cso-awards-winner Program recognized for driving innovation and strategic vision SEATTLE – June 12, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, is excited to announce that its AI Safety Initiative has been named a winner of the 2025 CSO Awards, which recognize organizations for their exceptional security projects and initiatives that showcase substantial ... Mon, 09 Jun 2025 12:32:20 -0700 https://cloudsecurityalliance.org/articles/how-to-stop-expired-secrets-from-disrupting-your-operations https://cloudsecurityalliance.org/articles/how-to-stop-expired-secrets-from-disrupting-your-operations Originally published by Aembit. Written by Dan Kaplan.   You and your team have just received that dreaded late-night alert: “Authentication failure in production.” Your team’s carefully built service is down, not because of a sophisticated ransomware attack or some complex virus, but something far more mundane: an expired API key that nobody remembered to rotate. In modern cloud-native environments, authentication isn’t just about users logging in, it’s about machines, serv... Mon, 09 Jun 2025 12:08:34 -0700 https://cloudsecurityalliance.org/articles/why-early-adoption-of-iso-42001-matters https://cloudsecurityalliance.org/articles/why-early-adoption-of-iso-42001-matters Originally published by A-LIGN.   As AI governance grows in importance, many organizations are planning for compliance. The 2025 Compliance Benchmark Report, which gathered insights from over 1000 compliance professionals across various industries, found that 76% of organizations plan to pursue AI compliance soon with a framework like ISO 42001. Although ISO 42001 isn’t yet the definitive standard due to the dynamic nature of AI governance, it offers a comprehensive solution,... Sun, 08 Jun 2025 08:32:57 -0700 https://cloudsecurityalliance.org/articles/csa-marks-a-new-chapter-in-ai-governance-with-ai-trustworthy-pledge https://cloudsecurityalliance.org/articles/csa-marks-a-new-chapter-in-ai-governance-with-ai-trustworthy-pledge Pledge identifies those organizations truly committed to responsible, trustworthy AI SEATTLE – June 11, 2025 – The AI revolution is reshaping every sector of our economy. But even as AI systems are making decisions that affect millions of lives, organizations are grappling with a host of issues ranging from AI hallucinations to privacy concerns. The traditional approach of building first and securing later won't work in the AI era. Instead, what's needed is a proactive framework that e... Thu, 05 Jun 2025 11:59:26 -0700 https://cloudsecurityalliance.org/articles/agentic-ai-is-redefining-identity-security-in-the-cloud https://cloudsecurityalliance.org/articles/agentic-ai-is-redefining-identity-security-in-the-cloud Originally published by Britive.   The emergence of agentic AI is rapidly reshaping how modern enterprises think about automation, autonomy, and security. Unlike traditional generative AI, which focuses on creating content or identifying patterns, agentic AI represents a more proactive, decision-making force embedded within digital ecosystems. These AI agents are designed to independently pursue (human-provided) goals, take actions on behalf of users or systems, and even make... Wed, 04 Jun 2025 11:50:28 -0700 https://cloudsecurityalliance.org/articles/runtime-integrity-measurement-overview https://cloudsecurityalliance.org/articles/runtime-integrity-measurement-overview Originally published by Invary. Written by Dr. Wesley Peck.   Runtime Integrity Measurement In this article we’ll dive into the technical details of a real world rootkit, explore how that rootkit compromises an operating system, and then learn how Kernel Integrity Measurement technology detects even novel rootkits that exploit zero day vulnerabilities in systems. ‍Integrity Measurement applied to operating systems provides a powerful security mechanism to ensure that infra... Wed, 04 Jun 2025 11:41:58 -0700 https://cloudsecurityalliance.org/articles/the-ai-trust-imperative-why-the-csa-ai-trustworthy-pledge-matters-now-more-than-ever https://cloudsecurityalliance.org/articles/the-ai-trust-imperative-why-the-csa-ai-trustworthy-pledge-matters-now-more-than-ever Written by Daniele Catteddu, Chief Technology Officer, CSA.   Many of us have witnessed firsthand the transformative power of artificial intelligence and the urgent need for responsible innovation that keeps pace with technological advancement. The artificial intelligence revolution is no longer on the horizon; it's reshaping every sector of our economy today. From healthcare diagnostics to financial services, from autonomous vehicles to content generation, AI systems are ... Wed, 04 Jun 2025 11:33:31 -0700 https://cloudsecurityalliance.org/articles/the-2024-football-australia-data-breach-a-case-of-misconfiguration-and-inadequate-change-control https://cloudsecurityalliance.org/articles/the-2024-football-australia-data-breach-a-case-of-misconfiguration-and-inadequate-change-control CSA’s Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world security breaches. The report presents the narrative of each incident, as well as the relevant cloud security risks and mitigations. Today we’re taking a closer look at the second incident covered in the Deep Dive: Football Australia 2024.   Cybernews researchers identified plaintext keys encoded in the source of Football Australia’s website. This was clearly the result of human error, whether ... Wed, 04 Jun 2025 10:20:52 -0700 https://cloudsecurityalliance.org/articles/ransomware-in-the-education-sector https://cloudsecurityalliance.org/articles/ransomware-in-the-education-sector Originally published by Vali Cyber. Written by Chris Goodman.   In recent years, educational institutions have been relentlessly targeted by cyberattacks, with hypervisor vulnerabilities standing out as one of the most critical risks. As remote learning has expanded, academic IT infrastructures have grown rapidly—introducing new risks. Hypervisors, which virtualize servers, networks, and applications, are essential for managing digital services, especially as universitie... Wed, 04 Jun 2025 09:51:10 -0700 https://cloudsecurityalliance.org/articles/when-good-gpts-go-bad-how-trusted-ai-tools-are-exploited-for-attacks https://cloudsecurityalliance.org/articles/when-good-gpts-go-bad-how-trusted-ai-tools-are-exploited-for-attacks Originally published by Abnornal. Written by Callie Baron.   Malicious AI is rewriting the rules of cybercrime. Learn how traditional GPTs are being exploited and why security teams need to act now. Artificial intelligence is changing everything—fast. What once felt like science fiction is now part of daily life, unlocking new efficiencies and driving rapid innovation. At the heart of this revolution are large language models (LLMs), and particularly generative pre-trained t... Tue, 03 Jun 2025 19:08:59 -0700 https://cloudsecurityalliance.org/articles/in-the-beginning-before-zero-trust https://cloudsecurityalliance.org/articles/in-the-beginning-before-zero-trust Written by Christer Swartz, Director Industry Solutions, Illumio.   I entered the cyber industry a long time ago, when I joined a small startup, way back in the year 1989. Back then, our global headcount was 50 people, and we called ourselves cisco systems (when “Cisco” was still spelled with a lower-case letter “c,” and before “systems” was dropped from the name). Back in this ancient time, we made all of 3 products: a router (which we also called a “gateway”), a bridge (befo... Tue, 03 Jun 2025 18:58:54 -0700 https://cloudsecurityalliance.org/articles/how-zero-trust-can-save-your-business-from-the-next-big-data-breach https://cloudsecurityalliance.org/articles/how-zero-trust-can-save-your-business-from-the-next-big-data-breach Written by Bhavya Jain.   A data breach refers to any incident where sensitive or confidential information—like login credentials, banking details, or private corporate files—is accessed, leaked, or stolen by unauthorized parties. Such incidents can arise from cyberattacks like phishing, malware infections, careless employee actions, or vulnerabilities in an organization’s security setup. The growing dependence on cloud infrastructure and remote connectivity is reshaping dig... Tue, 03 Jun 2025 18:51:57 -0700 https://cloudsecurityalliance.org/articles/make-tech-changes-fun-for-end-users-and-off-the-chart-adoption-will-follow https://cloudsecurityalliance.org/articles/make-tech-changes-fun-for-end-users-and-off-the-chart-adoption-will-follow Originally published by CXO REvolutionaries. Written by Jay Patty, CTO in Residence, Zscaler.   Inject humor and creativity into your communications strategy to smooth changes. Technology changes are inevitable, but user adoption isn’t. Your IT team likely struggles to get employees to react to announcements about system upgrades, security enhancements, or new authentication processes, let alone even read them. Email blasts and dry technical memos simply don’t cut it a...