Articles from Cloud Security Alliance

RSA Conference - The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today issued the Top Threats to Cloud Computing Deep Dive 2025. The report examines eight real-life case studies involving, among others, a multinational technology conglomerate, an Australian sports governing body, a multinational automotive manufacturer, and a cybersecurity technology company, through the lens of last year's Top Threats to Cloud Computing report.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, has partnered with Northeastern University to develop the Trusted AI Safety Knowledge & Certification Program. This program is designed to equip professionals with the necessary skills and knowledge to ensure the safe, secure, and responsible development, deployment, and management of Artificial Intelligence (AI) systems.

(RSA Conference)-- Today's organizations have to comply with hundreds of data security and privacy laws, while grappling with an influx of even more regulations thanks to the rise of Artificial Intelligence (AI). Making matters more challenging, the proliferation of data and technology continues to increase the required scope of compliance efforts. Organizations are spending more but getting less with respect to security improvement. In response, the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, has launched the Compliance Automation Revolution (CAR). A broad-based coalition founded in partnership with such industry leaders as Google, Oracle, Anecdotes, Coalfire, Deloitte Italy, Salesforce, Schellman, and Vanta, CAR aims to solve real-world compliance problems with practical and effective solutions.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released the State of SaaS Security Report: Trends and Insights for 2025-2026, which examines the current state of SaaS security to uncover key challenges and explore how organizations are securing and managing their SaaS environments. The findings underscore the urgency for organizations to shift their SaaS security to a more unified, purpose-built approach. Current approaches to SaaS security are not enough.

In an era of complex hybrid and multi-cloud environments, organizations are grappling with the nuance of identifying, prioritizing, and mitigating risks that threaten their most sensitive assets. In response, the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released the Understanding Data Security Risk survey report. Commissioned by Thales, the leading global technology and security provider, the report shares critical insights into the obstacles organizations encounter when managing their data security risk, and offers actionable steps they can take to secure their most sensitive assets.

Mid-market organizations today are engaged in a unique balancing act, where they are required to manage and defend a growing digital footprint, but lack the deep pockets and vast resources of their larger counterparts. To better help security teams at mid-sized companies remain resilient in an increasingly complex threat landscape, the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released SaaS and AI-Risk for Mid-Market Organizations survey report. The survey, commissioned by Wing Security, a leader in SaaS security, takes a deep dive into the strategies mid-sized companies are using to protect their high-value assets — from navigating SaaS security gaps to tackling artificial intelligence (AI)-related risks — and highlights the real-world challenges and priorities these companies face when managing their risk.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, and Whistic, the leading AI-first modern platform for comprehensive third-party risk management, today announced a strategic partnership to further the responsible and secure development, use, and management of artificial intelligence (AI) technologies. A key element of the partnership will be Whistic’s participation and support of the CSA AI Safety Initiative, with a specific focus on the development of an AI-extension to STAR certification and the Compliance Automation Revolution (CAR), which will be unveiled later this month.

Financial institutions (FIs) are cautiously but increasingly adopting cloud technologies, while simultaneously placing greater value on multi-cloud strategies in order to avoid vendor lock-in and enhance data sovereignty, according to a new survey from the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Commissioned by The Depository Trust & Clearing Corporation (DTCC), the premier post-trade market infrastructure for the global financial services industry, the Cyber Resiliency in the Financial Industry 2024 sought to better understand the industry’s knowledge, attitudes, and opinions regarding cyber resiliency and its challenges.

Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State of Multi-Cloud Identity: Insights and Trends for 2025. The report, based on survey data from the Cloud Security Alliance (CSA), highlights trends and challenges in securing cloud environments. The CSA is the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment.

In today's interconnected world, critical infrastructure (CI) sectors face an ever-evolving landscape of cyber and physical threats. As these sectors embrace digital transformation and the convergence of operational technology (OT) and information technology (IT), the need for robust, adaptable security strategies has never been more pressing. Recognizing the distinct challenges and architectures involved in securing these environments, the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure enterprise computing environment, today released Zero Trust Guidance for Critical Infrastructure, which examines the critical and nuanced application of Zero Trust (ZT) principles within OT and industrial control systems (ICS).

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, and Astrix Security, the enterprise's trusted solution for securing non-human identities, today announced first of its kind research that sheds light on the current state of non-human identity (NHI) security. Findings from the State of Non-Human Identity Security Survey Report, a survey of more than 800 experts coupled with data from more than 2 million monitored NHIs in Fortune 500 companies, reveal a significant security disparity: organizations are far less equipped to secure non-human identities compared to their human counterparts. The most common challenges include service account management and NHI discovery. Though the survey also revealed there is a growing recognition of the importance of investing in NHI security with 1 in 4 organizations already investing in these capabilities and an additional 60% planning to within the next twelve months.

Black Hat Conference (Las Vegas) – Today, the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, released Using Artificial Intelligence (AI) for Offensive Security. The report, drafted by the AI Technology and Risk Working Group, explores the transformative potential of Large Language Model (LLM)-powered AI by examining its integration into offensive security. Specifically, the report addresses current challenges and showcases AI’s capabilities across five security phases: reconnaissance, scanning, vulnerability analysis, exploitation, and reporting.

The latest set of AI guidance from the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, explores the importance of Model Risk Management (MRM) in ensuring the responsible development, deployment, and use of AI/ML models. Written for a broad audience, including practitioners directly involved in AI development and business and compliance leaders focusing on AI governance, Artificial Intelligence (AI) Model Risk Management Framework emphasizes the role of MRM in shaping the future of ethical and responsible AI.

Black Hat Conference -- Traditional cloud security issues often associated with cloud service providers (CSPs) are continuing to decrease in importance, according to the Top Threats to Cloud Computing 2024 report — the latest installment in the Top Threats to Cloud Computing series from the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. These findings continue the trajectory first seen in the 2022 report, along with the fact that threats such the persistent nature of misconfigurations, Identity and Access Management (IAM) weaknesses, insecure application programming interfaces (APIs), and the lack of a comprehensive security strategy continue to rank high, highlighting their critical nature.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today demonstrated its commitment to improving its best-in-class, vendor-neutral cloud security training with the release of the Certificate of Cloud Security Knowledge (CCSK) v5, furnishing cloud stakeholders with the skills they need to optimize the protection of critical assets in the cloud and increase their value to their employers and the market. Offering substantial updates to CCSK v4, the latest iteration provides a detailed understanding of modern cloud components and state-of-the-art security best practices.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, has issued Cloud Controls Matrix (CCM) Implementation Guidelines v2.0: Securing the Cloud with the Shared Security Responsibility Model, an update to its flagship cybersecurity framework for cloud computing, CCM v4.0.12. Drafted by the CCM Working Group, the CCM Implementation Guidelines v2.0 provide security best practices for cloud organizations looking to implement CCM v4.0 control specifications in alignment with the Shared Security Responsibility Model (SSRM).

Gartner Security and Risk Management Summit -- Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions. This was a key finding in the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities released today by the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment.

Headline of release dated May 8, 2024 should read: Cloud Security Alliance Announces Additional Mappings Between Cloud Controls Matrix (CCM) and National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) (instead of ...Cybersecurity Framework (CFT)). Subhead of release should read: Mapping identifies misalignment and gaps between updated CCM and CSF (instead of ...updated CCM and CFT).

RSA Conference – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, has issued a new report, Confronting Shadow Access Risks: Considerations for Zero Trust and Artificial Intelligence (AI) Deployments. Authored by CSA’s Identity and Access Management Working Group, the paper examines the intersection of Shadow Access with two of today’s most top-of-mind technologies – Zero Trust and Artificial Intelligence – and underscores the necessity of adapting traditional Zero Trust approaches to the nuances of Generative AI (GenAI) technology to mitigate AI-induced Shadow Access vulnerabilities and strengthen cybersecurity in an evolving landscape.

(RSA Conference)--The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, is pleased to announce that Cyber Defense Magazine has named its Certificate of Competence in Zero Trust (CCZT) as a Global InfoSec Award winner with the title of Cutting-Edge Cybersecurity Training.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced that Google Cloud’s Kevin Mandia, CEO of Mandiant, and Phil Venables, Chief Information Security Officer (CISO), will headline the CSA AI Summit, held on May 6 in conjunction with the 2024 RSA Conference.

RSA Conference -- The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today issued AI Organizational Responsibilities - Core Security Responsibilities, AI Resilience: A Revolutionary Benchmarking Model for AI, and Principles to Practice: Responsible AI in a Dynamic Regulatory Environment, a three-part series outlining recommendations across key areas of security and compliance in Artificial Intelligence (AI) that will guide enterprises in fulfilling their obligations for responsible and secure AI development and deployment.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced the launch of the AI Safety Initiative in partnership with Amazon, Anthropic, Google, Microsoft, and OpenAI. This group is joined by a broad coalition of experts from the Cybersecurity & Infrastructure Security Agency (CISA), other governments, academia and across a wide swath of industries in what represents the largest number of participants in any initiative in CSA’s 14-year history. A landing page for this initiative is available at www.cloudsecurityalliance.ai and will be continuously updated during its initial stages.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced the launch of the industry’s first authoritative Zero Trust training and credential—the Certificate of Competence in Zero Trust (CCZT). Recognizing that organizations have different maturity levels for their security program and may be challenged to find skilled staff critical to the development and implementation of a Zero Trust strategy, CSA created the CCZT to help security professionals build knowledge to drive the definition, implementation and management of Zero Trust.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released the findings of the Cloud Native Application Protection Platform (CNAPP) Survey Report. Commissioned by Microsoft, the survey, which was developed to better understand the adoption rates and challenges faced by organizations in implementing CNAPPs, found that they have emerged as a critical category of security tooling in recent years. Much of their popularity, the survey found, has been driven by the complexity of comprehensively securing multi-cloud environments and their ability to consolidate the capabilities of the numerous security tools organizations current deploy, namely Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWP), and Cloud Infrastructure Entitlement Management (CIEM), network security, and secure DevOps.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced veteran Chief Security Officer (CSO) Joe Sullivan will be a keynote speaker at the upcoming SECtember conference (Sept. 18-22, Bellevue, Wash.), the first global event dedicated to the confluence of cloud and cybersecurity. In his talk, Lessons from the Front Lines, Sullivan will address how increasing regulatory pressures faced by CISOs and their companies are leading many C-Suite executives to question the range of challenges and complications that can arise when implementing and maintaining effective, enterprise-wide cybersecurity strategies.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced that Shawn Bice, Microsoft’s Corporate Vice President for Cloud Ecosystem Security, will be a keynote speaker at the upcoming SECtember conference (Sept. 18-22, Bellevue, Wash.), the first global event dedicated to the confluence of cloud and cybersecurity. Bice will lead a fireside chat with Caleb Sima, former CISO at Robinhood and chair of CSA’s new AI Safety Initiative, in which they will discuss the viral growth of Generative AI, Microsoft’s vision for the genre, the need for AI-enabled cloud security and how enterprises can safely adopt AI and Large Language Models (LLM).

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today issued its latest survey report, State of Financial Services in Cloud. The survey found that while the use of cloud services is increasing, the pace of adoption is dependent on the speed at which cloud service providers (CSP) and financial services can meet security and operational expectations as well as demonstrate adherence to regulations.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced that registration has opened for the CSA Summit 2023: Mission Critical (San Francisco, April 24) held in conjunction with the RSA Conference. Tima Soni, Chief and Head of the Valencia office of the United Nations International Computing Centre’s (UNICC) Cybersecurity division, and New York State’s Chief Cyber Officer Colin Ahern will share their wealth of expertise in two keynote addresses. The event will also feature a special keynote from a global financial services leader detailing how coordination with cloud providers is fundamental to being mission critical in the cloud.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released the Data Loss Prevention (DLP) and Data Security Survey Report. The survey, conducted in partnership with Netskope, a leader in Secure Access Service Edge (SASE), found that while DLP solutions are often an integral part of organizations’ data security strategy, companies are still struggling with the strategy and implementation of these solutions, and are in serious need of a more streamlined, cloud-ready approach to meet the demands of cloud-first environments.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released the findings from Understanding Cloud Data Security and Priorities in 2022. The survey, conducted in partnership with BigID, the leading data intelligence platform for privacy, security, and governance, sought to better understand the industry’s knowledge, attitudes, and opinions regarding data security in the cloud.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released Recommendations for Using a Customer Controlled Key Store. Written by CSA’s Cloud Key Management Working Group, the paper offers guidance to organizations that opt to use a customer controlled key store (CCKS), whereby the key management system (KMS) is external to a cloud service provider (CSP) despite the KMS being a dependency of a cloud service.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released the agendas for SECtember (Sept. 26-30, Meydenbauer Center, Bellevue, Wash.) and the second annual CxO Trust Summit, which will be held on Sept. 27 as part of the larger conference. Combined, these events will provide critical insights into board oversight of cybersecurity, CISO strategies, emerging threats, and best practices, all against the backdrop of cloud and related leading-edge technologies.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced that Troy Leach has joined CSA as Chief Strategy Officer, reporting to the offices of the CEO and President. The announcement comes five months after Leach joined CSA as Security Executive in Residence.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Third-Party Vendor Risk Management in Healthcare. Drafted by the Health Information Management Working Group, the report provides an overview of the third-party vendor security risks for Healthcare Delivery Organizations (HDOs), addresses why third-party risks are more prevalent in the healthcare industry, and offers guidance around how HDOs can identify, assess, and mitigate third-party vendor risks now and in the future.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Sensitive Data in the Cloud, the findings of which provide deeper insight into the industry’s knowledge, attitudes, and opinions regarding sensitive data in the cloud.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced that John Kindervag, one of the world’s foremost cybersecurity experts and the father of Zero Trust, has joined CSA as a security advisor to the Offices of the CEO and President.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced that it has partnered with the Cyber Risk Institute (CRI), a non-profit coalition of financial institutions and trade associations, to develop an addendum to its Cloud Controls Matrix (CCM), written specifically for the financial sector.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Measuring Risk and Risk Governance. CSA collaborated with Google Cloud on the survey, which was designed to assess the maturity of public cloud and risk management within the enterprise and provides a deeper understanding of public cloud adoption and risk management practices within the enterprise.

RSA Conference -- The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Software-as-a-Service (SaaS) Governance Best Practices for Cloud Customers. Drafted by the SaaS Governance Working Group, the paper provides a baseline set of SaaS governance best practices for protecting data within SaaS environments, enumerates and considers risks according to the SaaS adoption and usage lifecycles, and finally, provides potential mitigation measures from the SaaS customer’s perspective.

RSA Conference – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released Top Threats to Cloud Computing: The Pandemic 11. The report, the sixth in the Top Threats to Cloud Computing series, found a marked change in what cloud security provider (CSP) security issues are seen as concerning. New, more nuanced items, such as configuration and authentication, suggest both that consumers’ understanding of the cloud has matured, and signals a technology landscape where consumers are actively considering cloud migration.

RSA Conference — The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released the findings of its latest survey, CISO Perspectives and Progress in Deploying Zero Trust. Conducted by the Zero Trust Advancement Center (ZTAC), the exploratory survey polled more than 800 IT and security professionals to determine where Zero Trust falls as a priority within their organization and the top business and technical challenges they have encountered over the course of its implementation.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Best Practices for Smart Contract Security Hyperledger Fabric. Drafted by the CSA Blockchain/Distributed Ledger Working Group, the report aims at providing C-level executives and other stakeholders with an overview of the benefits, challenges, and opportunities for deploying smart contracts within an organization.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced today that registration has opened for the second annual CxO Trust Summit, which will be held on September 27 in conjunction with the upcoming SECtember (Sept. 26-30, Meydenbauer Center, Bellevue, Wash.). With the mission to bring together a community of industry executives to shape the future of cloud security, this event, exclusive to C-level attendees of SECtember, will address the challenges CISOs and their executive partners face.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released a new paper, Healthcare Supply Chain Cybersecurity Risk Management. Drafted by the Health Information Management Working Group, the report provides best practices that healthcare delivery organizations (HDOs) can use to manage the cybersecurity risks associated with their supply chains.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced today that Phil Venables, Chief Information Security Officer (CISO) for Google Cloud, will keynote this year’s SECtember to be held Sept. 26-30 at the Meydenbauer Center (Bellevue, Wash.). Venables will draw on his unique expertise gleaned from years serving as a top cybersecurity executive for some of the world’s most recognized companies.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced the Internet of Things (IoT) Controls Matrix Version 3 and the accompanying Guide to the CSA IoT Controls Matrix Version 3. Created by the CSA IoT Working Group, Version 3 of the Matrix builds upon previous iterations, increasing the number of controls to 199 while adding a new incident management domain and improving technical clarity and referencing. Together with the guide, the Matrix will help users – especially those with enterprise IoT systems that incorporate multiple types of connected devices, cloud services, and networking technologies – identify appropriate security controls and allocate them to specific architectural components, including devices, networks, gateways, and cloud services.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released its C-Level Guidance to Securing Serverless Architectures. Written by CSA’s Serverless Working Group, the paper provides CISOs, CIOs, security and risk management professionals, and others involved in administering and managing systems, with a high-level business overview of serverless computing and the accompanying risks and security concerns that come when implementing a secure serverless computing solution.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, has published a new white paper, Integrating SDP and DNS: Enhanced Zero Trust Policy Enforcement. Drafted by the Software-Defined Perimeter (SDP) and Zero Trust Working Group, the document explores how enterprise DDI systems – which collectively refer to three core network services, namely Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), and Internet Protocol Address Management (IPAM) – can augment and integrate with SDP to enhance organizations’ security, resiliency, and responsiveness.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released the findings of its latest survey, 2022 SaaS Security Survey Report. Commissioned by Adaptive Shield, a leading SaaS Security Posture Management (SSPM) company, the survey offers insight into the industry’s knowledge, attitudes, and opinions regarding SaaS security and related misconfigurations.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced today that Glenn Gerstell, a senior adviser at the Center for Strategic & International Studies and former general counsel of the National Security Agency (NSA) and Central Security Service, will be a featured speaker at SECtemberSM, the first global event dedicated to the intersection of cloud and cybersecurity. In his talk, Gerstell will share his insight on the topics of cyber warfare and preparedness.

Today the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, announced that the Global Security Database Working Group will receive a contribution of open source vulnerability data from Anchore, a leader in software supply chain security. The contribution will include the enriched vulnerability details used by Anchore’s open source Grype vulnerability scanner.

The Cyber Risk Institute (CRI), the Cloud Security Alliance (CSA), and the Bank Policy Institute-BITS announced today the release of a cloud extension for the CRI Profile version 1.2. The “Cloud Profile” represents the collaboration of over 50 financial institutions and major cloud service providers (CSPs) to extend the CRI Profile, which is a widely accepted cybersecurity compliance framework for the financial sector.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released the Blockchain/Distributed Ledger Technology (DLT) Risk and Security Considerations report. Drafted by the CSA Blockchain/Distributed Ledger Working Group, the report encourages stakeholders to take a holistic view of blockchain/DLT network security by providing a reference security architecture to guide stakeholders' thinking around the why, what, and how aspects of Hyperledger Fabric security.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced today that Jason Witty, chief security officer, USAA, will be a featured speaker at SECtemberSM, the first global event dedicated to the intersection of cloud and cybersecurity.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released DevSecOps - Pillar 4 Bridging Compliance and Development. Written by CSA’s DevSecOps Working Group in collaboration with SAFECode, the paper provides guidance to ensure the gap between compliance and development is addressed by recognizing compliance objectives, translating them to appropriate security measures, and identifying inflection points within the software development lifecycle where these controls can be easily and transparently embedded, automated, measured, and tested.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released the findings of its latest survey, Cloud Security and Technology Maturity. Commissioned by CyberRes, a Micro Focus line of business, one of the world’s largest enterprise software providers, the survey offers insight into organizations’ current and future plans regarding cloud strategy, security strategy, cloud services, and cloud-related technologies.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced that registration has opened for the CSA Research Summit (March 9-10, 2022). The event, originally scheduled to be held in February in conjunction with the 2022 RSA Conference, will bring together CSA’s top researchers to share their insight and expertise on the issues that will define cloud security.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Artificial Intelligence (AI) in Healthcare. Drafted by the Health Information Management Working Group, the report provides an overview of the ways in which AI and machine learning (ML) can be used to bring about major transformations in healthcare while addressing the challenges their use presents, and offering guidance for how to best incorporate them into healthcare systems now and in the future.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Corda Enterprise 4.8 – Architecture Security Report and an accompanying security controls checklist. Drafted by the CSA Blockchain/Distributed Ledger Working Group, the report examines the security of r3’s blockchain framework, Corda Enterprise 4.8 Permissioned Network, and offers ways to mitigate negative business impacts that could arise from such threats as improper business logic flow and insecure network implementation, among others.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Measuring Risk and Risk Governance, a new survey designed to assess the maturity of public cloud and risk management within the enterprise. Commissioned by Google, the findings identify the current challenges and perceived effectiveness of risk management in the public cloud, the impact of effective risk management practices in the cloud, and best practices that not only reduce risk but address risk tolerance in the cloud.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released the Cloud Controls Matrix (CCM) Auditing Guidelines. Drafted by the CCM Working Group, this new addition to the Cloud Controls Matrix v4 contains a set of auditing guidelines tailored to the control specifications of each of the CCM’s 17 cloud security domains. This document provides auditors with a baseline understanding of the CCM audit areas, allowing them to better perform a CCM-related audit and assessment.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced that registration has opened for its upcoming CSA Research Summit at RSAC 2022. The event, being held in conjunction with the 2022 RSA Conference on February 7 at the Moscone Center in San Francisco, will showcase the research projects that will define cloud security for years to come.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Cloud Key Management System with External Origin Key. Written by the Cloud Key Management Working Group to help organizations optimize such business outcomes as security, agility, cost, and compliance, the paper provides general guidance for choosing, planning, and deploying cloud-native key management systems (KMS) in cases where organizations either want to or must import key material (e.g., keys, vaults, secrets, policies) from an external source.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced that its Security Trust Assurance and Risk (STAR) Registry, a publicly accessible listing which documents the security and privacy controls provided by popular cloud computing offerings, has reached another significant milestone wherein 1,500 cloud services have been evaluated according to the principles of CSA’s STAR Program and the requirements of the Cloud Control Matrix (CCM).

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released the CSA Medical Device Incident Response Playbook, which establishes a framework to ensure that cybersecurity not only protects critical healthcare systems and data but does so without negatively impacting patient safety.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced that two of its most popular assessment and guidance documents that ensure compliance with cloud security protocols are now available in additional languages. The Cloud Controls Matrix (CCMv4) is available in Chinese (ZH), Hungarian (HU), Japanese (JA), Spanish (ES), and Turkish (TR), while the Consensus Assessments Initiative Questionnaire (CAIQv4) has been translated into Japanese (JA). Now available to a wider global audience, these translations offer modern enterprises additional security control transparency.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Top 10 Blockchain Attacks, Vulnerabilities, and Weaknesses, the latest research from the CSA Blockchain/Distributed Ledger working group. The report offers a high-level overview of the top 10 attack vectors targeting cryptocurrency and distributed ledger technology (DLT), namely exchange hacks, Decentralized Finance (DeFi) hacks, 51% attacks, phishing (for private keys), rug pull/exit scams, ransomware, SIM swaps, investment scams, high-profile doubler scams, and extortion. Illustrative examples are provided for each vector, along with an overview of the costly lessons that can result.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the recipients of its Ron Knode Service Award, recognizing CSA members from the Americas, Asia-Pacific, and EMEA regions for their excellence in volunteerism. The honorees were selected by the CSA executive team and chosen based on their valuable contributions towards fulfilling CSA’s mission of promoting best practices to help ensure a secure cloud computing environment.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Ransomware in the Healthcare Cloud, new guidance from the CSA Health Information Management Working Group. The document explains how cybercriminals use ransomware to attack both the healthcare delivery organization (HDO) and the cloud service provider, and offers security practitioners strategies for detecting ransomware and protecting an HDO’s data.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, has named Jerry Archer, Senior Vice President and Chief Security Officer for Sallie Mae, as the recipient of the Cloud Security Alliance Philippe Courtot Leadership Award for 2021. CSA’s Leadership Award is given annually to individuals in recognition of their contributions in advancing cloud security and cybersecurity worldwide and was renamed in honor of former Qualys CEO Philippe Courtot.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the publication of a new document, Implementation Guidelines for the Cloud Controls Matrix (CCM) v4. The implementation guidelines are a new addition to the CCM v4, CSA’s flagship cybersecurity framework for cloud computing, and were developed to support users in the proper application of CCM controls, while providing additional guidance and recommendations tailored to the control specifications for each of CCM v4’s 17 cloud security domains.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released two sets of guidance from its research working groups. The first, How to Design a Secure Serverless Architecture, offers specific security best practices for implementing applications on a serverless platform along with recommended controls application owners should adopt. Recommendations for Adopting a Cloud-Native Key Management System (KMS), meanwhile, provides project and program managers, among others, with general guidance for choosing, planning, and deploying a cloud-native KMS.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced that it will host its 8th annual Federal Summit on Oct. 28 at the Washington Marriott at Metro Center (Washington, D.C.). With its theme of Reset Normal: Building Trust & Security, the Summit will address the ways in which both government and industry have adapted and collaborated to reset normal and build trust and security into people, processes, and technology.

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the publication of Microservices Architecture Pattern: A Proposed Architectural Pattern to Engineer Trustworthy Secure Systems. With the goal of developing a vendor-neutral reference architecture foundation that can be broken down into software architecture patterns, the document describes the key elements of the Microservices Architecture Pattern (MAP) and how they should be designed and deployed to shift security and compliance left via a continuous compliance-as-code approach.