Getting Serious About Security

The CSA Roundup is your bimonthly collection of the latest cloud security articles penned by CSA and our members. So grab a cold drink, get comfortable, and take some time to explore the extensive cybersecurity insights we’ve compiled for you. Don’t forget to subscribe to stay informed of each new issue.

Address AI Risks

AI Deepfake Security Concerns

Ken Huang is Co-Chair of the CSA AI Organizational Responsibilities and AI Controls Working Groups. Read Huang’s breakdown of AI deepfakes and why IT professionals should be deeply invested in learning more about this topic.

Artificial Intelligence (AI) in Risk Assessment and Mitigation

While companies adopt AI with the intention of being competitive in the market, they often overlook the security risks that come with it. Familiarize yourself with the concept of AI risk management.

EU AI Act Introduces Unique Tiered System for Risks

The EU AI Act features an innovative tiered system that defines the different obligations for each level based on relative risk. Get an overview of the system.

Risk Management in the Age of Artificial Intelligence: 9 Questions to Ask Your AI-Powered Vendors

To adequately assess your organization’s risk when working with third-party vendors that use AI, take a close look at how those vendors approach cybersecurity, privacy, industry regulations, and company culture. Understand these important risk assessment questions for potential vendors.

Assure Cloud Provider Security

CSA STAR: Securing the Cloud and Beyond

CSA’s Security, Trust, Assurance and Risk (STAR) program is the gold standard for cloud provider assurance. Discover the various elements of the program and what’s planned for the future in this piece by CSA’s CEO Jim Reavis.

Evaluate the Security of Your Cloud Service Provider with the CSA STAR Registry

The STAR Registry is a global database filled with cloud service providers’ security assessments. Anyone can access the Registry for free to find cloud services that offer the right level of security for their organization. Learn why you should be using the Registry and how to get started.

Do SOC 2 and ISO 27001 the Right Way with CSA STAR

Organizations that are hoping to achieve SOC 2 Type 2 or ISO 27001 should consider getting STAR Level 2 as well. Get an overview of the SOC 2 and ISO 27001 frameworks and how they relate to STAR.

Implement Security Best Practices

5 Best Practices to Secure AWS Resources

AWS offers a robust, flexible, and cost-effective platform that helps businesses drive growth and innovation. Review five best practices for securing your AWS resources.

9 Best Practices for Preventing Credential Stuffing Attacks

As credential stuffing attacks become more frequent, it's essential to stay one step ahead of attackers. Learn about credential stuffing prevention strategies to minimize your risk.

Decommissioning Orphaned and Stale Non Human Identities

Unmanaged non-human identities (NHIs) pose a significant security risk in today's digital landscape. During a security assessment, it’s common to find stale or orphaned NHIs that should have been decommissioned. Understand the challenges of decommissioning NHIs and how to do so without operational disruptions.

Understand Application Security Acronyms

Application Security Solutions: CNAPP vs CSPM vs ASPM

Cloud-Native Application Protection Platforms (CNAAP), Cloud Security Posture Management (CSPM), and Application Security Posture Management (ASPM) are three application security solutions that can be hard to distinguish. Discover the differences and how to make informed decisions when building a software security program.

How a CNAPP Can Take You from Cloud Security Novice to Native in 10 Steps

A CNAPP that integrates CIEM functionality takes a holistic view of cloud security to help with understanding, analyzing, and prioritizing risk. Follow these ten steps to achieve end-to-end cloud infrastructure security with CNAPP.

CSPM vs ASPM – What’s the Difference?

Applications and infrastructure are intertwined in modern software development, and securing them in siloes leads to gaps and misalignment. The best approach is to leverage both a CSPM and an ASPM. Understand how to use them together.

Check out more CSA blogs.