Identity Security + AI, Security Evaluations, & Recent Threats

The CSA Roundup is a bimonthly newsletter that compiles some of the best cloud security articles written by our community and members. In this edition, industry experts dive into identity security, AI, cloud security evaluations, and recent threats and vulnerabilities. So grab a cool drink and settle in for some enlightening reads. Also make sure to subscribe to get notified of our next issue.

Securing All Kinds of Identities

Non-Human Identity Management

Non-Human Identity Management (NHIM) is the process of governing and automating the entire lifecycle of non-human identities. Learn more about NHIM and why it’s needed.

Cloud Security Study: Most Surveyed Organizations Suffered a Cloud-Related Breach Over an 18-Month Period

Tenable’s 2024 Cloud Security Outlook report is an annual assessment of organizations’ experiences with securing their public cloud environments. 99% of organizations that experienced cloud-related breaches blamed insecure identities as the primary cause. Understand the survey’s findings.

The Anatomy of Cloud Identity Security

“Attackers don’t break in. They log in.” Each type of identity has different access needs, which means each identity poses a different level of risk to your organization. Review the four different types of identities that need to be secured.

Top 4 Use Cases of Non-Human Identity Security: Live Event Recap

Astrix’s CISO in Residence, Tim Youngblood, gave a session on the top four non-human identity use cases that are crucial for security teams. Get a recap of the key points discussed.

Interacting with AI

Supremacy of AI in Compliance Services: The Dawn of a New Era

The traditional methods of ensuring compliance are becoming gradually more inadequate in the face of growing regulatory complexity and data volumes. Learn how AI can help.

Navigating Data Privacy in the Age of AI: How to Chart a Course for Your Organization

The widespread adoption of AI increases the likelihood of large-scale data breaches where massive amounts of personal information are compromised. Discover a multi-faceted approach to address these concerns.

Integrating PSO with AI: The Future of Adaptive Cybersecurity

In the ever-evolving landscape of cybersecurity, we need to develop new technologies and innovations to stay ahead of adversaries. Explore a novel approach that blends Particle Swarm Optimization (PSO) with AI.

Evaluating Cloud Security

How to Calculate Security Posture

To many people, data security posture can seem like an abstruse concept that’s difficult to understand, much less quantify. Learn how to develop a clear methodology and break the process down into measurable steps.

Revamping Third Party Vendor Assessments for the Age of Large Language Models

The increasing adoption of LLMs in the supply chain presents a new challenge for traditional Third-Party Vendor Security Assessments (TPVRAs). Explore how to adapt existing TPVRAs to gather critical information about the integration of LLMs within the organizational ecosystem.

10 Important Questions to Add to Your Security Questionnaire

A strong vendor review process is crucial for selecting partners that align with your company's security goals, and security questionnaires are a key step in this process. Discover 10 essential questions to include in your questionnaires.

Understanding Recent Threats and Vulnerabilities

The Rise of QR Code Phishing Attacks: Exploring Quishing Threats

QR code phishing is the latest in a long line of malicious initiatives designed by enterprising attackers to evade organizational security measures and manipulate targets. Learn more about the rapid rise in QR code phishing and how these attacks work.

The Danger of Sharing Files with “Anyone with the Link”: Examining a Risky Google Drive Misconfiguration

SaaS misconfigurations, mistakes, or ill-advised practices in how SaaS applications are set up, can leave data vulnerable and organizations exposed. Uncover one of the most risky of these misconfigurations: open link data shares.

Breach Debrief: Twilio’s Authy Breach is a MFA Wakeup Call

Hackers exploited a security lapse in Twilio’s Authy API to verify Authy MFA phone numbers. The hackers were able to check if a phone number was registered with Authy by feeding the number into an unauthenticated API endpoint. Understand why this breach is important and what you can do about it.

Check out more CSA blogs.