For Game-Changing Cloud Workload Protection, Focus on Quality Over Quantity
Cloud Security Alliance
by
9h ago
Written by Tenable Cloud Security. The infamous Log4J software vulnerability shook the software industry in 2021 by catching much of the IT security community unprepared. Log4J is used in nearly every modern application, so the flaw impacted enterprise cloud services globally. What is the preferred way to prepare for the next vulnerability showstopper - and for vulnerabilities in general? Coping with vulnerabilities isn’t a matter of mitigating all findings. Rather, you should adopt a managea ..read more
Visit website
Everything You Need to Know About the EU AI Act
Cloud Security Alliance
by
9h ago
Originally published by BARR Advisory.Written by Claire McKenna. We’ve recently witnessed the rapid expansion of artificial intelligence (AI)—and we can expect its continued integration into our daily lives. As our use and reliance on AI grows, so do the potential security risks that come along with it. These risks have prompted several new standards to address the security concerns posed by AI, including the NIST AI Management Framework and ISO 42001.The European Union (EU) is currently work ..read more
Visit website
How to Secure Business-Critical Applications
Cloud Security Alliance
by
9h ago
Originally published by CrowdStrike. As organizations move more of their business-critical applications to the cloud, adversaries are shifting their tactics accordingly. And within the cloud, it’s clear that cybercriminals are setting their sights on software applications: In fact, industry data shows 8 out of the top 10 breaches in 2023 were related to applications.The most valuable of these, known as business-critical applications, typically process large amounts of sensitive data including ..read more
Visit website
The 2023 State of SaaS Security Report
Cloud Security Alliance
by
9h ago
Originally published by Valence. Written by Adrian Sanabria. There’s something I love about putting together a big annual security report. The combination of data insights and industry trends is an opportunity to present a snapshot of the big picture. There’s the luxury of time we don’t have with a single blog post and a depth of exploration we can’t go into with an infographic or a time-limited podcast.It feels a bit silly to wax romantic about an annual security report, but I love storytell ..read more
Visit website
What's Broken with Identity Management?
Cloud Security Alliance
by
2d ago
Originally published by Oasis Security. Written by Danny Brickman, Co-founder & CEO, Oasis Security. Identity management is a critical component of enterprise security. Identities are the key construct through which we control how authorized entities (individuals, software or devices) can access data and perform actions. Historically, human identities have the primary focus of identity access management. While human identities remain strategically important, shifts in infrastructure and w ..read more
Visit website
Powerful Cloud Permissions You Should Know: Part 1
Cloud Security Alliance
by
2d ago
Originally published by Sonrai Security.Written by Deirdre Hennigar and Tally Shea.MITRE ATT&CK Framework: Initial AccessA cloud permission is never a dangerous thing by nature. In fact, their power is solely defined by the context in which they are used. Whether a permission falls into the wrong hands for malicious use, or an employee uses it and unintentionally introduces new risk, cloud permissions can be powerful tools.Some permissions inherently hold more power than others and should ..read more
Visit website
Salesforce Data Security Challenges in Wake of the Recent Breach
Cloud Security Alliance
by
2d ago
Originally published by Adaptive Shield.Written by Hananel Livneh. Recent incidents continue to shed light on vulnerabilities that organizations face. A notable case involves a networking products company whose support website inadvertently exposed sensitive customer information, as reported by KrebsOnSecurity. This incident underscores the critical importance of robust security measures in safeguarding customer data. In this blog post, we'll delve into the details of the exposure, explore po ..read more
Visit website
How Attackers Exploit Non-Human Identities: Workshop Recap
Cloud Security Alliance
by
2d ago
Originally published by Astrix.Written by Tal Skverer and Danielle Guetta. “Identity is the new perimeter.” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations – big or small. The realization that user identities and login credentials need to be vigorously protected with IAM policies and security tools like MFA or IP restriction ..read more
Visit website
Recommendations for Self-Managed FedRAMP Red Team Exercises
Cloud Security Alliance
by
2d ago
Originally published by Schellman & Co.When FedRAMP issued Revision 5 in May 2023, the changes included a new requirement for a red team exercise in addition to the already-mandated penetration test. Now that Rev 5 is officially being enforced as of 2024, organizations pursuing FedRAMP Authorization must get this new obligation right.FedRAMP permits organizations two options to satisfy their red team exercise requirement: You can have one performed by a third-party assessor organization ..read more
Visit website
CSA STAR Level 2: All About STAR Attestations and Certifications
Cloud Security Alliance
by
2d ago
Any organization providing cloud services can benefit from completing the STAR program’s cloud security and privacy assessments. These assessments are based on the Cloud Controls Matrix (CCM), as well as the privacy requirements for GDPR compliance. STAR assessments fall under two levels of assurance: Level 1 (self-assessments) and Level 2 (third-party assessments). Let’s dive into some of the intricacies of STAR Level 2.What is CSA STAR Level 2?STAR Level 2 consists of third-party audits tha ..read more
Visit website

Follow Cloud Security Alliance on FeedSpot

Continue with Google
Continue with Apple
OR