In August 2025, attackers exploited the Salesloft-Drift OAuth integration to compromise over 700 organizations’ Salesforce instances. This wasn’t a direct vulnerability in Salesforce, but rather an ecosystem failure highlighting how SaaS supply chains, OAuth tokens, and identity gaps have become today’s most critical enterprise security risks. This blog examines what happened, why traditional security measures failed, and what organizations can do to protect themselves from similar atta...| Cloud Security Alliance
Identity has undergone a remarkable transformation in recent years. Sophisticated multifactor authentication (MFA) methods have emerged, with passkeys becoming the latest technology capable of replacing weak passwords. Identity management systems connect vast networks of devices, systems, and users. Yet, for all the gains, a nagging problem remains. Detecting signals, understanding events, and determining the correct response in real time is remarkably difficult for identity systems. As...| Cloud Security Alliance
Security operations center (SOC) analysts assisted by AI are faster and more accurate compared to counterparts working manually SEATTLE – Oct. 7, 2025 – Beyond the Hype: A Benchmark Study of AI in the SOC, a new report from the Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, and Dropzone AI, the leading provider of AI SOC analysts, has found that AI-assisted security analysts demonstrate grea...| Cloud Security Alliance
Ask most people what the biggest threat in IT is, and they’ll say “AI” — hailed for productivity and feared for job loss. Yet the more consequential risk may be waiting offstage. Quantum computing, a field overshadowed by the AI frenzy, has the power to render current cryptography algorithms useless and, as a result, turn everyday electronic secure communications into a free-for-all. What is quantum computing? Let’s take a step back and explain what quantum computing...| Cloud Security Alliance
Written by Ken Huang, CEO at DistributedApps.ai and Jerry Huang, Engineering Fellow, Kleiner Perkins. Abstract AI agents used in e-commerce necessitates secure payment protocols capable of handling high-determinism user authorization, agent authentication, and non-repudiable accountability. The Agent Payments Protocol (AP2) [1], an open extension to Agent2Agent (A2A) [2] and Model Context Protocol (MCP) [3], introduces Verifiable Credentials (VCs) in the form of crypt...| Cloud Security Alliance
The National Security Division (NSD) of the U.S. Department of Justice (DOJ) issued a Final Rule announcing a new Data Security Program (DSP) under Executive Order 14117: Preventing Access To Americans' Bulk Sensitive Personal Data And United States Government-Related Data By Countries Of Concern. Focused on protecting “covered data” transactions, the goal of the DOJ’s Final Rule is clear—prevent access to U.S government-related data and Americans’ sensitive personal data from: ...| Cloud Security Alliance
Modern enterprises generate oceans of logs that span on-prem, cloud, IoT, and OT. Think identity, device, data, network, and application events. Logs are the backbone of visibility, but logs alone do not provide actionable insights. They become powerful when analyzed and correlated for threats, vulnerabilities, and anomalous behavior. In a new publication, CSA argues for pairing AI log analysis with sound event engineering to: Reduce SOC cognitive load Minimize false positives Acce...| Cloud Security Alliance
In theory, Role-Based Access Control (RBAC) is elegant. In practice, it’s often anything but. Over time, even the most disciplined identity programs fall prey to the usual culprits: role creep, stale entitlements, convoluted hierarchies, and a sprawling mess of redundant or overlapping roles. What started as a clean access control framework became a high-risk operational nightmare. Role Engineering is how security teams take back control, transforming bloated, manual, and brittle R...| Cloud Security Alliance
For years, security awareness training (SAT) has been treated like a checkbox—an annual task to meet compliance requirements. But cyber threats have grown more sophisticated, targeting people over infrastructure and exploiting human behavior instead of technical flaws. For CISOs, this shift calls for a new approach. SAT can no longer be a passive exercise. It must evolve into a strategic tool for reducing risk, changing behavior, and fostering a culture where security is second...| Cloud Security Alliance
Cybersecurity has evolved from a technical concern to a strategic imperative. For industries like finance, healthcare, retail, and manufacturing, where breaches can devastate operations and reputation, the stakes have never been higher. Rising cyberattack frequency and stringent regulations demand a fundamental shift: from reactive, compliance-only approaches to proactive, risk-based strategies aligned with business objectives. Why The Disconnect Exists Many organizations focus...| Cloud Security Alliance
“Zero Trust Architecture in today’s complex multi-cloud environments provides an effective way to ensure Cyber Resilience and effectively address cyber threats. While the leading organizations and security leaders continue to adopt this change, this article aims to equip them with essential Zero Trust concepts and provides practical strategies for implementation.” Industry Report that underpins the importance of this article: Per the recent Industry Survey conducted in 2025, i...| Cloud Security Alliance
When news broke that Columbia University suffered a cyberattack affecting nearly 870,000 individuals, the scale immediately caught attention. The breach not only exposed personal and academic records but also highlighted the growing risks universities face as they rely on complex combinations of cloud infrastructure and SaaS applications. For Columbia, a prestigious Ivy League institution, the incident serves as a stark reminder that higher education is firmly in the crosshairs of cyberc...| Cloud Security Alliance
Abstract The August 2025 Salesloft Drift breach demonstrates a systemic security blind spot across all industries: third-party delegated access through OAuth integrations. Over 700 organizations — including financial institutions, technology companies, healthcare providers, and government agencies — experienced data exposure, not through their own systems being compromised, but through the theft and misuse of OAuth tokens granted to a trusted third-party application. From a financial se...| Cloud Security Alliance
Why SaaS Security Needs a Rethink SaaS has changed everything. From collaboration tools to critical business applications, SaaS is now the default way organizations consume technology. But with this massive shift comes a big problem: security hasn’t kept up. Most Third-Party Risk Management (TPRM) programs focus on a supplier’s overall organizational security (like SOC 2 reports and ISO certifications). What they don’t really assess is the actual security capabilities inside ...| Cloud Security Alliance
In April 2025, a ransomware attack on Marks & Spencer paralyzed its core systems by encrypting its VMware ESXi hypervisors. The breach halted online sales, disrupted logistics, and left customers in limbo. With damages estimated at over $400 million, the attack revealed a growing trend in ransomware: infrastructure-layer targeting. This blog explores why hypervisors like ESXi are now a top attack vector for ransomware groups—and what retailers can do to strengthen virtual infrastruc...| Cloud Security Alliance
Over the past decade, the Cloud Security Alliance has been at the forefront of helping organizations navigate the cloud’s risks and opportunities. As we now enter the generative AI era, the challenge is even greater: security teams must enable innovation while ensuring that developers select trustworthy models and implement the right guardrails from the start. This is where RiskRubric.ai comes in – a systematic methodology to quantify AI model risk across six pillars of trust: Transparen...| Cloud Security Alliance
After a world-record-setting 15-year interview process, I'm insanely excited to officially join the Cloud Security Alliance as Chief Analyst. Okay, this is the part where I should probably explain what the Chief Analyst is, what it adds for CSA members, how it helps the broader community, and why I'm taking the role. I've been involved with CSA since just after it started. First as an editor on the Security Guidance, then eventually building the CCSK class, contributing to multiple wor...| Cloud Security Alliance
BRUSSELS – 10 September 2025 – The EU Cloud CoC General Assembly is pleased to announce that EQS Group is the first cloud service provider to successfully declare services adherent to the EU Cloud Code of Conduct (EU Cloud CoC) through the dedicated framework established in collaboration with the Cloud Security Alliance (CSA). This milestone showcases EQS Group’s commitment to robust data protection practices and to transparently demonstrating GDPR compliance. The EU Cloud CoC is a c...| Cloud Security Alliance
What is PHI? Protected Health Information (PHI) is any data within a medical record that can be used to identify an individual. This information is created, used, or disclosed in the process of providing healthcare services, such as diagnosis or treatment. PHI is a critical component in the healthcare system, serving as the foundation for patient records and medical history. PHI includes a variety of identifiers that link medical information to an individual. This data is essential for ...| Cloud Security Alliance
In the world of FedRAMP authorization, a common stumbling block is the complexity and volume of security controls that organizations must implement and continuously monitor. But a more recent FedRAMP 20x development, the Key Security Indicators (KSI), is emerging as a powerful alternative that can improve operational insight and streamline the path to authorization. This post explores all things KSIs: their origins and benefits, how they differ from controls, and how they’re reshaping ...| Cloud Security Alliance
If one principal can do anything, one mistake can undo everything. I’ve read too many incident reviews where the “automation user” turned out to be the attacker’s best friend. One token. All the doors. Code, artifacts, production. We built CI/CD to go fast. We accidentally made it the fastest path to a breach. Just like with your human workforce, identity should be the control plane of your software factory. Treat it that way — or prepare for a very long night. In this post I'll cov...| Cloud Security Alliance
Identity security has officially overtaken all other risks as the top concern in cloud environments. According to CSA’s State of Cloud and AI Security 2025 survey report, insecure identities and risky permissions are the top cloud security risk. Hybrid and multi-cloud settings are now the norm and identity is the connective tissue across everything. This also makes it the weak point attackers target first. Identity-Driven Breaches Are Now the Norm The breach data underscores h...| Cloud Security Alliance
The Cloud Security Alliance (CSA) leads the industry in offering cloud security-specific research, education, certification, events and best practices.| cloudsecurityalliance.org
Results highlight the importance of unified visibility across code-to-cloud environments to counter risks effectively| CSA
.png)
In today’s digital landscape, SaaS has emerged as a vital lifeline for operations in organizations big and small. As businesses entrust the cloud with their invaluable data, security of these applications and the information they harbor takes center stage. While SaaS applications are secure by| CSA
Cloud Controls Matrix (CCM)| CSA
