HOME

Welcome to the Cloud Security Alliance

Suisse Chapter 🇨🇭

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.

Latest News from the Suisse Chapter

CSA & SIGS Special Event – April 10 – 11, 2024

Join CSA and SIGS on April 10th and 11th to hear from featured speakers John Kindervag and Rob van der Veer at a special two-day event in Zurich. Learn about Zero Trust and AI and network with like-minded peers in cybersecurity. Register today to save your spot! Learn More Rob van der Veer, Senior Director…

[ Continue Reading ]

New CSA CH vEvent – Morning Breakfast on July 6th, 2022 !!

Title:  Dealing with the challenges of China’s cross-border data transfer restrictions Speaker Name: Samuel Yang    Abstract:                       In this session we will discuss: China’s most up-to-date data localization and cross-border data transfer rules, and how they affect companies doing business in/with China. Regulatory and practical issues in relation to the use of VPN and foreign…

[ Continue Reading ]

Chapter Suimmit 2021 – Nov 4th

All CSA chapter members are encouraged to join us on November 4th (8am-12pm Pacific Time) for the inaugural CSA Chapter Summit, an exclusive and free virtual event. This summit will be a unique opportunity for chapter members to come together and network, while also learning about ways to engage with CSA global. During the event,…

[ Continue Reading ]

Zero-cloud and Data Protection

Here my last article on the topic “Data Security as Business enabler”, which I recently presented in a 3-days panel organized by EPFL on “Zero-Trust cloud week – Data Protection in the Cloud”. Recording available here: https://lnkd.in/dWtrF9E #datasecurity #security #privacy

[ Continue Reading ]

Latest News from CSA blog

  • 6 Surprising Findings from the CSA State of Security Remediation Report
    Originally published by Dazz.Written by Julie O’Brien, CMO, Dazz.As more companies shift left and embrace hybrid cloud operations, the need for security visibility across the entire code-to-cloud environment is critical for staying on top of vulnerabilities and reducing exposure.The CSA State of Security Remediation survey validates the challenges that we know organizations are facing, as well as what’s needed to solve them. This post highlights six main findings observed from the CSA survey....continue reading on CSA Home
  • Beyond the Black Box: How XAI is Building Confidence
    Written by Dr. Chantal Spleiss, Co-Chair for the CSA AI Governance & Compliance Working Group.While "AI" has become a broadly used word, there are key distinctions within AI to keep in mind. Narrow AI systems excel at specific tasks, like playing chess or recognizing objects in images. Generative AI (GenAI) is a rapidly growing field that involves creating new text, images, code, or other forms of content. These systems pose unique challenges for understanding their output and ensuring it...continue reading on CSA Home
  • Everything You Need to Know About the EU AI Act
    Originally published by BARR Advisory.Written by Claire McKenna. We’ve recently witnessed the rapid expansion of artificial intelligence (AI)—and we can expect its continued integration into our daily lives. As our use and reliance on AI grows, so do the potential security risks that come along with it. These risks have prompted several new standards to address the security concerns posed by AI, including the NIST AI Management Framework and ISO 42001.The European Union (EU) is currently work...continue reading on CSA Home
  • 5 Security Questions to Ask About AI-Powered SaaS Applications
    Written by Wing Security.Artificial intelligence (AI) has emerged as a disruptive force, reshaping the way organizations operate, innovate, and compete. With enhanced efficiency, productivity, and personalized user experiences, AI-powered SaaS applications have become integral to modern businesses across industries. However, due to the transformative potential of AI, organizations are starting to grapple with the complexities of data privacy, intellectual property protection, and security vul...continue reading on CSA Home
  • Powerful Cloud Permissions You Should Know: Part 1
    Originally published by Sonrai Security.Written by Deirdre Hennigar and Tally Shea.MITRE ATT&CK Framework: Initial AccessA cloud permission is never a dangerous thing by nature. In fact, their power is solely defined by the context in which they are used. Whether a permission falls into the wrong hands for malicious use, or an employee uses it and unintentionally introduces new risk, cloud permissions can be powerful tools.Some permissions inherently hold more power than others and should...continue reading on CSA Home
  • Salesforce Data Security Challenges in Wake of the Recent Breach
    Originally published by Adaptive Shield.Written by Hananel Livneh. Recent incidents continue to shed light on vulnerabilities that organizations face. A notable case involves a networking products company whose support website inadvertently exposed sensitive customer information, as reported by KrebsOnSecurity. This incident underscores the critical importance of robust security measures in safeguarding customer data. In this blog post, we'll delve into the details of the exposure, explore po...continue reading on CSA Home
  • How Attackers Exploit Non-Human Identities: Workshop Recap
    Originally published by Astrix.Written by Tal Skverer and Danielle Guetta. “Identity is the new perimeter.” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations – big or small. The realization that user identities and login credentials need to be vigorously protected with IAM policies and security tools like MFA or IP restriction...continue reading on CSA Home
  • Recommendations for Self-Managed FedRAMP Red Team Exercises
    Originally published by Schellman & Co.When FedRAMP issued Revision 5 in May 2023, the changes included a new requirement for a red team exercise in addition to the already-mandated penetration test. Now that Rev 5 is officially being enforced as of 2024, organizations pursuing FedRAMP Authorization must get this new obligation right.FedRAMP permits organizations two options to satisfy their red team exercise requirement: You can have one performed by a third-party assessor organization (...continue reading on CSA Home
  • CISOs, Sewers, and Unsolvable Problems
    Originally published by CXO REvolutionaries.Written by Daniel Ballmer, Senior Transformation Analyst, Zscaler.CISOs and sewer engineers face similar challenges, and it goes beyond keeping the contents of their systems moving fast and smooth. There is a mathematical exercise that has many names, but I learned it as the New York City Sewer Problem. In short, it states that finding the optimal configuration of the NYC sewer system is a problem modern computing cannot solve in a human lifetime. B...continue reading on CSA Home
  • CSA STAR Level 2: All About STAR Attestations and Certifications
    Any organization providing cloud services can benefit from completing the STAR program’s cloud security and privacy assessments. These assessments are based on the Cloud Controls Matrix (CCM), as well as the privacy requirements for GDPR compliance. STAR assessments fall under two levels of assurance: Level 1 (self-assessments) and Level 2 (third-party assessments). Let’s dive into some of the intricacies of STAR Level 2.What is CSA STAR Level 2?STAR Level 2 consists of third-party audits tha...continue reading on CSA Home