HOME

Welcome to the Cloud Security Alliance

Suisse Chapter 🇨🇭

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.

Latest News from the Suisse Chapter

CSA & SIGS Special Event – April 10 – 11, 2024

Join CSA and SIGS on April 10th and 11th to hear from featured speakers John Kindervag and Rob van der Veer at a special two-day event in Zurich. Learn about Zero Trust and AI and network with like-minded peers in cybersecurity. Register today to save your spot! Learn More Rob van der Veer, Senior Director…

[ Continue Reading ]

New CSA CH vEvent – Morning Breakfast on July 6th, 2022 !!

Title:  Dealing with the challenges of China’s cross-border data transfer restrictions Speaker Name: Samuel Yang    Abstract:                       In this session we will discuss: China’s most up-to-date data localization and cross-border data transfer rules, and how they affect companies doing business in/with China. Regulatory and practical issues in relation to the use of VPN and foreign…

[ Continue Reading ]

Chapter Suimmit 2021 – Nov 4th

All CSA chapter members are encouraged to join us on November 4th (8am-12pm Pacific Time) for the inaugural CSA Chapter Summit, an exclusive and free virtual event. This summit will be a unique opportunity for chapter members to come together and network, while also learning about ways to engage with CSA global. During the event,…

[ Continue Reading ]

Zero-cloud and Data Protection

Here my last article on the topic “Data Security as Business enabler”, which I recently presented in a 3-days panel organized by EPFL on “Zero-Trust cloud week – Data Protection in the Cloud”. Recording available here: https://lnkd.in/dWtrF9E #datasecurity #security #privacy

[ Continue Reading ]

Latest News from CSA blog

  • Everything You Need to Know About the EU AI Act
    Originally published by BARR Advisory.Written by Claire McKenna. We’ve recently witnessed the rapid expansion of artificial intelligence (AI)—and we can expect its continued integration into our daily lives. As our use and reliance on AI grows, so do the potential security risks that come along with it. These risks have prompted several new standards to address the security concerns posed by AI, including the NIST AI Management Framework and ISO 42001.The European Union (EU) is currently work...continue reading on CSA Home
  • 5 Security Questions to Ask About AI-Powered SaaS Applications
    Written by Wing Security.Artificial intelligence (AI) has emerged as a disruptive force, reshaping the way organizations operate, innovate, and compete. With enhanced efficiency, productivity, and personalized user experiences, AI-powered SaaS applications have become integral to modern businesses across industries. However, due to the transformative potential of AI, organizations are starting to grapple with the complexities of data privacy, intellectual property protection, and security vul...continue reading on CSA Home
  • Powerful Cloud Permissions You Should Know: Part 1
    Originally published by Sonrai Security.Written by Deirdre Hennigar and Tally Shea.MITRE ATT&CK Framework: Initial AccessA cloud permission is never a dangerous thing by nature. In fact, their power is solely defined by the context in which they are used. Whether a permission falls into the wrong hands for malicious use, or an employee uses it and unintentionally introduces new risk, cloud permissions can be powerful tools.Some permissions inherently hold more power than others and should...continue reading on CSA Home
  • Salesforce Data Security Challenges in Wake of the Recent Breach
    Originally published by Adaptive Shield.Written by Hananel Livneh. Recent incidents continue to shed light on vulnerabilities that organizations face. A notable case involves a networking products company whose support website inadvertently exposed sensitive customer information, as reported by KrebsOnSecurity. This incident underscores the critical importance of robust security measures in safeguarding customer data. In this blog post, we'll delve into the details of the exposure, explore po...continue reading on CSA Home
  • How Attackers Exploit Non-Human Identities: Workshop Recap
    Originally published by Astrix.Written by Tal Skverer and Danielle Guetta. “Identity is the new perimeter.” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations – big or small. The realization that user identities and login credentials need to be vigorously protected with IAM policies and security tools like MFA or IP restriction...continue reading on CSA Home
  • Recommendations for Self-Managed FedRAMP Red Team Exercises
    Originally published by Schellman & Co.When FedRAMP issued Revision 5 in May 2023, the changes included a new requirement for a red team exercise in addition to the already-mandated penetration test. Now that Rev 5 is officially being enforced as of 2024, organizations pursuing FedRAMP Authorization must get this new obligation right.FedRAMP permits organizations two options to satisfy their red team exercise requirement: You can have one performed by a third-party assessor organization (...continue reading on CSA Home
  • CISOs, Sewers, and Unsolvable Problems
    Originally published by CXO REvolutionaries.Written by Daniel Ballmer, Senior Transformation Analyst, Zscaler.CISOs and sewer engineers face similar challenges, and it goes beyond keeping the contents of their systems moving fast and smooth. There is a mathematical exercise that has many names, but I learned it as the New York City Sewer Problem. In short, it states that finding the optimal configuration of the NYC sewer system is a problem modern computing cannot solve in a human lifetime. B...continue reading on CSA Home
  • CSA STAR Level 2: All About STAR Attestations and Certifications
    Any organization providing cloud services can benefit from completing the STAR program’s cloud security and privacy assessments. These assessments are based on the Cloud Controls Matrix (CCM), as well as the privacy requirements for GDPR compliance. STAR assessments fall under two levels of assurance: Level 1 (self-assessments) and Level 2 (third-party assessments). Let’s dive into some of the intricacies of STAR Level 2.What is CSA STAR Level 2?STAR Level 2 consists of third-party audits tha...continue reading on CSA Home
  • For Game-Changing Cloud Workload Protection, Focus on Quality Over Quantity
    Written by Tenable Cloud Security. The infamous Log4J software vulnerability shook the software industry in 2021 by catching much of the IT security community unprepared. Log4J is used in nearly every modern application, so the flaw impacted enterprise cloud services globally. What is the preferred way to prepare for the next vulnerability showstopper - and for vulnerabilities in general? Coping with vulnerabilities isn’t a matter of mitigating all findings. Rather, you should adopt a managea...continue reading on CSA Home
  • The 2023 State of SaaS Security Report
    Originally published by Valence. Written by Adrian Sanabria. There’s something I love about putting together a big annual security report. The combination of data insights and industry trends is an opportunity to present a snapshot of the big picture. There’s the luxury of time we don’t have with a single blog post and a depth of exploration we can’t go into with an infographic or a time-limited podcast.It feels a bit silly to wax romantic about an annual security report, but I love storytell...continue reading on CSA Home