CSA Security Update

Continuous verifiable proof is the new standard

In this episode of CSA Security Update, host John DiMaria and guest Scott Furman of Invary discuss the evolving landscape of cloud security, focusing on the critical vulnerabilities posed by implicit trust in foundational components like kernels and hypervisors. They explore the limitations of traditional security tools and the necessity of continuous integrity measurement as a proactive defense against modern threats, including zero-day attacks. The conversation underscores the importance of integrating integrity validation into existing security frameworks, while striking a balance between performance and security. Real-world use cases demonstrate the effectiveness of these measures, particularly in critical infrastructure. The episode concludes with insights into the future of cloud security, emphasizing the need for continuous verifiable proof to enhance trust and security in cloud environments. https://cloudsecurityalliance.org/star/

The Human Side of AI Security: Leadership, Culture, and Change

Summary In this episode, John DiMaria and John Earle discuss the rapid rise of AI in cybersecurity, drawing parallels to the early adoption of cloud security. They explore the importance of organizational culture, change management, and team dynamics in shaping security initiatives. The conversation emphasizes the need for effective communication and the role of security champions in overcoming resistance to change. Looking ahead, they highlight the qualities that will define successful security leaders in the evolving landscape of technology. Key takeaways * AI is transforming cybersecurity at an unprecedented pace. * Organizational culture significantly impacts security performance. * Change management is essential for security leaders. * Understanding team dynamics can enhance security initiatives. * Building security champions is crucial for program success. * Effective communication fosters collaboration and trust. * Resistance to change is a natural reaction that needs addressing. * Security leaders must empathize with team concerns. * Data engineering knowledge will be vital for future leaders. * Proactive security measures are more effective than reactive ones. https://cloudsecurityalliance.org/star/

Guardrails for Generative AI: Balancing Innovation with Responsibility

As organizations embrace generative AI, ensuring applications align with safeguards is critical. Today, we are here to explore how proper Guardrails can enable responsible AI by filtering harmful content, enforcing policies, and supporting compliance—all without slowing innovation. Join us as we interview Saptarshi Banerjee, Senior Solutions Architect at Amazon Web Services (AWS  Listeners will hear real-world use cases, governance best practices, and how to build AI solutions that are powerful, secure, and aligned with enterprise values.  https://cloudsecurityalliance.org/star/

Empowering Cloud Providers: The EU Cloud Code of Conduct and GDPR Explained

In this insightful episode, we explore the intricate world of GDPR compliance and how tools like codes of conduct can support cloud service providers. Our special guest, Gabriela Mercuri, Managing Director of SCOPE Europe, shares her expertise on the EU Cloud Code of Conduct (EU Cloud CoC), a pivotal GDPR compliance tool designed specifically for the cloud industry. Join us as we discuss the significance of these codes of conduct, their role in ensuring data protection, and how they offer a practical framework for companies striving to meet GDPR requirements. We will also delve into the ongoing collaboration between the EU Cloud CoC and the CSA, highlighting how this partnership enhances transparency, trust, and compliance across the cloud services landscape. Whether you’re a cloud service provider, a data protection professional, or simply interested in GDPR compliance, this episode will provide valuable insights into the evolving landscape of data protection and the practical steps companies can take to ensure compliance. https://cloudsecurityalliance.org/star/

Real-talk: Opportunities for Security Teams to Fight AI with AI

The attack surface has expanded and evolved dramatically in an era where the industry is investing nearly a trillion dollars in cloud infrastructure, operations, and applications. Modern cloud development enables faster application building and introduces complex security challenges. As generative AI becomes increasingly integrated into our tools and processes, it promises to transform how we approach cybersecurity. But what does that mean for security and development teams today? Join us in this episode as we interview Tomer Schwartz, CTO and Co-founder, Dazz, and explore how AI can be a game-changer for security teams, especially resource-constrained teams, offering the ability to automatically discover and resolve cloud vulnerabilities at their root. We'll discuss whether human oversight will still be necessary before changes go live and when the true potential of GenAI is realized. We will also discuss how we can use AI to outsmart adversaries using it for malicious purposes. This is a must-listen for anyone interested in leveraging AI to enhance their security posture and protect against the next generation of cyber threats. https://cloudsecurityalliance.org/star/