Cloud Security Alliance

Breaking Down the SOC 2 Trust Services Criteria: Privacy

Explore how privacy fits into the SOC 2 Trust Services Criteria, its components, challenges, and practical steps to build ...
Cloud Security Alliance

Token Sprawl in the Age of AI

Explore how AI accelerates token sprawl, why legacy IAM struggles, and practical steps to shrink non-human identity risk.
Cloud Security Alliance

How CSA STAR Helps Cloud-First Organizations Tackle Modern Identity Security Risks

Explains how CSA STAR guides cloud-first organizations to manage identity risk, govern access, and continuously assure cloud ...
Cloud Security Alliance

AI Security: IAM Delivered at Agent Velocity

AI agents expand the attack surface at machine speed. This article covers the Replit incident, consent fatigue, and runtime policy-based authorization.
Cloud Security Alliance

Why Zero Trust Needs to Start at the Session Layer

Explains why Zero Trust must start at the session layer, via NHP, to hide endpoints and reduce AI-driven attack surfaces.
Cloud Security Alliance

Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications

Retrieval augmented generation (RAG) is an effective technique used by AI engineers to develop large language model (LLM) powered applications. However, the lack of security controls in RAG-based LLM ...
Cloud Security Alliance

Identity Security: Cloud’s Weakest Link in 2025

Identity security has officially overtaken all other risks as the top concern in cloud environments. According to CSA’s State of Cloud and AI Security 2025 survey report, insecure identities and risky ...