Latest news with #CloudSecurityAlliance
Business Wire
01-07-2025
- Business
- Business Wire
SkyePoint Decisions Joins Cloud Security Alliance
DULLES, Va.--(BUSINESS WIRE)--SkyePoint Decisions Inc. (SkyePoint), a leader in cybersecurity architecture, engineering, and critical infrastructure solutions for the federal government, today announced it has joined the Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. "SkyePoint is pleased to announce our CSA corporate membership and looks forward to collaborating with other CSA industry leaders as we expand our cloud security presence and enhance our cloud and AI service offerings ..." Share 'SkyePoint is pleased to announce our CSA corporate membership and looks forward to collaborating with other CSA industry leaders as we expand our cloud security presence and enhance our cloud and AI service offerings in support of rapidly evolving, federal agency mission requirements,' said Jason Weaver, Chief Technology Officer for SkyePoint Decisions. 'Additionally, our employees are excited to have access to the alliance's extensive, professional development tools and training resources essential to maintaining industry-leading cloud and cyber posture, risk mitigation focus, and security compliance credentials.' About SkyePoint Decisions SkyePoint Decisions (SkyePoint) provides innovative, enterprise-wide solutions addressing complex challenges of its government clients. As a prime contractor committed to delivery excellence, SkyePoint develops comprehensive Information Technology, cloud and cybersecurity, engineering, maintenance, and operations solutions anytime, anywhere, and securely from any device. We combine technical expertise, mission awareness, and an empowered workforce to produce competitive, sustainable results. SkyePoint is an ISO 9001:2015, ISO 20000-1:2018, ISO 27001:2022, and CMMI Maturity Level 3 DEV/Maturity Level 3 SVC professional services provider with operations nationwide. For further information, connect with us at About the Cloud Security Alliance The Cloud Security Alliance (CSA) is the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA's activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at and follow us on X @cloudsa.
Techday NZ
18-06-2025
- Business
- Techday NZ
Cloud Security Alliance launches pledge for responsible AI use
The Cloud Security Alliance has introduced the AI Trustworthy Pledge, aiming to promote responsible and transparent development of artificial intelligence. The initiative is designed to address ongoing concerns regarding AI governance, including issues such as AI-generated misinformation, privacy risks, and ethical challenges that have come to the forefront as artificial intelligence is increasingly embedded in commercial and governmental decision-making. The Cloud Security Alliance (CSA), an organisation known for defining standards, certifications, and best practices for cloud security, stated that the AI Trustworthy Pledge serves as a public commitment to advance the responsible development and management of AI technologies. The Pledge forms part of the organisation's broader efforts under its AI Safety Initiative. This move follows recognition that previous approaches, where products are built before comprehensive risk and security considerations, are insufficient for the complexities posed by AI systems. The CSA emphasised the necessity for proactive frameworks that prioritise trust and accountability from the outset. The AI Trustworthy Pledge outlines four foundational principles for organisations engaged in AI-related activities. Participating organisations commit to safety and compliance, transparency, ethical accountability, and privacy protection across the lifecycle of AI design, deployment, and management. According to the CSA, the initiative begins with voluntary adoption by industry and is intended to pave the way for more formal standards and certification processes, including the forthcoming STAR for AI initiative. This later phase will establish detailed cybersecurity and trustworthiness requirements for generative AI services. "The decisions we make today around AI governance, ethics, and security will shape not only the future of our organizations and our industry, but of society at large. The AI Trustworthy Pledge provides a tangible opportunity to lead in this space, not just by managing risk, but by actively driving responsible innovation and helping to establish the industry standards of tomorrow," said Jim Reavis, CEO and co-founder, Cloud Security Alliance. Organisations who sign the pledge are required to ensure their AI systems adhere to several guidelines. These include prioritising user safety and compliance with applicable regulations, maintaining transparency about AI systems in use, ensuring ethical development that allows for explainable outcomes, and upholding rigorous privacy protections for personal data. Initial signatories include Airia, Endor Labs, Deloitte Consulting Srl S.B., Okta, Reco, Redblock, Securiti AI, Whistic, and Zscaler alongside others that have signalled their commitment to responsible AI practices through participation in the pledge. These organisations will be provided with a digital badge to signal their adherence to the outlined commitments. Principles outlined The CSA's AI Trustworthy Pledge is centred on four key principles. Firstly, safety and compliance require that organisations implement AI solutions that place user safety at the forefront and adhere to regulatory requirements. Secondly, transparency expects organisations to be open about the AI systems they employ in order to foster greater trust. Thirdly, ethical accountability is intended to ensure fairness and the ability to explain how AI-derived outcomes are determined. Lastly, privacy protection requires organisations to maintain strong safeguards over personal data processed by AI systems. By focusing on voluntary, public commitments, the CSA intends to encourage industry-wide adoption of responsible standards before introducing binding certification frameworks. This approach allows for alignment and shared understanding across different sectors and organisations as AI usage expands. Following the pledge's introduction, the CSA plans to launch the STAR for AI initiative. This will create detailed standards for cybersecurity and trust in generative AI, building on the early foundations laid by the Trustworthy Pledge. The announcement comes as organisations worldwide continue to debate appropriate regulatory, security, and ethical measures as AI technologies evolve. By establishing the Pledge, CSA aims to encourage dialogue and collective action among stakeholders on the responsible use of artificial intelligence.
Techday NZ
18-06-2025
- Business
- Techday NZ
Cloud Security Alliance launches Valid-AI-ted tool for STAR checks
The Cloud Security Alliance has launched Valid-AI-ted, an AI-powered tool providing automated quality checks of STAR Level 1 self-assessments for cloud service providers. Valid-AI-ted integrates large language model (LLM) technology to offer an automated assessment of assurance information in the STAR Registry, aiming to improve transparency and trust in cloud security declarations. Jim Reavis, Chief Executive Officer and Co-Founder, Cloud Security Alliance, said, "With agile, vendor-neutral programs and a global network of industry experts, CSA is uniquely positioned to develop authoritative AI tools that address the real-world challenges of cloud service providers. Our focus on security-conscious innovation led to the creation of Valid-AI-ted and will continue to see us deliver forward-looking initiatives that will push the boundaries of secure, AI-driven technology." CSA members can use Valid-AI-ted without charge and submit assessments as frequently as needed. Non-member providers are limited to ten resubmissions and can remediate their entries based on feedback provided by the tool. If assessments meet the required standard, providers receive a STAR Level 1 Valid-AI-ted badge for display on the STAR Registry as well as their own platforms. Assessment process Valid-AI-ted uses AI-driven evaluation to systematically grade responses to the STAR Level 1 questionnaire, producing detailed reports with scores for each question and domain. Reports are delivered privately to the submitter and contain granular feedback that identifies strengths and areas for improvement. The automation, according to CSA, is unique in the cloud security assurance landscape, as it offers objective, rapid, and scalable validation of self-assessment submissions. The process utilises a standardised scoring model informed by the Cloud Controls Matrix (CCM), which underpins CSA's approach to cloud security best practices. A key feature of Valid-AI-ted is the opportunity for continuous improvement. The ability for organisations to revise and resubmit assessments is highlighted as beneficial for those seeking STAR certification or looking to enhance their transparency among customers and regulators. Comparative advantages CSA highlights several advantages of Valid-AI-ted when compared to traditional STAR Level 1 evaluations. The tool is intended to improve assurance by reducing variability in the quality of responses, as traditionally, customer interpretation is required when reviewing self-assessment answers. With Valid-AI-ted, users receive qualitative analysis and actionable feedback aligned with established CCM guidance. This approach is positioned to support organisations in maturing their processes and can serve as a stepping stone towards the more rigorous STAR Level 2 third-party assessments. The STAR Level 1 Valid-AI-ted badge, awarded to successful assessment submissions, is intended to offer heightened recognition for providers. CSA says this distinction can help providers stand out to customers, partners, and regulators by demonstrating a commitment to more than basic compliance requirements. STAR Registry context The STAR Registry is an online resource that publicly lists the security and privacy controls of cloud providers. It enables organisations to demonstrate compliance with various regulations and standards while supporting transparency and reducing the need for multiple customer questionnaires. The registry is based on principles detailed in the Cloud Controls Matrix, including transparency, auditing, and harmonisation of standards. The Valid-AI-ted tool and STAR Level 1 evaluations are part of a suite of assessments that build on these principles, aiming to support both providers and customers in understanding cloud security postures. Licensing and integration Solution providers interested in incorporating Valid-AI-ted grading into governance, risk, and compliance (GRC) solutions can obtain access to the relevant scoring rubric and prompts by securing a CCM licence from CSA. While Valid-AI-ted is available to CSA members at no charge, non-members can access the service for $595. Discounts are also available for participants attending CSA's Cloud Trust Summit, who will be provided with a code for a $200 reduction in fees through the end of June. With the launch of Valid-AI-ted, CSA seeks to provide automated, standardised, and actionable assurance assessment, utilising AI to address the evolving demands of cloud security and compliance.
Yahoo
19-05-2025
- Business
- Yahoo
Knox Systems Joins Cloud Security Alliance to Advance Global Cloud Security Standards
WASHINGTON and NEW YORK, May 19, 2025 /PRNewswire/ -- Knox Systems, the fastest way for SaaS vendors to deliver secure software to the U.S. government, today announced that it has joined the Cloud Security Alliance (CSA), a global organization dedicated to defining and raising awareness of best practices for secure cloud computing. CSA counts among its members the world's leading technology and cloud providers, including Microsoft, AWS, Google Cloud, Cisco, IBM, Oracle, Salesforce, VMware, and Okta. Together, CSA members work to shape the future of secure cloud adoption by driving global standards, education, and certification. Knox joins CSA at a critical moment as the public sector accelerates its adoption of cloud-native platforms, generative AI, and Commercial Off the Shelf (COTS) software. As the operator of the largest and longest-running FedRAMP- and DISA-authorized SaaS cloud in the federal marketplace—including platforms hosting Adobe's federal cloud - Knox brings deep experience in securing high-impact workloads for civilian and defense agencies. "As government and enterprise organizations race to adopt internet-connected AI tools and cloud-native software, it's critical we align around globally recognized security practices," said Irina Denisenko, CEO of Knox Systems. "The Cloud Security Alliance is where the world's top cloud leaders come together to drive that alignment, and we're proud to join them in shaping the future of secure cloud." Knox's AI-powered platform enables SaaS vendors to achieve FedRAMP authorization in just 90 days for 90% less than of the traditional cost - unlocking faster and safer adoption of mission-critical tools across government and highly regulated sectors. About Knox SystemsKnox is the fastest way for SaaS vendors to get FedRAMP-ready and deliver secure software to the U.S. Government. Knox operates the largest and longest-running FedRAMP and DISA-authorized SaaS cloud and helps top vendors serve government missions at speed. Learn more at About the Cloud Security Alliance (CSA)The Cloud Security Alliance is the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. Its global membership includes thought leaders from the public and private sectors, driving innovation across cloud architecture, compliance, and emerging technologies. Learn more at Media Contact: media@ View original content to download multimedia: SOURCE Knox Systems, Inc
Techday NZ
01-05-2025
- Business
- Techday NZ
Cloud Security Alliance report urges new defences for cloud
The Cloud Security Alliance has published its latest Top Threats to Cloud Computing Deep Dive 2025 report, detailing critical cloud security incidents and offering actionable guidance for organisations. The report analyses eight real-world breaches involving organisations including a multinational technology conglomerate, an Australian sports governing body, a multinational automotive manufacturer, and a cybersecurity technology company. Developed by the alliance's Top Threats Working Group, the cases are mapped against relevant Cloud Controls Matrix controls, providing threat models and detailed narratives describing the circumstances of each breach. The report expands on the findings of the previous year's Top Threats to Cloud Computing documentation by examining how those vulnerabilities and security weaknesses have played out in actual incidents. According to the authors, these breaches illustrate persistent patterns and misconfigurations that malicious actors have exploited. Michael Roza, Co-Chair of the Top Threats Working Group and one of the lead authors of the paper, said: "The vulnerabilities, threats, and security weaknesses outlined in Top Threats to Cloud Computing 2024 have materialized in real-world breaches, exposing recurring failure patterns and misconfigurations that attackers continue to exploit. By analyzing these incidents, we have identified actionable lessons that organizations can adopt today to enhance cloud security and mitigate breach risks." The report draws attention to recurring security gaps, with a particular focus on the impact of identity and access management, supply chain risks, and the evolving nature of threat actors targeting cloud environments. It emphasises that these factors have continued to influence the frequency and impact of cloud security breaches across all sectors. Key takeaways outlined for cloud users, builders, and defenders include the need for security practices that consider both human error and persistent threats, and underline that identity and access security controls are essential for robust cloud security. The report also highlights that shared responsibility between cloud service providers and customers remains vital, urging clear delineation and enforcement of role-specific security practices. Continuous monitoring and real-time detection are recommended as critical components for incident prevention and response. Supply chain security is identified as an area requiring further attention, with calls for strengthened processes and oversight. The report further suggests that proactive cloud governance plays a significant role in reducing long-term risk exposure for organisations operating in the cloud. Another recommendation is that incident response plans and recovery strategies must be tailored specifically to the cloud environment, rather than repurposing traditional on-premises approaches. Security testing and validation, the report notes, should be extended beyond production environments to cover the full cloud lifecycle. The Top Threats Working Group's goal is to equip organisations with the latest expertise regarding cloud security risks, threats, and vulnerabilities, thereby supporting informed risk management decisions for cloud adoption. The group has invited individuals interested in contributing to its ongoing research and initiatives to join its efforts.
