Cloud Security Alliance

The Salesloft Drift OAuth Supply-Chain Attack: Cross-Industry Lessons in Third-Party Access Visibility

Salesloft breach shows how OAuth tokens abused by trusted apps enable data exposure, underscoring the need for Zero Trust and ...
Cloud Security Alliance

Introducing the SaaS Security Capability Framework (SSCF) v1.0: Raising the Bar for SaaS Security

The SaaS Security Capability Framework (SSCF) v1.0 introduces practical, actionable controls for SaaS security, guiding ...
Cloud Security Alliance

From Retail Floors to Virtual Cores: ESXi Is the Next Attack Vector in Retail

Retailers face rising ransomware targeting ESXi hypervisors; guidance on securing virtualization and preventing outages.
Cloud Security Alliance

AI Log Analysis for Event Correlation in Zero Trust

Learn how AI log analysis enhances security. Reduce the load on SOC teams so they can focus on judgment, context, and ...
Cloud Security Alliance

Controls vs. Key Security Indicators: Rethinking Compliance for FedRAMP

Explores key security indicators as a modern alternative to controls in FedRAMP, their benefits, differences, and automation ...
Cloud Security Alliance

Columbia University Breach Exposes 870,000 Records: The Case for Unified Cloud and SaaS Security

Columbia's 2025 breach highlights the need for unified cloud and SaaS security to protect data across campuses.
Cloud Security Alliance

RiskRubric: A New Compass for Secure and Responsible Model Adoption

RiskRubric provides a six-pillar framework to quantify AI model risk, guiding secure, compliant adoption with evidence-based ...
Cloud Security Alliance

What is Protected Health Information (PHI)?

Protected Health Information (PHI) is any data within a medical record that can be used to identify an individual. This information is created, used, or disclosed in the process of providing ...