As AI rapidly integrates into cloud environments, organizations are facing governance, risk, and compliance challenges that traditional frameworks like ISO 27001 were never designed to address. In this episode, we explore how ISO/IEC 42001, the new international standard for an Artificial Intelligence Management System (AIMS), provides a structured and auditable approach to responsible AI governance. You’ll learn how this standard helps organizations operationalize AI risk management while ensuring accountability, transparency, and compliance across modern cloud ecosystems.

We break down practical strategies for integrating ISO/IEC 42001 into existing GRC programs—without duplicating effort or creating parallel processes.

John DiMaria interviews Tanya Tandon, Senior GRC & Risk Advisor for Viso Trust, who draws on real-world experience as an ISO/IEC 42001 Lead Auditor, offers actionable guidance for building trustworthy AI systems, preparing for certification, and managing third-party AI risks. Whether you’re a security leader, auditor, compliance professional, or AI practitioner, you’ll gain practical insights on embedding ISO 42001 requirements into daily AI operations and aligning them with broader enterprise GRC strategies.

https://cloudsecurityalliance.org/star/

As organizations accelerate their adoption of cloud and AI technologies, internal audit teams are being pushed into a new era of complexity. In this episode, Cloud Security Alliance’s John DiMaria and Grant Thornton’s Vik Rai unpack the evolving risk landscape across hybrid and multi-cloud environments—and what auditors must do to keep pace.

We explore today’s most critical cloud security challenges, including unclear shared responsibility, governance gaps, misconfigurations, credential sprawl, insecure APIs, and limited visibility into cloud data flows. Listeners will gain practical, actionable guidance on strengthening cloud governance, evaluating security posture, assessing identity and access controls, securing application development, and managing third-party cloud risk.

You’ll also hear how frameworks like the CSA Cloud Controls Matrix (CCM) help internal audit teams build scalable, multi-year audit programs that align to modern cloud architectures.

https://cloudsecurityalliance.org/star/

In this episode of CSA Security Update, host John DiMaria and guest Scott Fuhriman of Invary discuss the evolving landscape of cloud security, focusing on the critical vulnerabilities posed by implicit trust in foundational components like kernels and hypervisors. They explore the limitations of traditional security tools and the necessity of continuous integrity measurement as a proactive defense against modern threats, including zero-day attacks. The conversation underscores the importance of integrating integrity validation into existing security frameworks, while striking a balance between performance and security. Real-world use cases demonstrate the effectiveness of these measures, particularly in critical infrastructure. The episode concludes with insights into the future of cloud security, emphasizing the need for continuous verifiable proof to enhance trust and security in cloud environments.

https://cloudsecurityalliance.org/star/

Summary

In this episode, John DiMaria and John Earle discuss the rapid rise of AI in cybersecurity, drawing parallels to the early adoption of cloud security. They explore the importance of organizational culture, change management, and team dynamics in shaping security initiatives. The conversation emphasizes the need for effective communication and the role of security champions in overcoming resistance to change. Looking ahead, they highlight the qualities that will define successful security leaders in the evolving landscape of technology.

Key takeaways

• AI is transforming cybersecurity at an unprecedented pace.
• Organizational culture significantly impacts security performance.
• Change management is essential for security leaders.
• Understanding team dynamics can enhance security initiatives.
• Building security champions is crucial for program success.
• Effective communication fosters collaboration and trust.
• Resistance to change is a natural reaction that needs addressing.
• Security leaders must empathize with team concerns.
• Data engineering knowledge will be vital for future leaders.
• Proactive security measures are more effective than reactive ones.

https://cloudsecurityalliance.org/star/

As organizations embrace generative AI, ensuring applications align with safeguards is critical. Today, we are here to explore how proper Guardrails can enable responsible AI by filtering harmful content, enforcing policies, and supporting compliance—all without slowing innovation. Join us as we interview Saptarshi Banerjee, Senior Solutions Architect at Amazon Web Services (AWS Listeners will hear real-world use cases, governance best practices, and how to build AI solutions that are powerful, secure, and aligned with enterprise values.

https://cloudsecurityalliance.org/star/

In this insightful episode, we explore the intricate world of GDPR compliance and how tools like codes of conduct can support cloud service providers. Our special guest, Gabriela Mercuri, Managing Director of SCOPE Europe, shares her expertise on the EU Cloud Code of Conduct (EU Cloud CoC), a pivotal GDPR compliance tool designed specifically for the cloud industry.

Join us as we discuss the significance of these codes of conduct, their role in ensuring data protection, and how they offer a practical framework for companies striving to meet GDPR requirements. We will also delve into the ongoing collaboration between the EU Cloud CoC and the CSA, highlighting how this partnership enhances transparency, trust, and compliance across the cloud services landscape.

Whether you’re a cloud service provider, a data protection professional, or simply interested in GDPR compliance, this episode will provide valuable insights into the evolving landscape of data protection and the practical steps companies can take to ensure compliance.

https://cloudsecurityalliance.org/star/

The attack surface has expanded and evolved dramatically in an era where the industry is investing nearly a trillion dollars in cloud infrastructure, operations, and applications. Modern cloud development enables faster application building and introduces complex security challenges. As generative AI becomes increasingly integrated into our tools and processes, it promises to transform how we approach cybersecurity. But what does that mean for security and development teams today?

Join us in this episode as we interview Tomer Schwartz, CTO and Co-founder, Dazz, and explore how AI can be a game-changer for security teams, especially resource-constrained teams, offering the ability to automatically discover and resolve cloud vulnerabilities at their root. We'll discuss whether human oversight will still be necessary before changes go live and when the true potential of GenAI is realized. We will also discuss how we can use AI to outsmart adversaries using it for malicious purposes. This is a must-listen for anyone interested in leveraging AI to enhance their security posture and protect against the next generation of cyber threats.

https://cloudsecurityalliance.org/star/

In our latest episode, we delve into the innovative approach of auditing "themes" as introduced in the ISO/IEC 27001:2022 revision. This reorganization of domains marks a significant shift in how we think about and implement information security management. By centering our conversation on auditing themes, we explore how this new structure enhances the alignment of security practices with organizational goals and risks. We'll discuss the rationale behind this change, practical insights on transitioning to the new model, and the benefits it brings to ensuring a robust and comprehensive security audit. Join us as we interview David Forman, founder of Mastermind, as we unpack the implications of this pivotal update and provide guidance on how to prepare for your next certification body audit.

https://cloudsecurityalliance.org/star/