As organizations accelerate their adoption of cloud and AI technologies, internal audit teams face mounting pressure to evaluate increasingly complex hybrid and multi-cloud environments. In this episode, the Cloud Security Alliance’s John DiMaria sits down with Jerrad Bartczak of Advantage Partners to examine the rapidly evolving cloud risk landscape—spanning unclear shared responsibility, governance gaps, misconfigurations, credential sprawl, insecure APIs, and limited visibility into cloud data flows.

Listeners will gain practical guidance on establishing strong cloud governance, clarifying accountability, assessing cloud and data security posture, evaluating identity and access controls, securing application development, and addressing third-party cloud risk. The conversation also explores how frameworks such as the CSA Cloud Controls Matrix can support a structured, multi-year cloud audit strategy. Ultimately, this episode reinforces that cloud security is a strategic business imperative that requires collaboration, continuous monitoring, and a unified approach to risk management.

https://cloudsecurityalliance.org/star/

In this episode of CSA Security Update, host John DiMaria speaks with Walter Haydock, founder of StackAware, about the critical role of AI governance and compliance in today's rapidly evolving regulatory landscape. They discuss the importance of ISO 42001 as a framework for managing AI-related risks while fostering innovation. Walter shares insights on how certification can build trust with customers and streamline sales processes, as well as the challenges organizations face in navigating a patchwork of regulations. Drawing from his military background, Walter emphasizes the necessity of making informed decisions in risk management. The conversation concludes with a forward-looking perspective on the future of AI in business.

https://cloudsecurityalliance.org/star/

As AI rapidly integrates into cloud environments, organizations are facing governance, risk, and compliance challenges that traditional frameworks like ISO 27001 were never designed to address. In this episode, we explore how ISO/IEC 42001, the new international standard for an Artificial Intelligence Management System (AIMS), provides a structured and auditable approach to responsible AI governance. You’ll learn how this standard helps organizations operationalize AI risk management while ensuring accountability, transparency, and compliance across modern cloud ecosystems.

We break down practical strategies for integrating ISO/IEC 42001 into existing GRC programs—without duplicating effort or creating parallel processes.

John DiMaria interviews Tanya Tandon, Senior GRC & Risk Advisor for VISO TRUST, who draws on real-world experience as an ISO/IEC 42001 Lead Auditor, offers actionable guidance for building trustworthy AI systems, preparing for certification, and managing third-party AI risks. Whether you’re a security leader, auditor, compliance professional, or AI practitioner, you’ll gain practical insights on embedding ISO 42001 requirements into daily AI operations and aligning them with broader enterprise GRC strategies.

https://cloudsecurityalliance.org/star/