As organizations accelerate their adoption of cloud and AI technologies, internal audit teams face mounting pressure to evaluate increasingly complex hybrid and multi-cloud environments. In this episode, the Cloud Security Alliance’s John DiMaria sits down with Jerrad Bartczak of Advantage Partners to examine the rapidly evolving cloud risk landscape—spanning unclear shared responsibility, governance gaps, misconfigurations, credential sprawl, insecure APIs, and limited visibility into cloud data flows.

Listeners will gain practical guidance on establishing strong cloud governance, clarifying accountability, assessing cloud and data security posture, evaluating identity and access controls, securing application development, and addressing third-party cloud risk. The conversation also explores how frameworks such as the CSA Cloud Controls Matrix can support a structured, multi-year cloud audit strategy. Ultimately, this episode reinforces that cloud security is a strategic business imperative that requires collaboration, continuous monitoring, and a unified approach to risk management.

https://cloudsecurityalliance.org/star/

In this episode of CSA Security Update, host John DiMaria speaks with Walter Haydock, founder of StackAware, about the critical role of AI governance and compliance in today's rapidly evolving regulatory landscape. They discuss the importance of ISO 42001 as a framework for managing AI-related risks while fostering innovation. Walter shares insights on how certification can build trust with customers and streamline sales processes, as well as the challenges organizations face in navigating a patchwork of regulations. Drawing from his military background, Walter emphasizes the necessity of making informed decisions in risk management. The conversation concludes with a forward-looking perspective on the future of AI in business.

https://cloudsecurityalliance.org/star/

As AI rapidly integrates into cloud environments, organizations are facing governance, risk, and compliance challenges that traditional frameworks like ISO 27001 were never designed to address. In this episode, we explore how ISO/IEC 42001, the new international standard for an Artificial Intelligence Management System (AIMS), provides a structured and auditable approach to responsible AI governance. You’ll learn how this standard helps organizations operationalize AI risk management while ensuring accountability, transparency, and compliance across modern cloud ecosystems.

We break down practical strategies for integrating ISO/IEC 42001 into existing GRC programs—without duplicating effort or creating parallel processes.

John DiMaria interviews Tanya Tandon, Senior GRC & Risk Advisor for VISO TRUST, who draws on real-world experience as an ISO/IEC 42001 Lead Auditor, offers actionable guidance for building trustworthy AI systems, preparing for certification, and managing third-party AI risks. Whether you’re a security leader, auditor, compliance professional, or AI practitioner, you’ll gain practical insights on embedding ISO 42001 requirements into daily AI operations and aligning them with broader enterprise GRC strategies.

https://cloudsecurityalliance.org/star/

As organizations accelerate their adoption of cloud and AI technologies, internal audit teams are being pushed into a new era of complexity. In this episode, Cloud Security Alliance’s John DiMaria and Grant Thornton’s Vik Rai unpack the evolving risk landscape across hybrid and multi-cloud environments—and what auditors must do to keep pace.

We explore today’s most critical cloud security challenges, including unclear shared responsibility, governance gaps, misconfigurations, credential sprawl, insecure APIs, and limited visibility into cloud data flows. Listeners will gain practical, actionable guidance on strengthening cloud governance, evaluating security posture, assessing identity and access controls, securing application development, and managing third-party cloud risk.

You’ll also hear how frameworks like the CSA Cloud Controls Matrix (CCM) help internal audit teams build scalable, multi-year audit programs that align to modern cloud architectures.

https://cloudsecurityalliance.org/star/

In this episode of CSA Security Update, host John DiMaria and guest Scott Fuhriman of Invary discuss the evolving landscape of cloud security, focusing on the critical vulnerabilities posed by implicit trust in foundational components like kernels and hypervisors. They explore the limitations of traditional security tools and the necessity of continuous integrity measurement as a proactive defense against modern threats, including zero-day attacks. The conversation underscores the importance of integrating integrity validation into existing security frameworks, while striking a balance between performance and security. Real-world use cases demonstrate the effectiveness of these measures, particularly in critical infrastructure. The episode concludes with insights into the future of cloud security, emphasizing the need for continuous verifiable proof to enhance trust and security in cloud environments.

https://cloudsecurityalliance.org/star/

Summary

In this episode, John DiMaria and John Earle discuss the rapid rise of AI in cybersecurity, drawing parallels to the early adoption of cloud security. They explore the importance of organizational culture, change management, and team dynamics in shaping security initiatives. The conversation emphasizes the need for effective communication and the role of security champions in overcoming resistance to change. Looking ahead, they highlight the qualities that will define successful security leaders in the evolving landscape of technology.

Key takeaways

• AI is transforming cybersecurity at an unprecedented pace.
• Organizational culture significantly impacts security performance.
• Change management is essential for security leaders.
• Understanding team dynamics can enhance security initiatives.
• Building security champions is crucial for program success.
• Effective communication fosters collaboration and trust.
• Resistance to change is a natural reaction that needs addressing.
• Security leaders must empathize with team concerns.
• Data engineering knowledge will be vital for future leaders.
• Proactive security measures are more effective than reactive ones.

https://cloudsecurityalliance.org/star/

As organizations embrace generative AI, ensuring applications align with safeguards is critical. Today, we are here to explore how proper Guardrails can enable responsible AI by filtering harmful content, enforcing policies, and supporting compliance—all without slowing innovation. Join us as we interview Saptarshi Banerjee, Senior Solutions Architect at Amazon Web Services (AWS Listeners will hear real-world use cases, governance best practices, and how to build AI solutions that are powerful, secure, and aligned with enterprise values.

https://cloudsecurityalliance.org/star/

In this insightful episode, we explore the intricate world of GDPR compliance and how tools like codes of conduct can support cloud service providers. Our special guest, Gabriela Mercuri, Managing Director of SCOPE Europe, shares her expertise on the EU Cloud Code of Conduct (EU Cloud CoC), a pivotal GDPR compliance tool designed specifically for the cloud industry.

Join us as we discuss the significance of these codes of conduct, their role in ensuring data protection, and how they offer a practical framework for companies striving to meet GDPR requirements. We will also delve into the ongoing collaboration between the EU Cloud CoC and the CSA, highlighting how this partnership enhances transparency, trust, and compliance across the cloud services landscape.

Whether you’re a cloud service provider, a data protection professional, or simply interested in GDPR compliance, this episode will provide valuable insights into the evolving landscape of data protection and the practical steps companies can take to ensure compliance.

https://cloudsecurityalliance.org/star/