Cloud Security Alliance Transforms IT Compliance And Assurance With Launch Of Compliance Automation Revolution (CAR)

CAR to solve real-world compliance problems with practical and effective solutions

SAN FRANCISCO & SEATTLE--(BUSINESS WIRE)--#AI--(RSA Conference)-- Today's organizations have to comply with hundreds of data security and privacy laws, while grappling with an influx of even more regulations thanks to the rise of Artificial Intelligence (AI). Making matters more challenging, the proliferation of data and technology continues to increase the required scope of compliance efforts. Organizations are spending more but getting less with respect to security improvement. In response, the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, has launched the Compliance Automation Revolution (CAR). A broad-based coalition founded in partnership with such industry leaders as Google, Oracle, Anecdotes, Coalfire, Deloitte Italy, Salesforce, Schellman, and Vanta, CAR aims to solve real-world compliance problems with practical and effective solutions.

CAR seeks to radically improve the quality of compliance, while decreasing risks and costs through automation that scales with the business, regulatory harmonization that eliminates redundant effort, and real-time information exchanges that keep businesses and regulators aligned. By leveraging compliance efforts, CAR will improve organizations' assurance posture and increase the overall level of trust within the ecosystem.

“With 16 years of thought leadership, cutting-edge innovation, and global expertise, CSA is uniquely positioned to lead the Compliance Automation Revolution. Through initiatives like the globally recognized Security, Trust, Assurance and Risk (STAR) program and vendor-neutral research, we’ve consistently prioritized the industry’s evolving needs. Now, with the launch of CAR, we’re shaping a future where compliance not only enhances security but does so efficiently—eliminating unnecessary costs and redundant efforts,” said Jim Reavis, CEO and co-founder, Cloud Security Alliance.

Backed by CSA's community of industry experts and with support from leading policymakers and regulators, CAR is fundamentally transforming how organizations approach compliance, security governance, assurance, and, ultimately, trust. The initiative will focus on four key action areas:

1. Automating Evidence Collection and Sharing. Developing methods and tools to automatically gather compliance evidence and share them in a standardized machine-readable format.
2. Shifting Compliance Left. Embedding compliance checks early in development as part of system design and CI/CD pipelines.
3. Harmonizing Regulatory Frameworks. Mapping and aligning frameworks into a common, reusable set of controls.
4. Driving Risk Quantification. Developing metrics and models to quantify security and compliance risk in objective terms, including defining standardized metrics for control effectiveness and assurance levels.

“Adhering to compliance is often viewed as a costly, point-in-time snapshot that lags behind the pace of innovation. CAR represents a vital industry collaboration to change that paradigm. By embracing automation, harmonization, and 'compliance-as-code,' we're not just aiming to reduce audit fatigue; we're building a future founded on continuous, evidence-based trust that can finally scale with the dynamic nature of cloud and AI,” said Archana Ramamoorthy, Senior Director, Regulated and Trusted Cloud, Google Cloud, CAR Founding Member.

“The Compliance Automation Revolution marks a strategic move toward aligning compliance and security as complementary forces. As the regulatory landscape grows more complex, and threats become more sophisticated, it is critical for organizations to proactively address both. We're excited to work with CSA in advancing this mission,” said Anil Markose, GVP, Chief Compliance Offer for Oracle SaaS.

“Enterprises today face increasingly complex GRC environments, and the need for scalable, automated solutions has never been greater. At Anecdotes, we’re proud to be an ambassador for the Compliance Automation Revolution initiative, championing innovation that will help organizations navigate these challenges with greater ease and efficiency. This initiative tackles an unsolved problem, and we anticipate every enterprise will benefit from the groundbreaking work coming out of it,” said Yair Kuznitsov, CEO and Co-Founder, Anecdotes.

“Security and compliance should be less of a burden — they should be a business enabler. The Compliance Automation Revolution provides the framework and collaboration needed to streamline compliance efforts, reduce risk exposure, and ensure organizations stay ahead of emerging threats,” said Adam Shnider, Executive Vice President/Compliance Services, Coalfire.

“By joining the Compliance Automation Revolution, we reaffirm our commitment to proactive security and compliance excellence. In an era of growing regulatory complexity, automation is key to reducing operational risk and streamlining compliance efforts. CAR represents a significant step forward in enabling organizations to shift resources from manual compliance tasks to innovation and business growth,” said Fabio Battelli, Senior Partner, Deloitte Central Mediterranean for Cyber Security Services.

“The regulatory landscape is shifting fast — and so are emerging threats. Static, check-the-box compliance models are no longer sufficient to keep pace. At Salesforce, we see compliance as a trust enabler, not a roadblock. That’s why we’re proud to join the Compliance Automation Revolution and partner with CSA to drive scalable, proactive solutions, leveraging the power of AI, that help organizations meet rising expectations with confidence,” said Prashant Vadlamudi, SVP, Product Security, Salesforce.

“In today’s environment of mounting regulatory demands and rapidly evolving cyber threats, the Compliance Automation Revolution isn’t just timely, it’s essential. It’s about transforming how organizations approach compliance, turning a traditionally reactive process into a proactive strategy for resilience. By embracing automation and collaboration, we can drive smarter decisions, reduce risk, and build a stronger, more secure future,” said Avani Desai, CEO of Schellman.

“As regulations grow more complex and the threat landscape evolves, companies need automation not just to keep up, but to get ahead. The Compliance Automation Revolution is an important industry movement, and Vanta is proud to join this effort to push the industry toward smarter, more scalable ways of working. Together, we can simplify compliance, strengthen security programs, and free up teams to focus on what matters most,” said Jadee Hanson, CISO, Vanta.

Become part of the Compliance Automation Revolution or learn more.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on X @cloudsa.

Contacts

Media Contacts
Kristina Rundquist
ZAG Communications for the CSA
kristina@zagcommunications.com