ChaptersCircleEventsBlog

CSA Research

Best practices, guidance, frameworks and tools to help the industry secure the cloud. Read our research to get your questions around cloud security answered.
Research

CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.

Contribute to CSA Research

Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Latest Research

Top Threats to Cloud Computing 2025

Top Threats to Cloud Computing 2025

Release Date: 04/28/2025

This report uses the threats identified in CSA’s Top Threats to Cloud Computing 2024 to reflect on eight recent cybersecurity breaches. Notable incidents covered include the Snowflake data breach (2024), CrowdStrike outage (2024), and Microsoft breach (2024).

The report presents each security...
State of SaaS Security Report 2025

State of SaaS Security Report 2025

Release Date: 04/21/2025

Software-as-a-Service (SaaS) applications have become foundational to modern business operations. However, organizations are also facing a rising tide of security challenges, including visibility gaps, shadow IT, over-privileged access, and unchecked third-party integrations. Considering these...
Zero Trust Guidance For Critical Infrastructure - Korean Translation

Zero Trust Guidance For Critical Infrastructure - Korean Translation

Release Date: 04/14/2025

In most nations, the health of public services relies on secure and resilient Critical Infrastructure. We call these infrastructures "critical" because their destruction would have a drastic impact on the welfare of a nation. This publication promotes the implementation of Zero Trust principles...