Mission Statement

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more

Latest News

December 10, 2016

New Survey: Public Cloud Workloads

Public Cloud Workloads Survey Time: 15-20 minutes Closing Date: Jan 9th, 2017 Prizes: 5 CCSK Tokens Go to Survey Abstract: Despite a wide range of commercial software applications, many enterprises still have unique requirements they fulfill with custom, internally developed applications. For example, an airline may develop its own scheduling application for pilots and flight…

November 30, 2016

Cybersecurity in President Trump’s America: The first 100 days | Katie Lewin – Federal Director of Cloud Security Alliance Weighs In

It could take months to know what the Trump administration’s cybersecurity policy will be. Cyber-defense experts weigh in with advice and best practices for securing your company today. November 28, 2016, 10:15 AM PST From Katie Lewin – Federal Director, Cloud Security Alliance Historically when the executive and legislative branches of the federal government are…

November 23, 2016

Cloud Security Alliance Releases Report on State of Cloud Adoption in India

Findings Come on the Heels of Successful CSA APAC Congress in Bengaluru Bengaluru, India – November 22, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, successfully hosted its 4th CSA APAC Congress on 22nd-23rd November…

November 15, 2016

Cloud Security Alliance Launches Crowdfunded Cloud Security Management Solution

STARWatch SaaS Application Empowers Organizations to Manage Compliance & Risks Using CSA Standards and Best Practices SAN FRANCISCO – November 15, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the launch of its…

November 03, 2016

CSA’S IOT SECURITY REPORT

OCTOBER 28, 2016 via RESEARCHandMARKETS, The World’s Largest Market Research Store Last week’s DDoS attack was the largest of its kind in history, and shows how easy Internet of Things devices can be compromised and used to conduct massive cyber-attacks. The attack has caused serious concern among the technology community regarding the level of security…

November 02, 2016

Cloud Security Alliance Releases Chinese Financial Services Report with Ernst & Young China

Beijing, CHINA – November 1, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, and Ernst & Young (EY) China, today released the results of a joint survey, “Financial Services Industry Cloud Adoption Survey: China”. The…

October 07, 2016

CSA Internet of Things Working Group Releases Industry’s First Guidance for Securing IoT Product Ecosystem

‘Designing and Developing Secure IoT Products’ Provides Actionable and Useful Guidance to Raise the Overall Security of IoT Products San Jose, CA – CSA Congress 2016 – October 7, 2016 – The Cloud Security Alliance (CSA) today released a new detailed and hefty guidance report titled Future-proofing the Connected World: 13 Steps to Developing Secure…

October 07, 2016

Cloud Security Alliance EMEA to Host Fifth Annual Congress

Agenda and Keynote Speakers Announced for Premiere European Cloud Security Event MADRID, SPAIN – October 7, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the agenda and keynote speakers for its fifth annual…

See all news

Press Coverage

Business Standard | November 23, 2016

Instasafe, CSA release “State of Cloud Adoption and Security in India” survey report

IT Business Edge | November 23, 2016

CSA Trials SaaS App for Assessing Cloud Security

Data Center Knowledge | November 23, 2016

Report: SaaS Dominates Cloud Usage in India

MSP Mentor | November 23, 2016

IoT and the Cloud: What to Watch Out For

The Hindu Business Line | November 23, 2016

62% companies on cloud for less than two years: survey

Help Net Security | November 18, 2016

New infosec products of the week: November 18, 2016

RCR Wireless | November 17, 2016

Security remains significant hurdle for industry cloud efforts

Network World | November 15, 2016

Goodbye, NAC. Hello, software-defined perimeter

Executive Blog | November 15, 2016

Vormetric’s Wayne Lewandowski: Cloud Encryption Gateways Can Help Agencies Address Cloud Security Issues

Bob's Guide | November 09, 2016

How can financial services firms prevent costly cloud data breaches?

Active Telecoms | November 03, 2016

Cloud adoption by financial services in China past the tipping point

The Whir | November 02, 2016

Smart Card Alliance Calls for Stronger IoT Security in Wake of DDoS Attacks

Research and Markets | October 28, 2016

CSA’S IOT SECURITY REPORT

Security Systems News | October 26, 2016

Securing IoT

Info World | October 26, 2016

Forrester: OpenStack, AWS are today’s cloud ‘safe bets’

CSC Blogs | October 24, 2016

The Dyn DNS attacks: What we know now

Tech News World | October 13, 2016

IoT Could Become Playground for Botnets Gone Wild

The Register | October 13, 2016

Devs! Here’s how to secure your IoT network, in, uh, 75 easy pages

Government Technology Magazine | October 13, 2016

New Guide Offers Advice on Securing Internet of Things Products

Christian Science Monitor | October 13, 2016

Your home might be secretly carrying out cyberattacks

See all press

Recent Blog Posts

December 09, 2016

IBM Touts Major Mac Cost Savings; IT Professionals Still Hesitant

By Lance Logan, Manager/Global Marketing Program, Code42 For the second year in a row, IBM’s Fletcher Previn wowed the audience at the JAMF user conference with impressive statistics on how the company’s growing Mac-based workforce is delivering dramatic and measurable business value. IBM expects Macs to save $26M in IT costs...

December 05, 2016

DevOpsSec, SecDevOps, DevSecOps: What’s in a Name?

By Jamie Tischart, CTO Cloud/SaaS, Intel Security The world is awash in DevOps, but what does that really mean? Although DevOps can mean several things to different individuals and organizations, ultimately it is about the cultural and technical changes that occur to deliver cloud services in a highly competitive environment....

December 02, 2016

Insurance Carrot Beats Government Stick in Quest for Stronger Cybersecurity

By Laurie Kumerow, Consultant, Code42 When it comes to cybersecurity, the U.S. federal government recognizes the carrot is more effective than the stick. Instead of using regulations to increase data security and protect personal information within private organizations, the White House is enlisting the insurance industry to offer incentives for...

November 30, 2016

One Day Is a Lifetime in Container Years

By Jon King, Security Technologist and Principal Engineer, Intel Security Securing virtual assets that appear and disappear. The average life span of a container is short and getting shorter. While some organizations use containers as replacements for virtual machines, many are using them increasingly for elastic compute resources, with life spans...

November 23, 2016

Out of the Shadows

By Patty Hatter, Vice President and General Manager, Intel Security Group Professional Services How to Bring Cloud Usage into the Light On any given day – with a quick spot-check – you’ll probably find that up to half of your company’s IT usage is basically hidden in the shadows of various...

November 21, 2016

Evolving Threats Compel an About-face in Data Protection Strategy

By  Vijay Ramanathan, Vice President of Product Management, Code42 It’s time to flip our thinking about enterprise information security. For a long time, the starting point of our tech stacks has been the network. We employ a whole series of solutions on servers and networks—from monitoring and alerts to policies and...

November 18, 2016

Container Sprawl: The Next Great Security Challenge

By Jon King, Security Technologist and Principal Engineer, Intel Security And you thought virtualization was tough on security … Containers, the younger and smaller siblings of virtualization, are more active and growing faster than a litter of puppies. Recent stats for one vendor show containers now running on 10% of hosts,...

November 14, 2016

Fight Against Ransomware Takes to the Cloud

By Raj Samani, EMEA CTO, Intel Security “How many visitors do you expect to access the No More Ransom Portal?” This was the simple question asked prior to this law enforcement (Europol’s European Cybercrime Centre, Dutch Police) and private industry (Kaspersky Lab, Intel Security) portal going live, which I didn’t have...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Newsletter Archive

All of our past newsletters are available online for your convenience.

Read them here

Downloads

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Cloud Adoption and Security in India

Cloud Adoption and Security in India

The “State on Cloud Adoption and Security in 2016: India” survey was circulated in an effort to understand and evaluate cloud computing trends in India. We hope to understand cloud adoption plans and usage from different industries in India and how cloud adoption can have an impact on organization business strategies and plans. This report…

Release Date: November 22, 2016

Cloud Adoption Practices & Priorities in the Chinese Financial Sector

Cloud Adoption Practices & Priorities in the Chinese Financial Sector

We circulated the “Financial Services Industry Cloud Adoption Survey: China” survey to IT and security professionals in the Financial Services Institutions (FSIs) in China. The goal was not only to raise awareness around Cloud service adoption, but also to provide insight into how finance, government, insurance, and security decision makers take action in their organization…

Release Date: October 28, 2016

Defeating Insider Threats

Defeating Insider Threats

As a follow up to the Top Threats in Cloud Computing and from the months of May to July 2016 we surveyed approximately 100 professionals on the extent of the following: Employees leaking critical information and tradecraft on illicit sites Data types and formats being exfiltrated along with exfiltration mechanisms Why so many data threats…

Release Date: October 19, 2016

Future Proofing the Connected World

Future Proofing the Connected World

Release Date: October 07, 2016

Big Data Security and Privacy Handbook

Big Data Security and Privacy Handbook

Release Date: August 26, 2016

Mitigating Risk

Mitigating Risk

With several years of cloud adoption in organizations, approaches to security have been evolving rapidly. To dig deeper into these concerns and the controls being used to mitigate both sanctioned and unsanctioned cloud security risks, the Cloud Security Alliance and Bitglass conducted a survey of 176 IT security leaders. Respondents revealed that visibility and control…

Release Date: August 17, 2016

Re-Think Security

Re-Think Security

Release Date: July 15, 2016

Mobile Application Security Testing

Mobile Application Security Testing

The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications. MAST aims define a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and…

Release Date: June 30, 2016

Quantum Random Number Generators

Quantum Random Number Generators

A random number is generated by a process whose outcome is unpredictable, and which cannot be reliably reproduced. Randomness, quantitatively measured by entropy, is the measure of uncertainty or disorder within a set of data. The higher the level of unpredictability, the more random the data is and the more valuable it becomes, particularly for…

Release Date: June 09, 2016

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.