Latest News

July 07, 2016

Mobile Application Security Testing releases its white paper.

The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications. MAST aims define a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and…

July 07, 2016

NEW! Quantum Safe Security Awareness Survey

Quantum Safe Security Awareness Survey The goal of this survey is to collect information from security professionals on their awareness of quantum safe issues and the approaches that can be used to address them. The results of the survey will be disseminated by the CSA and will be available on the Quantum Safe Security Working…

July 06, 2016

Google’s Gerhard Eschelbeck to Keynote at Cloud Security Alliance Congress US at Privacy.Security.Risk Conference

Registration Now Open for the Industry’s Premier Gathering for Cloud Education and Best Practices San Jose, CA – July 6, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that Gerhard Eschelbeck, Vice President,…

June 27, 2016

Cloud Security Alliance Issues New Paper on Understanding Quantum Random Number Generators

The Cloud Security Alliance (CSA) today announced the availability of a new research brief from the Quantum-Safe Security (QSS) Working Group titled Quantum Random Number Generators, a whitepaper that looks to detail the impact of randomness on security in an effort to develop the building blocks for effective encryption. Quantum computing, which involves joining the…

June 07, 2016

Data Privacy and Digital Transformation Survey in English, Español, and Português

Prizes include: 10 CCSK Tokens, 100 $20 Amazon Gift Cards, and a Ring Video Doorbell. Data Privacy and Digital Transformation Cloud-based technologies are driving digital transformation, but new data privacy regulations are hampering adoption. We’d like to understand how you and your organization are balancing this dynamic. Participate Now Privacidade de Dados e Transformação Digital…

June 01, 2016

Open Peer Review: Application Containers and Microservices Charter

The CSA encourages its community to provide feedback in order to help identify any critical areas which may be missing in this document’s focus as it regards to scope, deliverables/activities, and mission. The open review and comments period starts today and ends on Friday, July 1, 2016. We appreciate your feedback. Contribute now

May 26, 2016

Open Surveys: Mitigating Risk for Cloud Apps and IT Security in the Age of Cloud

We have two surveys open. If you have a few minutes and would like to win some cool prizes, consider taking our surveys. Mitigating Risk for Cloud Apps Time: 10-15 minutes Prizes: 10 CCSK tokens and a fun new prize will be added shortly Abstract: Current state of SaaS security – with several years of…

May 26, 2016

Open Peer Review – Big Data Security and Privacy Handbook: 100 Best Practices in Big Data Security and Privacy

The Cloud Security Alliance would like to invite you to review and comment on the Big Data working group’s latest document, Big Data Security and Privacy Handbook: 100 Best Practices in Big Data Security and Privacy. This document lists out in detail the best practices that should be followed by big data service providers to…

See all news

Press Coverage

Cloud Security Resource | June 20, 2016

It’s Time to Secure that Cloud…but What Skills Do You Need?

MSP Mentor | June 17, 2016

Cloud 101: Setting Customer Expectations

Business Reporter | June 15, 2016

#DSCloud16: Firms must take an evidence-based approach to cloud security

InfoSecurity Magazine | June 14, 2016

Ransomware Tunes into Smart TVs

SC Magazine | June 02, 2016

“Children are dying” due to restrictions on data, warns cloud expert

Biz Report | June 01, 2016

Top 4 tips to secure your business in the cloud

Network World | June 01, 2016

Software-defined Perimeter (SDP) Essentials

RCR Wireless | May 31, 2016

ICSA Labs to roll out IoT security testing certification

Security Intelligance | May 27, 2016

2016 Security Conferences: Infosecurity Europe

Baseline | May 27, 2016

Cloud Deployments Grow Despite Security Concerns

Security News Desk | May 27, 2016

Certes Networks shrinks the attack surface at Infosecurity Europe

Securosis Blog | May 24, 2016

Incident Response in the Cloud Age: More Data, No Data, or Both?

Computer News Middle East | May 23, 2016

eHDF enhances its Public Cloud portal

The Straits Times | May 23, 2016

Smart Nation push to see $2.8b worth of tenders this year

Security Brief | May 18, 2016

Waikato University takes on Kiwi cyber security

Vanilla Plus | May 17, 2016

Prpl Foundation to give keynote at Cloud Security Alliance at the Cloud Security Summit in Milan

Government Computer News | May 12, 2016

Scott stresses the IT changes a $3.1B revolving fund could bring

CIO | May 10, 2016

Why banks are finally cashing in on the public cloud

FierceBigData | May 09, 2016

Open source prpl Foundation publishes peer-reviewed IoT security guide

Securosis Blog | May 09, 2016

Updates to Our Black Hat Cloud Security Training Classes

See all press

Recent Blog Posts

July 22, 2016

Modern Endpoint Backup Sees Data Leak Before It Hurts

By Ann Fellman, Vice President/Marketing and Enterprise Product Marketing Director, Code42 Picture this: You’re enjoying a beautiful summer Saturday, watching your kid on the soccer field, when your phone rings. It’s work. Bummer. “Hi, this is Ben from the InfoSec team. It appears that John Doe, whose last day is next...

July 15, 2016

An Enterprise View of Software Defined Perimeter

By Jim Reavis, Co-founder and CEO, Cloud Security Alliance As cloud computing and unmanaged endpoints continue to gain traction, it is a foregone conclusion that information security technical controls must become more virtual – that is to say, software-based. Rapidly disappearing are the days of physical perimeters and hardwired network...

July 15, 2016

How Do We Stack Up to Gartner’s Five Steps for Ransomware Protection?

By Mark Wojtasiak, Director of Product Marketing, Code42 Gartner’s June 2016 article, “Use These Five Backup and Recovery Best Practices to Protect Against Ransomware,” outlines five steps for mitigating the threat and/or risk of being hit with ransomware. I will spare you the market stats and dollar figures intended to scare you into taking action...

July 12, 2016

What You Need to Know: Navigating EU Data Protection Changes – EU-US Privacy Shield and EU General Data Protection Regulation

By Marshall England, Industry Marketing Director, Technology & Cloud, Coalfire If you’re an organization with trans-Atlantic presence that transmits and stores European citizen data (e.g. employee payroll & HR data, client & prospect data) in the U.S. you will want to pay attention. What we will discuss was administered under the...

July 11, 2016

An In-House Security Approach for Cloud Services That Won’t Drive Your IT Department Insane

By Jane Melia, VP/Strategic Business Development, QuintessenceLabs “If your security sucks now, you’ll be pleasantly surprised by the lack of change when you move to cloud.” — Chris Hoff, Former CTO of Security, Jupiter Networks The chances are, almost everyone in your organization loves the convenience of the cloud for data storage...

July 07, 2016

No More Excuses – Time to Get a Grip On Your Cloud Security

Rolf Haas, Enterprise Technology Specialist/Network Security and Content Division, Intel Security Cloud use continues to grow rapidly in the enterprise and has unquestionably become a part of mainstream IT – so much so that many organizations now claim to have a “cloud-first” strategy. That’s backed up by a survey* we...

July 06, 2016

Shock Treatment: Combatting Infosec Negligence

By Peter Wood, Cyber Security Consultant, Code42 Boring training videos, box-ticking to meet regulations, blacklisting software at the expense of productivity: large enterprise has been reliant on these methods of “cyber security control” for too long. They are outdated and don’t work. Cyber criminals don’t follow the steps outlined in a...

July 01, 2016

FedRAMP High Baseline Requirements Published

By Abel Sussman, Director, TAAS–Public Sector and Cyber Risk Advisory, Coalfire The Federal Risk and Authorization Management Program (FedRAMP) Project Management Office officially released its High baseline for High impact-level systems. This baseline is at the High/High/High categorization level for confidentiality, integrity, and availability in accordance with FIPS 199; and is mapped...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Newsletter Archive

All of our past newsletters are available online for your convenience.

Read them here

Downloads

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1

Consensus Assessments Initiative Questionnaire v3.0.1

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Re-Think Security

Release Date: July 15, 2016

Mobile Application Security Testing

Mobile Application Security Testing

The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications. MAST aims define a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and…

Release Date: June 30, 2016

Quantum Random Number Generators

Quantum Random Number Generators

A random number is generated by a process whose outcome is unpredictable, and which cannot be reliably reproduced. Randomness, quantitatively measured by entropy, is the measure of uncertainty or disorder within a set of data. The higher the level of unpredictability, the more random the data is and the more valuable it becomes, particularly for…

Release Date: June 09, 2016

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Identity Security Survey Report

Identity Security Survey Report

Release Date: April 19, 2016

CSA STAR Program & Open Certification Framework in 2016 and Beyond

CSA STAR Program & Open Certification Framework in 2016 and Beyond

The Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) program is the industry’s leading trust mark for cloud security. The CSA Open Certification Framework (OCF) is a program for flexible, incremental and multi-layered CSP certifications according to the CSA’s industry leading security guidance. The OCF/STAR program comprises a global cloud computing assurance framework…

Release Date: April 12, 2016

Mobile Application Security Testing Initiative Revised Charter

Mobile Application Security Testing Initiative Revised Charter

Mobile applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing. The Mobile Application Security Testing initiative will aim to create a safer cloud ecosystem for mobile applications by creating systematic approaches to application…

Release Date: March 14, 2016

Defining Categories of Security as a Service: Continuous Monitoring

Defining Categories of Security as a Service: Continuous Monitoring

In order to improve the understanding of Security as a Service and accelerate market acceptance, clear categorization and definitions of these services is necessary. This document provides a high overview of the business and technical elements needed to evaluate the risks associated with the category of Continuous Monitoring.

Release Date: February 29, 2016

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.