Latest News

September 27, 2016

Open Peer Review – Quantum-Safe Security Glossary

The Cloud Security Alliance would like to invite you to review and comment on the Quantum-Safe Security working group’s latest document, Quantum-Safe Security Glossary. This document is the latest in a series of documents from the working group introducing quantum computing. This document is intended to help the industry understand quantum‐safe methods for protecting their…

September 27, 2016

Open Peer Review – Applied Quantum-Safe Security: Quantum Resistant Algorithms and Quantum Key Distribution position paper

The Cloud Security Alliance would like to invite you to review and comment on the Quantum-Safe Security working group’s latest document, Applied Quantum-Safe Security: Quantum Resistant Algorithms and Quantum Key Distribution. This document is the latest in a series of documents from the working group introducing quantum computing. This document focuses on the potential for…

September 23, 2016

ReadITQuick Interview with Executive Vice President of Research at CSA – Luciano Santos

ReadITQuick interview by Meghna Lal, September 21, 2016, with Luciano Santos, Executive Vice President of Research at Cloud Security Alliance. Full Interview at ReadITQuik.com

September 15, 2016

Cloud Security Alliance Announces Annual Ron Knode Service Award Recipients

Contributions from Six Dedicated Individual CSA Volunteers Recognized in Honor of the Late CSA Member and Volunteer Contributor Ron Knode SAN JOSE, CA – CSA Congress US – September 15, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure…

September 09, 2016

Data Privacy Survey: First 50 respondents get $20 Amazon gift cards – 300+ participants needed

Data Privacy and Digital Transformation Survey Prizes: $20 Amazon Gift Cards for the first 50 respondents, Ring Video Doorbell, 10 CCSK Tokens Time: 10 minutes Abstract: Cloud-based technologies are driving digital transformation, but new data privacy regulations are hampering adoption. We’d like to understand how you and your organization are balancing this dynamic. Take Survey

August 31, 2016

Cloud Security Alliance To Highlight Quantum-Safe Security, Containerization, and New Advanced Cloud Security Techniques at Upcoming Privacy.Security.Risk 2016 Conference

Presented by CSA Congress and IAPP Privacy Academy, Event to Feature Presentations in Key Areas of Emerging Interests and New Approaches to Cloud Security San Jose, CA – August 31, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure…

August 30, 2016

Cloud Security Alliance Honors Inaugural Research Fellows

Prestigious Designation Awarded to Individuals for Extraordinary CSA Research 
Volunteer Accomplishments The Cloud Security Alliance (CSA) today announced the list of inaugural members who are being awarded the CSA Research Fellow designation. The designation is the highest honor and distinction that can be given to a CSA research volunteer who has demonstrated significant contributions to…

August 29, 2016

Cloud Security Alliance and SAFECode to Host Inaugural Developer Day Training Event in Bay Area as Part of Privacy.Security.Risk 2016 Conference Event

Leading Industry Experts to Demonstrate and Discuss the Latest Techniques and Case Studies in Software Assurance and New Frontiers in Software Security Seattle, WA – August 29, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment,…

See all news

Press Coverage

PC Magazine | September 07, 2016

10 Best Practices for Securing Big Data

Security Info Watch | September 06, 2016

Addressing Cloud Risk

Channel Insider | August 30, 2016

10 Best Practices for Security, Compliance Monitoring

TechRepublic | August 29, 2016

72% of CXOs committed to digital transformation, only 15% believe they can do it

Comptuerworld | August 29, 2016

How software-defined everything will change outsourcing

Information Management | August 29, 2016

100 Best Practices in Big Data Distributed Programming Frameworks

Silicon Angle | August 28, 2016

The Cloud Security Alliance publishes its best practices for Big Data security

ComputerWorld Australia | August 27, 2016

100 best practices for keeping big data secure

CIO Insight | August 26, 2016

Security Concerns of Next-Generation Analytics

ComputerWorld | August 26, 2016

Got big data? The Cloud Security Alliance offers up 100 best practices

Cloud Tech | August 26, 2016

The top 100 best practices in big data revealed

TechRepublic | August 26, 2016

Cloud Security Alliance releases top 100 big data best practices report

SearchSecurity.com | August 26, 2016

NSA’s SNMP exploit cyberweapon affects all Cisco ASA software

Channel Partners | August 26, 2016

Channeling Security: Kaspersky Execs Say ‘Plan Is To Push More Responsibility Out To Partners’

InformationWeek | August 23, 2016

8 Steps To Building A Successful Cyber-Security Career

Talkin Cloud | August 18, 2016

London Police Arrest Sage Employee on Fraud Charges

IT Web | August 16, 2016

Inappropriate use of cloud causes incidents

Talkin Cloud | August 15, 2016

Sage Investigates Internal Data Breach

Cloud Security Resource | August 15, 2016

Security Experts Differ on Government Cooperation

Channel e2e | August 15, 2016

5 Channel Partner Updates: 15 August 2016

See all press

Recent Blog Posts

September 22, 2016

Ran$umBin: Disruptive Innovation for the Black Market

By Susan Richardson, Manager/Content Strategy, Code42 Sometimes the ingenuity of the free market is truly remarkable. And in the case of the new black market for ransomed data, remarkably scary. One of the latest triumphs of the entrepreneurial spirit is Ran$umBin, a sort of eBay for ransomers—or as Dark Reading described it,...

September 14, 2016

EFSS Spreads Ransomware; Endpoint Backup Guarantees Recovery

By Kyle Hatlestad, Principal Architect, Code42 One of the objections I’m hearing more and more is, “Why do I need backup when I have Microsoft OneDrive for Business (or Google Drive, Box or Dropbox for Business)?” On the surface, it may seem like endpoint backup isn’t needed because with an...

September 12, 2016

Eight Questions to Ask When Evaluating a CASB

By Rich Campagna, Vice President/Products & Marketing, Bitglass Cloud Access Security Brokers are the hottest technology in enterprise security right now, topping Gartner’s Top 10 list two years running. Widespread adoption of major cloud apps like Office 365 (and corresponding cloud security concerns) are accelerating CASB adoption in every major industry, from financial services to healthcare. If you’re...

September 09, 2016

Cybersecurity: “Change or Die”

By Paul B. Kurtz, CEO TruSTAR Technology and Member of Board of Directors, Cloud Security Alliance “Change or die” is an old phrase computer programmers use to highlight the speed of change in a world of innovation. Its implications go beyond programming and underscore the precarious situation we find ourselves...

September 09, 2016

WSJ Warns of Ransomware—Misses the Obvious Solution

By Susan Richardson, Manager/Content Strategy, Code42 Read through the recent Wall Street Journal ransomware article and you’ll find some great stats on the growing threat and cost. One thing you won’t find: the word “backup.” We’re happy to see ransomware finally getting the attention it deserves, but why discuss the problem and...

September 07, 2016

Dealing with Dropbox: Unmasking Hackers with User Behavior Analytics

By Ganesh Kirti, Founder and CTO, Palerra Dropbox was in the news a few months ago due to false reports of a data breach. Unfortunately, they’ve made headlines again. Vice reported that hackers stole over 60 million account details for the cloud storage service. This time, the breach is real, and a senior...

September 07, 2016

Five IT Security Projects That Will Accelerate Your Career

By Cameron Coles, Director of Product Marketing, Skyhigh Networks The skills required to be successful in IT security are changing. In a recent survey (download a free copy here) 30.7% IT leaders reported that a lack of skilled IT professionals is the greatest barrier to preventing data loss. Respondents also listed incident...

September 06, 2016

CASBs in Healthcare

By Rich Campagna, Vice President/Products & Marketing, Bitglass Initially a laggard in cloud adoption, the healthcare industry is now adopting public cloud applications en masse, with adoption of cloud based productivity apps like Office 365 and Google Apps. Adoption is up from 8% in 2014 to over 36% in 2015, with no signs of slowing down! This...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Newsletter Archive

All of our past newsletters are available online for your convenience.

Read them here

Downloads

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1

Consensus Assessments Initiative Questionnaire v3.0.1

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Secure Design and Development of IoT Products

This content is coming soon. Please check back later.

Release Date: September 02, 2016

Big Data Security and Privacy Handbook

Big Data Security and Privacy Handbook

Release Date: August 26, 2016

Mitigating Risk Survey Report

Mitigating Risk Survey Report

Release Date: August 17, 2016

Re-Think Security

Release Date: July 15, 2016

Mobile Application Security Testing

Mobile Application Security Testing

The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications. MAST aims define a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and…

Release Date: June 30, 2016

Quantum Random Number Generators

Quantum Random Number Generators

A random number is generated by a process whose outcome is unpredictable, and which cannot be reliably reproduced. Randomness, quantitatively measured by entropy, is the measure of uncertainty or disorder within a set of data. The higher the level of unpredictability, the more random the data is and the more valuable it becomes, particularly for…

Release Date: June 09, 2016

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Identity Security Survey Report

Identity Security Survey Report

Release Date: April 19, 2016

CSA STAR Program & Open Certification Framework in 2016 and Beyond

CSA STAR Program & Open Certification Framework in 2016 and Beyond

The Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) program is the industry’s leading trust mark for cloud security. The CSA Open Certification Framework (OCF) is a program for flexible, incremental and multi-layered CSP certifications according to the CSA’s industry leading security guidance. The OCF/STAR program comprises a global cloud computing assurance framework…

Release Date: April 12, 2016

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.