CSA News

February 12, 2016

Cloud Security Allance APAC Summit 2016 Set to Open for CloudAsia

Cloud Security Alliance and Infocomm Development Authority (IDA) partners to deliver international perspective at CloudAsia SINGAPORE – February 12, 2016 – Cloud Security Alliance Asia Pacific (CSA APAC) is proud to announce that this year’s CSA APAC Summit will be the curtain opener for Infocomm Development Authority’s (IDA) CloudAsia conference, a premium Cloud Computing event…

February 04, 2016

Cloud Security Alliance to Host Fourth Software Defined Perimeter Hackathon; Top Prize of $10,000 up for Grabs

Participants Invited to Attack Mission-Critical Cloud Application Architecture at RSA Conference; Verizon to Lead Testing Effort San Francisco, Calif. (RSA Conference Booth #S2614) – Feb. 4, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced it…

January 28, 2016

Early bird discount for CSA CEE Summit 2016 ends soon!

We would like to invite you to the 4th CSA CEE Summit that will take place on the March 8th in Ljubljana. The event topic is Public Cloud Security – What is easy and what is missing? Summit will present practical solutions for the challenges faced when transitioning to the cloud and treating security as…

January 26, 2016

Open Survey: Enterprise Hybrid Cloud Security

Hybrid cloud is a cloud deployment model using at least two different cloud deployment models (e.g. private, public, community). The deployments involved remain unique entities but are bound together by appropriate technology that enables interoperability, data portability and application portability. A hybrid cloud may be owned, managed, and operated by the organization itself or a…

January 23, 2016

Open Peer Review: The Treacherous 12 – Cloud Computing Top Threats in 2016

The Cloud Security Alliance would like to invite you to review and comment on the Top Threats Working Group’s survey report, The Treacherous 12 – Cloud Computing Top Threats in 2016. The survey report shares findings and analysis from the Top Threats Working Group’s survey from late 2015. The revised report aimed to provide organizations…

See all news

Press Coverage

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Downloads

Consensus Assessments Initiative Questionnaire v3.0.1

Consensus Assessments Initiative Questionnaire v3.0.1

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Cloud Controls Matrix v3.0.1 (1-21-16 Update)

Cloud Controls Matrix v3.0.1 (1-21-16 Update)

New and updated mappings, consolidation of redundant controls, rewritten controls for clarity of intent, STAR enablement, and SDO alignment. For CCM-related feedback, please contact ccm-leadership@cloudsecurityalliance.org.

Release Date: December 10, 2015

Big Data Taxonomy

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Security as a Service Working Group Charter

Security as a Service Working Group Charter

Release Date: February 12, 2016

Consensus Assessments Initiative Questionnaire v3.0.1

Consensus Assessments Initiative Questionnaire v3.0.1

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

The Cloud Balancing Act for IT: Between Promise and Peril

The Cloud Balancing Act for IT: Between Promise and Peril

Cloud Adoption does not have to mean opening up your organization to increased security risks and threats if the right policies are in place.

Release Date: January 13, 2016

CloudTrust Protocol Prototype Source Code

The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service customers can ask for and receive information related to the security of the services they use in the cloud, promoting transparency and trust. The source code implements a CTP server that acts as a gateway between cloud customers and cloud…

Release Date: December 10, 2015

Cloud Controls Matrix v3.0.1 (1-21-16 Update)

Cloud Controls Matrix v3.0.1 (1-21-16 Update)

New and updated mappings, consolidation of redundant controls, rewritten controls for clarity of intent, STAR enablement, and SDO alignment. For CCM-related feedback, please contact ccm-leadership@cloudsecurityalliance.org.

Release Date: December 10, 2015

International Standardization Council Policies & Procedures

In today’s technological environment, standards play a critical role in product development and market competitiveness. Every input, behavior, and action has both a contributory and a potential legal consequence. These procedures help protect the International Standardization Council (ISC or Council) participants and the CSA by establishing the necessary framework for a sound process.

Release Date: October 15, 2015

Cloud Forensics Capability Maturity Model

Release Date: October 12, 2015

CloudTrust Protocol Data Model and API

The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service customers can ask for and receive information related to the security of the services they use in the cloud, promoting transparency and trust. This document focuses on the definition of the CTP Data Model and Application Programing Interface.

Release Date: October 09, 2015

What is Post-Quantum Cryptography

Release Date: September 28, 2015

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.