Mission Statement

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more

Latest News

January 13, 2017

Open Peer Review: Cloud Security Services Management Working Group Charter

The Cloud Security Alliance would like to invite you to review and comment on the proposed Cloud Security Services Management Working Group Charter. It is well acknowledged that collaboration and coordination among all stakeholders are critical to secure the cloud platform, therefore there is a need to build and manage cloud security services within the…

January 13, 2017

Open Peer Review: Cloud Component Specifications Working Group Charter

The Cloud Security Alliance would like to invite you to review and comment on a proposed Cloud Component Specifications Working Group Charter. The working group aims to look at security of Cloud computing at a component level – e.g. hypervisor, virtual desktop infrastructure (VDI) platforms, cloud dedicated firewall and so on. This working group will…

January 13, 2017

Securing the Converged Cloud Takes Center Stage at the Cloud Security Alliance’s Annual CSA Summit at RSA Conference 2017

General Keith Alexander of IronNet Cybersecurity and Robert Herjavec of Herjavec Group to Keynote at this Year’s Event. Registration Now Open. San Francisco, CA – January 13, 2017 – RSA Conference 2017 — The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a…

December 29, 2016

Behavox on course for Level 2 STAR Attestation from the Cloud Security Alliance

Rigorous Third Party Independent Assessment To Validate Company’s Security Posture SEATTLE, WA – December 28, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that Behavox, the specialist AI enterprise software company offering compliance…

December 23, 2016

CSA’s Big Data Working Group seeking new Co-chairs to develop and maintain Research Portfolio

The Cloud Security Alliance’s Big Data Working Group is seeking new co-chairs to develop and maintain a research portfolio providing capabilities to lead the crystallization of best practices for security and privacy in big data, help industry and government on adoption of best practices, establish liaisons with other organizations in order to coordinate the development…

December 21, 2016

Call for Participation: Contribute to CSA Security Guidance V.4 Peer Review

Closing Date: Jan 13th, 2017 The Cloud Security Alliance would like to invite you to review and comment on 12 Domains of the CSA’s Security Guidance for Critical Areas of Focus in Cloud Computing. This document acts as a practical, actionable roadmap to individuals looking to safely and securely adopt the cloud paradigm. This is…

December 10, 2016

New Survey: Public Cloud Workloads

Public Cloud Workloads Survey Time: 15-20 minutes Closing Date: Jan 9th, 2017 Prizes: 5 CCSK Tokens Go to Survey Abstract: Despite a wide range of commercial software applications, many enterprises still have unique requirements they fulfill with custom, internally developed applications. For example, an airline may develop its own scheduling application for pilots and flight…

November 30, 2016

Cybersecurity in President Trump’s America: The first 100 days | Katie Lewin – Federal Director of Cloud Security Alliance Weighs In

It could take months to know what the Trump administration’s cybersecurity policy will be. Cyber-defense experts weigh in with advice and best practices for securing your company today. November 28, 2016, 10:15 AM PST From Katie Lewin – Federal Director, Cloud Security Alliance Historically when the executive and legislative branches of the federal government are…

See all news

Press Coverage

IT Business Edge | November 23, 2016

CSA Trials SaaS App for Assessing Cloud Security

Data Center Knowledge | November 23, 2016

Report: SaaS Dominates Cloud Usage in India

MSP Mentor | November 23, 2016

IoT and the Cloud: What to Watch Out For

The Hindu Business Line | November 23, 2016

62% companies on cloud for less than two years: survey

Business Standard | November 23, 2016

Instasafe, CSA release “State of Cloud Adoption and Security in India” survey report

Help Net Security | November 18, 2016

New infosec products of the week: November 18, 2016

RCR Wireless | November 17, 2016

Security remains significant hurdle for industry cloud efforts

Network World | November 15, 2016

Goodbye, NAC. Hello, software-defined perimeter

Executive Blog | November 15, 2016

Vormetric’s Wayne Lewandowski: Cloud Encryption Gateways Can Help Agencies Address Cloud Security Issues

Bob's Guide | November 09, 2016

How can financial services firms prevent costly cloud data breaches?

Active Telecoms | November 03, 2016

Cloud adoption by financial services in China past the tipping point

The Whir | November 02, 2016

Smart Card Alliance Calls for Stronger IoT Security in Wake of DDoS Attacks

Research and Markets | October 28, 2016


Security Systems News | October 26, 2016

Securing IoT

Info World | October 26, 2016

Forrester: OpenStack, AWS are today’s cloud ‘safe bets’

CSC Blogs | October 24, 2016

The Dyn DNS attacks: What we know now

Tech News World | October 13, 2016

IoT Could Become Playground for Botnets Gone Wild

The Register | October 13, 2016

Devs! Here’s how to secure your IoT network, in, uh, 75 easy pages

Government Technology Magazine | October 13, 2016

New Guide Offers Advice on Securing Internet of Things Products

Christian Science Monitor | October 13, 2016

Your home might be secretly carrying out cyberattacks

See all press

Recent Blog Posts

January 12, 2017

Long Con or Domino Effect: Beware the Secondary Attack

By  Jeremy Zoss, Managing Editor, Code42 Lightning may not strike twice, but cybercrime certainly does. The latest example: A year after the major hack of the U.S. Office of Personnel Management (OPM), cyber criminals are again targeting individuals impacted by the OPM breach with ransomware attacks. In the new attack, a...

January 06, 2017

Six Cloud Threat Protection Best Practices from the Trenches

By Ajmal Kohgadai, Product Marketing Manager, Skyhigh Networks As enterprises continue to migrate their on-premises IT infrastructure to the cloud, they often find that their existing threat protection solutions aren’t sufficient to consistently detect threats that arise in the cloud. While security information and event management (SIEM) solutions continue to rely...

December 22, 2016

Three Lessons From the San Francisco Muni Ransomware Attack

By Laurie Kumerow, Consultant, Code42 On Black Friday, a hacker hit San Francisco’s light rail agency with a ransomware attack. Fortunately, this story has a happy ending: the attack ended in failure. So why did it raise the hairs on the back of our collective neck? Because we fear that...

December 19, 2016

Adding Up the Full Cost of a Data Breach

By Nigel Hawthorn, Skyhigh Networks, EMEA Marketing Director Data breaches are happening all the time; often they hit the news for a short while then they are replaced with the latest list of victims, so we thought we’d review a data breach from a year ago and look back at...

December 15, 2016

Cyber Insurance Against Phishing? There’s a Catch

By Jeremy Zoss, Managing Editor, Code42 If one of your employees gets duped into transferring money or securities in a phishing scam, don’t expect your cyber insurance policy to cover it. And even your crime policy won’t cover it unless you purchase a specific social engineering endorsement. Many companies have learned...

December 14, 2016

Standardizing Cloud Security with CSA STAR Certification

By Tolga Erbay, Senior Manager, Security Risk and Compliance, Dropbox In early 2014 Dropbox joined the Cloud Security Alliance (CSA). Working with the CSA is an important part of Dropbox’s commitment to security and transparency. In June of 2014 Dropbox achieved Level 1 Certification through STAR, the CSA’s publicly available registry,...

December 09, 2016

IBM Touts Major Mac Cost Savings; IT Professionals Still Hesitant

By Lance Logan, Manager/Global Marketing Program, Code42 For the second year in a row, IBM’s Fletcher Previn wowed the audience at the JAMF user conference with impressive statistics on how the company’s growing Mac-based workforce is delivering dramatic and measurable business value. IBM expects Macs to save $26M in IT costs...

December 05, 2016

DevOpsSec, SecDevOps, DevSecOps: What’s in a Name?

By Jamie Tischart, CTO Cloud/SaaS, Intel Security The world is awash in DevOps, but what does that really mean? Although DevOps can mean several things to different individuals and organizations, ultimately it is about the cultural and technical changes that occur to deliver cloud services in a highly competitive environment....

Read the blog


CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more


CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Newsletter Archive

All of our past newsletters are available online for your convenience.

Read them here


Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

SaaS Governance Working Group Charter

SaaS Governance Working Group Charter

Release Date: January 12, 2017

Cloud Adoption and Security in India

Cloud Adoption and Security in India

The “State on Cloud Adoption and Security in 2016: India” survey was circulated in an effort to understand and evaluate cloud computing trends in India. We hope to understand cloud adoption plans and usage from different industries in India and how cloud adoption can have an impact on organization business strategies and plans. This report…

Release Date: November 22, 2016

Cloud Adoption Practices & Priorities in the Chinese Financial Sector

Cloud Adoption Practices & Priorities in the Chinese Financial Sector

We circulated the “Financial Services Industry Cloud Adoption Survey: China” survey to IT and security professionals in the Financial Services Institutions (FSIs) in China. The goal was not only to raise awareness around Cloud service adoption, but also to provide insight into how finance, government, insurance, and security decision makers take action in their organization…

Release Date: October 28, 2016

Defeating Insider Threats

Defeating Insider Threats

As a follow up to the Top Threats in Cloud Computing and from the months of May to July 2016 we surveyed approximately 100 professionals on the extent of the following: Employees leaking critical information and tradecraft on illicit sites Data types and formats being exfiltrated along with exfiltration mechanisms Why so many data threats…

Release Date: October 19, 2016

Future Proofing the Connected World

Future Proofing the Connected World

Release Date: October 07, 2016

Big Data Security and Privacy Handbook

Big Data Security and Privacy Handbook

Release Date: August 26, 2016

Mitigating Risk

Mitigating Risk

With several years of cloud adoption in organizations, approaches to security have been evolving rapidly. To dig deeper into these concerns and the controls being used to mitigate both sanctioned and unsanctioned cloud security risks, the Cloud Security Alliance and Bitglass conducted a survey of 176 IT security leaders. Respondents revealed that visibility and control…

Release Date: August 17, 2016

Re-Think Security

Re-Think Security

Release Date: July 15, 2016

Mobile Application Security Testing

Mobile Application Security Testing

The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications. MAST aims define a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and…

Release Date: June 30, 2016

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.