Mission Statement

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more

Latest News

February 13, 2018

Cloud Security Alliance Releases New Report Examining Ways in Which Blockchain Technology Can Facilitate, Improve IoT Security

Report offers high-level overview, use-case examples of blockchain for IoT security SEATTLE, WA – Feb. 13, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released Using Blockchain Technology to Secure Internet of Things, a new…

February 12, 2018

Spotlight on Enterprise Grade Cloud Security at Cloud Security Alliance’s Annual CSA Summit at RSA Conference 2018

Chief Executives from Leading Global Companies Talk Cloud as the New Dominant IT System; Registration Now Open San Francisco, CA – February 7, 2018 – RSA Conference 2018 — The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment today announced the…

February 12, 2018

Cloud Security Alliance Issues State of ERP Security in the Cloud Report

Newest research paper examines security, privacy challenges of migrating ERP systems to the cloud SEATTLE, WA – February 12 – 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released The State of ERP (Enterprise…

February 12, 2018

Volunteers Needed: Blockchain/Distributed Ledger Working Group

The CSA Blockchain and Distributed Ledger Working Group is searching for volunteers to participate in the development of whitepapers on blockchain use cases and guidance for implementing blockchain technology. The working group is looking for volunteers who have expertise in the financial sector and/or experience working with blockchain or related technologies. If you are interested…

January 26, 2018

Cloud Security Alliance Releases Quantum-Safe Security Awareness Survey Report

Newest paper finds that despite awareness of threat posed by quantum computing, little is being done to prepare SEATTLE, WA – January 26, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released the Quantum-Safe…

January 05, 2018

Launching of Application Containers and Microservices

The Cloud Security Alliance is launching the Application Containers and Microservices (ACM) Working Group. The CSA ACM Working Group previously work with the National Institute of Standards and Technology (NIST) ACM Working Group to provide research, guidance, and best practices for the secure use of application containers and microservices. CSA is currently looking for volunteers…

December 04, 2017

Cloud Security Alliance Announces Launch of CCSKv4

Updates to industry leading cloud certificate reflect evolving cloud landscape and the need for qualified security professionals SEATTLE, WA – December 4, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the general availability…

November 30, 2017

Cloud Security Alliance Announces 2017 Ron Knode Service Award Recipients

Volunteers recognized for dedication, efforts to furthering cloud security best practices SEATTLE, WA – November 30, 2017 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the recipients of its sixth annual Ron Knode Service Award,…

See all news

Press Coverage

Recent Blog Posts

February 23, 2018

Unmanaged Device Controls, External Sharing, and Other Real CASB Use Cases

By Salim Hafid, Product Marketing Manager, Bitglass Many in the security industry have heard about CASBs  (cloud access security brokers) as the go-to solutions for data and threat protection in the cloud. But where exactly do CASBs slot in? If you already have a NGFW (next-gen firewall) or perhaps a secure-web-gateway-type solution, why...

February 21, 2018

A Home for CASB

By Kyle Watson, Partner, Information Security, Cedrus Over the past 18 months, I’ve been working on CASB in some form or another including: —Educational architectural and technical videos —Request for Proposal (RFP) assistance —Pre-sales presentations and demos —Proof of Concepts (POCs) —Implementation —Operations build-out and transition I’ve discovered some interesting things...

February 19, 2018

Malware P.I. – Odds Are You’re Infected

By Jacob Serpa, Product Marketing Manager, Bitglass In Bitglass’ latest report, Malware P.I., the Next-Gen CASB company uncovered startling information about the rate of malware infection amongst organizations. Additionally, experiments with a new piece of zero-day malware yielded shocking results. Here is a glimpse at some of the outcomes. Nearly half of organizations have...

February 15, 2018

Agentless Mobile Security: No More Tradeoffs

By Kevin Lee, Systems QA Engineer, Bitglass Have you ever seen a “Pick two out of three” diagram? They present three concepts and force individuals to select the one that they see as the least important. The tradeoffs between convenience, privacy, and security serve as a perfect example of a “Pick two” situation...

February 12, 2018

Saturday Security Spotlight: Military, Apps, and Threats

By Jacob Serpa, Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks: —Fitness app exposes military bases —Soldiers’ names revealed by app —Google Play filled with fake apps —Medical devices easily hacked —The internet of things creates risk for the enterprise Fitness app exposes military bases Strava,...

February 07, 2018

Why Next-Gen Firewalls Can’t Replace CASBs

By Joe Green, Vice President,/WW Solutions Engineering, Bitglass A security solution is only as good as the data it protects. Some solutions focus on data protection on the corporate network, others focus entirely on cloud data, and a select few enable security at access from any network. Next-gen firewalls (NGFWs) are...

February 02, 2018

EMV Chip Cards Are Working – That’s Good and Bad

By Rich Campagna, CEO, Bitglass For many years, credit card companies and retailers ruled the news headlines as victims of breaches. Why? Hackers’ profit motives lead them to credit card numbers as the quickest path to monetization. Appropriate data in hand and a working counterfeit card could be cranked out...

January 29, 2018

Saturday Security Spotlight: Cyberwarfare and Cryptocurrency

By Jacob Serpa, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks: —Cyberattacks deemed a top threat to society —Hackers target data around the world —Poor app designs threaten countries’ infrastructure —Olympic Committee emails leaked by hackers —Half of UK firms fail to secure cloud —WiFi can...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Downloads

The State of Enterprise Resource Planning Security in the Cloud

Description: The State of ERP Security in the Cloud briefly highlights some of the issues and challenges of migrating ERP solutions to the cloud. The document examines common security and privacy risks that organizations might incur during a transition to the cloud, as well as how organizations have mitigated these hazards.

Release Date: February 07, 2018

Quantum-Safe Security Awareness Survey

Release Date: January 26, 2018

Cloud Security for Startups

Release Date: November 20, 2017

Top Threats to Cloud Computing Plus: Industry Insights

Abstract: The Top Threats to Cloud Computing Plus: Industry Insights serves as a validation of the relevance of security issues discussed in the earlier document as wells as provides references and overviews of these incidents. In total, 21 anecdotes and examples are featured in the document. The references and overview of each anecdote and example…

Release Date: October 20, 2017

Improving Metrics in Cyber Resiliency

Release Date: August 30, 2017

The State of Enterprise Resource Planning Security in the Cloud

Description: The State of ERP Security in the Cloud briefly highlights some of the issues and challenges of migrating ERP solutions to the cloud. The document examines common security and privacy risks that organizations might incur during a transition to the cloud, as well as how organizations have mitigated these hazards.

Release Date: February 07, 2018

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.