MISSION STATEMENT

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.

Learn More

Latest News

March 05, 2015

Cloud Security Alliance New Survey Finds Financial Firms are in Search of a Cloud Strategy

Hybrid Cloud Adoption is Preferred; Control and Security of Data is Top Concern Seattle, WA –March 5, 2015 – Many financial firms are slowly putting more stock in the cloud. That’s a key finding from a new Cloud Security Alliance (CSA) survey, titled How Cloud is Being Used in the Financial Sector. The survey targeted…

March 02, 2015

Cloud Security Alliance Announces Release of Security Framework for Governmental Clouds

Report jointly developed by CSA, ENISA and TU Darmstadt Provides Step-by-Step Approach for the Procurement and Secure Use of Cloud Services Edinburgh, UK – March 2, 2015 – The Cloud Security Alliance (CSA), announces the release of a new report aimed at providing guidance to European Member States on how to develop a security framework…

February 24, 2015

The International Association of Privacy Professionals and Cloud Security Alliance Announce Privacy. Security. Risk. 2015 Conference and Call for Speaker Proposals

The IAPP’s Privacy Academy and CSA Congress present P.S.R., two conferences with one powerhouse program to connect privacy and security professionals Portsmouth, NH – February 23, 2015 – The International Association of Privacy Professionals (IAPP), the largest organization of privacy professionals in the world, and the Cloud Security Alliance (CSA), a not-for-profit organization with a…

Latest In Research

January 09, 2015

Cloud Security Alliance New Survey Finds Companies are in the Dark on Shadow IT Usage

Security of Data in the Cloud Now an Executive-Level Concern; Skills Gap an Added Barrier to Cloud Adoption

December 09, 2014

Survey Opportunity: CloudWATCH Cloud Certifications guidelines

Share your experience and help us recommend security and privacy certifications to cloud customers, service providers & policy.

October 24, 2014

CSA Seeks Input on Open Peer Review: CSA Quantum-Safe Security Working Group Charter

The focus of the Quantum‐Safe Security working group is on cryptographic methods that will remain safe after the widespread availability of the quantum computer.

certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud. Learn More

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training. Learn More

Downloads

Top Downloads
Latest Downloads

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Download

Consensus Assessments Initiative Questionnaire v3.0.1

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0″

Release Date: July 11, 2014

Download

Cloud Controls Matrix v3.0.1

New and updated mappings, consolidation of redundant controls, rewritten controls for clarity of intent, STAR enablement, and SDO alignment.

Release Date: July 11, 2014

Download

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Download

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Download

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Download

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Download

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Download

Cloud Adoption In The Financial Services Sector Survey

Release Date: March 05, 2015

Download

Cloud Adoption Practices & Priorities Survey Report

Release Date: January 09, 2015

Download

AOSSL and CCM Technote

Release Date: December 18, 2014

Download

Quantum-Safe Security Working Group Charter

Charter outlining the purpose and operations of the Quantum-Safe Security Working Group.

Release Date: December 12, 2014

Download

Privacy Level Agreement Europe, v.2

An updated PLA for Europe.

Release Date: December 04, 2014

Download

Big Data Taxonomy

Release Date: September 18, 2014

Download

Cloud Usage: Risks and Opportunities Survey Report

Release Date: September 15, 2014

Download

Data Protection Heat Index Survey Report

Release Date: September 12, 2014

Download

Consensus Assessments Initiative Questionnaire v3.0.1 Info Sheet

Release Date: July 29, 2014

Download

Cloud Controls Matrix v3.0.1 Info Sheet

Release Date: July 29, 2014

Download

Security, Trust

& Assurance Registry

STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.

STAR Information
STAR Registry Entries
STAR Submission Form

Welcome New Members

The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:

Kronos
Palerra
Inspur
Battelle
EMC

View all Members

Translate CSA

Get Involved

Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing.

Upcoming Events

CSA CEE Summit 2015

We are delighted to announce 3rd annual CSA CEE SUMMIT for cloud security professionals: https://csa-cee-summit.eu/

CSA Summit 2015: Enterprise Cloud Adoption and Security Lessons Learned

Monday, April 20, 2015, 9:00am to 12:00pm in Moscone Center West: Room 2014, San Francisco, CA CSA Summit Website Cloud computing is now a mission critical part of the enterprise. Join us for CSA Summit 2015 to discover lessons learned from enterprise experts in securing their clouds and achieving compliance objectives. A global list of...

CSA Federal Summit

May 5, 2015, Washington, DC Featuring Bob Flores, former CTO, CIA presenting “CSA Software Defined Perimeter Initiative”, the program will cover Cloud Computing in the DoD, Enterprise Lessons Learned, Mobile Security and FedRAMP among other topics. Attendance for this full-day conference is free for government. For more information visit: CSA Federal Summit Website

CSA ASEAN Summit 2015

June 10-12, 2015, Bangkok, Thailand SAVE THE DATE: More information to be posted shortly.

CSA Norway Summer Conference

June 15, 2015, Oslo, Norway Annual Conference Focus on strategy and business use of security and cloud Targets: Norway and the Nordics Largest CISO/Security Strategy focused conference Community driven The One Conference to attend 4 Parallel tracks Conference site

CSA Taiwan Congress 2015

June 29-July 1, 2015, Taipei, Taiwan SAVE THE DATE: More information to be posted shortly.

CSA Summit Singapore

July 21, 2015, Singapore Cloud Security Alliance brings its signature CSA Summit to the RSA Conference APJ in Singapore on July 21, 2015. Cloud computing is now a mission critical part of the enterprise. Join us to learn how cloud is being secured globally and in Asia. Summit attendees will discover lessons learned from enterprise...

CSA Congress US

CSA Congress at the Privacy. Security. Risk. Conference September 29 – October 1, 2015, Las Vegas, NV Now accepting speaker proposals! The deadline for submissions is March 13th. Click here for Speaker Guidelines & Submissions Pre-register between now and April 30th and save $200 off Early Bird rates—that’s $400 off of the regular main conference...

CSA Congress EMEA

November 17 – 20, 2015 Berlin, Germany SAVE THE DATE: More information to be posted shortly.

View all Upcoming Events