Mission Statement

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more

Latest News

April 23, 2018

National Technology Security Coalition (NTSC) and Cloud Security Alliance (CSA) Partner to Improve Cloud Computing Security

ATLANTA, GA (April 23, 2018) – The National Technology Security Coalition (NTSC) and the Cloud Security Alliance (CSA) announced a partnership to advance cloud computing security at the RSA Conference’s CSA Summit on Monday, April 16. Pete Chronis, CISO of Turner and an NTSC Board Member, announced the partnership during his talk “The CISOs’ role…

April 19, 2018

Cloud Security Alliance’s Newest Research Report Examines a Day Without Safe Cryptography

What would happen to our daily lives if our most commonly used methods of encryption were to suddenly disappear? SEATTLE, WA and SAN FRANCISCO, CA – RSA Conference Booth #1039 – April 19, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help…

April 17, 2018

GDPR Preparation and Challenges Survey Report Explores Overall Industry Preparedness in Achieving Compliance

Eighty-three percent of companies lack confidence in their ability to meet May 25 deadline SEATTLE, WA and SAN FRANCISCO, CA – RSA Conference Booth #1039 – April 17, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing…

April 16, 2018

Cloud Security Alliance Releases New Research: Building a Foundation for Successful Cyber Threat Intelligence Exchange

Paper offers key considerations for corporations seeking to collaborate on security incidents impacting the cloud environment SEATTLE, WA and SAN FRANCISCO, CA – RSA Conference Booth #1039 – April 16, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure…

April 16, 2018

Cloud Security Alliance Global Enterprise Advisory Board Publishes State of Cloud Security 2018

Report outlines what must happen to speed the secure cloud adoption process between the enterprises, cloud service providers, and regulators. SEATTLE, WA and SAN FRANCISCO, CA – RSA Conference Booth #1039 – April 16, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to…

April 04, 2018

CSA Cloud Security Congress 2018 to Be Held in Orlando 

Call for speakers is now open for the industry’s leading cloud security event SEATTLE, WA – April 4, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is pleased to announce that it will hold its Cloud Security Alliance Congress North…

March 21, 2018

CCSK obtains course mapping approval under IMDA’s CITREP+ Programme

Singaporeans can now receive subsidies for CCSK training SINGAPORE – March 21, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is pleased to announce that its Certificate of Cloud Security Knowledge (CCSK) course has successfully completed…

March 08, 2018

Co-chair Needed for the Quantum-Safe Security Working Group

The Cloud Security Alliance’s Quantum-Safe Security Working Group is seeking a new co-chair to lead the working groups initiatives on cryptographic methods that will remain safe after the widespread availability of the quantum computer. These volunteer positions will have a one-year term commitment at minimum. The co-chair works in collaboration with the CSA Research Team…

See all news

Press Coverage

Recent Blog Posts

April 24, 2018

CCSK vs CCSP: An Unbiased Comparison

By Graham Thompson, CCSK, CCSP, CISSP, Authorized Trainer, Intrinsec Security Introduction CCSK vs CCSP–I’m commonly asked two questions whenever someone discovers I’m an instructor for both the Cloud Security Alliance CCSK and (ISC)2 CCSP courses: 1 – “What’s the difference between the two certifications?” 2 – “How hard is the CCSK...

April 20, 2018

GDPR Is Coming: Will the Industry Be Ready?

By Jervis Hui, Senior Product Marketing Manager, Netskope With the impending May 25, 2018, date for GDPR compliance coming up, Netskope worked with the Cloud Security Alliance (CSA) to survey IT and security professionals for a recently released report covering GDPR preparation and challenges. According to one of our recent Netskope...

April 19, 2018

Imagine a Day Without Safe Cryptography

By Jeffrey Ritter, Visiting Fellow, Kellogg College, University of Oxford Every security professional, at one time or another (or at many times), confronts executive opposition to changing technology. We all know that every innovation in technology requires adaptations in the security services, introducing new costs tied to shifts in equipment,...

April 16, 2018

Building a Foundation for Successful Cyber Threat Intelligence Exchange: A New Guide from CSA

By Brian Kelly, Co-chair/Cloud Cyber Incident Sharing Center (CISC) Working Group, and CSO/Rackspace No organization is immune from cyber attack. Malicious actors collaborate with skill and agility, moving from target to target at a breakneck pace. With new attacks spreading from dozens of companies to a few hundred within a...

April 16, 2018

Speeding the Secure Cloud Adoption Process

By Vinay Patel, Chair, CSA Global Enterprise Advisory Board, and Managing Director, Citigroup Innovators and early adopters have been using cloud for years, taking advantage of the quicker deployment, greater scalability, and cost saving of services. The growth of cloud computing continues to accelerate, offering more solutions with added features...

April 12, 2018

Cloud Security and Compliance Is a Shared Responsibility

By Gail Coury, Chief Information Security Officer, Oracle Cloud Organizations around the world are ramping up to comply with the European Union’s General Data Protection Regulation (GDPR), which will be enforced beginning on May 25, 2018, and each must have the right people, processes and technology in place to comply or else...

April 09, 2018

The Early Bird Gets the Virus

By Kevin Lee, Systems QA Engineer, Bitglass Most people have heard of the proverb, “The early bird gets the worm.” The part that many haven’t heard is the followup, “But the second mouse gets the cheese.” The latter proverb makes a lot of sense when you apply it to the current...

April 05, 2018

Five Reasons to Reserve Your Seat at the CCSK Plus Hands-on Course at RSAC 2018

By Ryan Bergsma, Training Program Director, Cloud Security Alliance The IT job market is tough and it’s even tougher to stand out from the pack, whether it’s to your current boss or a prospective one. There is one thing, though, that can put you head and shoulders above the rest—achieving...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Downloads

A Day Without Safe Cryptography

Release Date: April 19, 2018

State of Cloud Report

Release Date: April 16, 2018

The State of Enterprise Resource Planning Security in the Cloud

Description: The State of ERP Security in the Cloud briefly highlights some of the issues and challenges of migrating ERP solutions to the cloud. The document examines common security and privacy risks that organizations might incur during a transition to the cloud, as well as how organizations have mitigated these hazards.

Release Date: February 07, 2018

Quantum-Safe Security Awareness Survey

Release Date: January 26, 2018

Cloud Security for Startups

Release Date: November 20, 2017

A Day Without Safe Cryptography

Release Date: April 19, 2018

State of Cloud Report

Release Date: April 16, 2018

The State of Enterprise Resource Planning Security in the Cloud

Description: The State of ERP Security in the Cloud briefly highlights some of the issues and challenges of migrating ERP solutions to the cloud. The document examines common security and privacy risks that organizations might incur during a transition to the cloud, as well as how organizations have mitigated these hazards.

Release Date: February 07, 2018

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.