Events Around the Corner
Learn more about all upcoming CSA events at https://csacongress.org/.
To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more
Learn more about all upcoming CSA events at https://csacongress.org/.
January 13, 2017
The Cloud Security Alliance would like to invite you to review and comment on the proposed Cloud Security Services Management Working Group Charter. It is well acknowledged that collaboration and coordination among all stakeholders are critical to secure the cloud platform, therefore there is a need to build and manage cloud security services within the…
January 13, 2017
The Cloud Security Alliance would like to invite you to review and comment on a proposed Cloud Component Specifications Working Group Charter. The working group aims to look at security of Cloud computing at a component level – e.g. hypervisor, virtual desktop infrastructure (VDI) platforms, cloud dedicated firewall and so on. This working group will…
January 13, 2017
General Keith Alexander of IronNet Cybersecurity and Robert Herjavec of Herjavec Group to Keynote at this Year’s Event. Registration Now Open. San Francisco, CA – January 13, 2017 – RSA Conference 2017 — The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a…
December 29, 2016
Rigorous Third Party Independent Assessment To Validate Company’s Security Posture SEATTLE, WA – December 28, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that Behavox, the specialist AI enterprise software company offering compliance…
December 23, 2016
The Cloud Security Alliance’s Big Data Working Group is seeking new co-chairs to develop and maintain a research portfolio providing capabilities to lead the crystallization of best practices for security and privacy in big data, help industry and government on adoption of best practices, establish liaisons with other organizations in order to coordinate the development…
December 21, 2016
Closing Date: Jan 13th, 2017 The Cloud Security Alliance would like to invite you to review and comment on 12 Domains of the CSA’s Security Guidance for Critical Areas of Focus in Cloud Computing. This document acts as a practical, actionable roadmap to individuals looking to safely and securely adopt the cloud paradigm. This is…
December 10, 2016
Public Cloud Workloads Survey Time: 15-20 minutes Closing Date: Jan 9th, 2017 Prizes: 5 CCSK Tokens Go to Survey Abstract: Despite a wide range of commercial software applications, many enterprises still have unique requirements they fulfill with custom, internally developed applications. For example, an airline may develop its own scheduling application for pilots and flight…
November 30, 2016
It could take months to know what the Trump administration’s cybersecurity policy will be. Cyber-defense experts weigh in with advice and best practices for securing your company today. November 28, 2016, 10:15 AM PST From Katie Lewin – Federal Director, Cloud Security Alliance Historically when the executive and legislative branches of the federal government are…
IT Business Edge | November 23, 2016
Data Center Knowledge | November 23, 2016
MSP Mentor | November 23, 2016
The Hindu Business Line | November 23, 2016
Business Standard | November 23, 2016
Help Net Security | November 18, 2016
RCR Wireless | November 17, 2016
Network World | November 15, 2016
Executive Blog | November 15, 2016
Bob's Guide | November 09, 2016
Active Telecoms | November 03, 2016
The Whir | November 02, 2016
Research and Markets | October 28, 2016
Security Systems News | October 26, 2016
Info World | October 26, 2016
CSC Blogs | October 24, 2016
Tech News World | October 13, 2016
The Register | October 13, 2016
Government Technology Magazine | October 13, 2016
Christian Science Monitor | October 13, 2016
January 12, 2017
By Jeremy Zoss, Managing Editor, Code42 Lightning may not strike twice, but cybercrime certainly does. The latest example: A year after the major hack of the U.S. Office of Personnel Management (OPM), cyber criminals are again targeting individuals impacted by the OPM breach with ransomware attacks. In the new attack, a...
January 06, 2017
By Ajmal Kohgadai, Product Marketing Manager, Skyhigh Networks As enterprises continue to migrate their on-premises IT infrastructure to the cloud, they often find that their existing threat protection solutions aren’t sufficient to consistently detect threats that arise in the cloud. While security information and event management (SIEM) solutions continue to rely...
December 22, 2016
By Laurie Kumerow, Consultant, Code42 On Black Friday, a hacker hit San Francisco’s light rail agency with a ransomware attack. Fortunately, this story has a happy ending: the attack ended in failure. So why did it raise the hairs on the back of our collective neck? Because we fear that...
December 19, 2016
By Nigel Hawthorn, Skyhigh Networks, EMEA Marketing Director Data breaches are happening all the time; often they hit the news for a short while then they are replaced with the latest list of victims, so we thought we’d review a data breach from a year ago and look back at...
December 15, 2016
By Jeremy Zoss, Managing Editor, Code42 If one of your employees gets duped into transferring money or securities in a phishing scam, don’t expect your cyber insurance policy to cover it. And even your crime policy won’t cover it unless you purchase a specific social engineering endorsement. Many companies have learned...
December 14, 2016
By Tolga Erbay, Senior Manager, Security Risk and Compliance, Dropbox In early 2014 Dropbox joined the Cloud Security Alliance (CSA). Working with the CSA is an important part of Dropbox’s commitment to security and transparency. In June of 2014 Dropbox achieved Level 1 Certification through STAR, the CSA’s publicly available registry,...
December 09, 2016
By Lance Logan, Manager/Global Marketing Program, Code42 For the second year in a row, IBM’s Fletcher Previn wowed the audience at the JAMF user conference with impressive statistics on how the company’s growing Mac-based workforce is delivering dramatic and measurable business value. IBM expects Macs to save $26M in IT costs...
December 05, 2016
By Jamie Tischart, CTO Cloud/SaaS, Intel Security The world is awash in DevOps, but what does that really mean? Although DevOps can mean several things to different individuals and organizations, ultimately it is about the cultural and technical changes that occur to deliver cloud services in a highly competitive environment....
The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.
The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.
All of our past newsletters are available online for your convenience.
Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…
Release Date: June 06, 2016
Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”
Release Date: February 01, 2016
A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.
Release Date: September 18, 2014
The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.
Release Date: February 25, 2013
The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.
Release Date: February 24, 2013
Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.
Release Date: November 08, 2012
The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.
Release Date: November 14, 2011
Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.
Release Date: September 01, 2011
The “State on Cloud Adoption and Security in 2016: India” survey was circulated in an effort to understand and evaluate cloud computing trends in India. We hope to understand cloud adoption plans and usage from different industries in India and how cloud adoption can have an impact on organization business strategies and plans. This report…
Release Date: November 22, 2016
We circulated the “Financial Services Industry Cloud Adoption Survey: China” survey to IT and security professionals in the Financial Services Institutions (FSIs) in China. The goal was not only to raise awareness around Cloud service adoption, but also to provide insight into how finance, government, insurance, and security decision makers take action in their organization…
Release Date: October 28, 2016
Release Date: October 27, 2016
As a follow up to the Top Threats in Cloud Computing and from the months of May to July 2016 we surveyed approximately 100 professionals on the extent of the following: Employees leaking critical information and tradecraft on illicit sites Data types and formats being exfiltrated along with exfiltration mechanisms Why so many data threats…
Release Date: October 19, 2016
With several years of cloud adoption in organizations, approaches to security have been evolving rapidly. To dig deeper into these concerns and the controls being used to mitigate both sanctioned and unsanctioned cloud security risks, the Cloud Security Alliance and Bitglass conducted a survey of 176 IT security leaders. Respondents revealed that visibility and control…
Release Date: August 17, 2016
The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications. MAST aims define a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and…
Release Date: June 30, 2016