Mission Statement

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more

Check out our calendar of upcoming CCSK & CCM training courses

Latest News

February 13, 2017

Cloud Security Alliance Establishes New Third-Party Consultancy Program to Ensure Best Practices in Secure Cloud Implementation

CSA Names Optiv As First Certified Provider for New Program SAN FRANCISCO, CA – February 13, 2017 – RSA Conference 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the formation of the CSA Global…

February 13, 2017

Cloud Security Alliance Releases New Software Defined Perimeter for Infrastructure-as-a-Service Research

New Report Outlines How SDP Can Be Applied to Infrastructure-as-a-Service Environments, Including Requirements, Benefits and Key Use Cases SAN FRANCISCO, CA – February 13, 2017 – RSA Conference 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment,…

February 13, 2017

Cloud Security Alliance Announces General Availability of STARWatch Cloud Security Management Application

Compliance Management SaaS Application Formally Launches Boasting More than 250 Active Users SAN FRANCISCO – February 13, 2017 – RSA Conference 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the launch of STARWatch, a…

January 25, 2017

Reviewers Needed: Security Guidance for Critical Areas of Mobile Computing

Dear Colleagues, The Mobile Working Group is updating the document entitled “Security Guidance for Critical Areas of Mobile Computing” last published in 2012. To streamline the updating process, we are opening a peer review of the 2012 document. We are looking for SMEs to provide feedback on the content or sections that need updating, deleting,…

January 25, 2017

CSA’s Mobile Working Group Seeking New Co-Chair

The Cloud Security Alliance’s Mobile Working Group is seeking new co-chairs to develop and maintain a research portfolio providing capabilities to lead the crystallization of best practices for mobile security, help industry and government on adoption of best practices, establish liaisons with other organizations in order to coordinate the development of mobile security standards, and…

January 13, 2017

Open Peer Review: Cloud Security Services Management Working Group Charter

The Cloud Security Alliance would like to invite you to review and comment on the proposed Cloud Security Services Management Working Group Charter. It is well acknowledged that collaboration and coordination among all stakeholders are critical to secure the cloud platform, therefore there is a need to build and manage cloud security services within the…

January 13, 2017

Open Peer Review: Cloud Component Specifications Working Group Charter

The Cloud Security Alliance would like to invite you to review and comment on a proposed Cloud Component Specifications Working Group Charter. The working group aims to look at security of Cloud computing at a component level – e.g. hypervisor, virtual desktop infrastructure (VDI) platforms, cloud dedicated firewall and so on. This working group will…

January 13, 2017

Securing the Converged Cloud Takes Center Stage at the Cloud Security Alliance’s Annual CSA Summit at RSA Conference 2017

General Keith Alexander of IronNet Cybersecurity and Robert Herjavec of Herjavec Group to Keynote at this Year’s Event. Registration Now Open. San Francisco, CA – January 13, 2017 – RSA Conference 2017 — The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a…

See all news

Press Coverage

IT Business Edge | November 23, 2016

CSA Trials SaaS App for Assessing Cloud Security

Data Center Knowledge | November 23, 2016

Report: SaaS Dominates Cloud Usage in India

MSP Mentor | November 23, 2016

IoT and the Cloud: What to Watch Out For

The Hindu Business Line | November 23, 2016

62% companies on cloud for less than two years: survey

Business Standard | November 23, 2016

Instasafe, CSA release “State of Cloud Adoption and Security in India” survey report

Help Net Security | November 18, 2016

New infosec products of the week: November 18, 2016

RCR Wireless | November 17, 2016

Security remains significant hurdle for industry cloud efforts

Network World | November 15, 2016

Goodbye, NAC. Hello, software-defined perimeter

Executive Blog | November 15, 2016

Vormetric’s Wayne Lewandowski: Cloud Encryption Gateways Can Help Agencies Address Cloud Security Issues

Bob's Guide | November 09, 2016

How can financial services firms prevent costly cloud data breaches?

Active Telecoms | November 03, 2016

Cloud adoption by financial services in China past the tipping point

The Whir | November 02, 2016

Smart Card Alliance Calls for Stronger IoT Security in Wake of DDoS Attacks

Research and Markets | October 28, 2016

CSA’S IOT SECURITY REPORT

Security Systems News | October 26, 2016

Securing IoT

Info World | October 26, 2016

Forrester: OpenStack, AWS are today’s cloud ‘safe bets’

CSC Blogs | October 24, 2016

The Dyn DNS attacks: What we know now

Tech News World | October 13, 2016

IoT Could Become Playground for Botnets Gone Wild

The Register | October 13, 2016

Devs! Here’s how to secure your IoT network, in, uh, 75 easy pages

Government Technology Magazine | October 13, 2016

New Guide Offers Advice on Securing Internet of Things Products

Christian Science Monitor | October 13, 2016

Your home might be secretly carrying out cyberattacks

See all press

Recent Blog Posts

February 22, 2017

The Growth of Macs in the Enterprise Is Challenging the PC’s Dominance

By Jeremy Zoss, Managing Editor, Code42 The PC has long been the default choice for business computers, but perhaps not for much longer. The growth of Macs in the enterprise has been exponential in recent years, as illustrated by the infographic below. For context on why Macs are growing in popularity...

February 14, 2017

Avoid the Heartbreak of Insider Threat

By Ashley Jarosch, Manager/Marketing Programs, Code42 While everyone else is celebrating love and romance this Valentine’s Day, here at Code42 we’re reflecting on heartbreak—specifically, the heartbreak of insider threat. The Heartbreak and Betrayal of Insider Threat It’s a feeling anyone in the enterprise world is familiar with. Someone you trust—someone you...

February 13, 2017

The New CSA Consultancy Program Will Ensure Best Practices in Secure Cloud Implementation

By Daniele Catteddu, Chief Technology Officer, CSA As increasing numbers of enterprises begin the move to the cloud in earnest, there has simultaneously developed a host of third-party consultancy firms, offering guidance on cloud technology best practices and implementation. Recognizing that there is a genuine need for a trusted network,...

February 13, 2017

New Security Research – the Software-Defined Perimeter for the Cloud

By Jason Garbis, Vice President of Products, Cryptzone On behalf of the Cloud Security Alliance, I’m pleased to announce the publication of our newest security research from the Software Defined Perimeter (SDP) Working Group, exploring how the SDP can be applied to Infrastructure-as-a-Service environments. Thanks to all the people who commented...

February 13, 2017

3-2-1, Takeoff. The STARWatch Cloud Security Management Application Has Launched

By Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance Compliance, assurance and vendor management are becoming more and more complex and resource-intensive issues, so we created STARWatch, a Software as a Service (SaaS) application designed to provide organizations a centralized way to manage and maintain the integrity of the vendor...

January 30, 2017

On Data Privacy Day, Keep Your Data Safe by Identifying the Threats

By Rick Orloff, Chief Security Officer, Code42 Saturday, January 28th was Data Privacy Day. We’re proud champions of the National Cyber Security Alliance’s focused effort on protecting privacy and safeguarding data. But at Code42, we know that one day isn’t enough. We dedicate an entire month each year to reaffirm our critical...

January 25, 2017

CSA releases Quantum-Safe Security Glossary

The Cloud Security Alliance’s Quantum-Safe Security (QSS) Working Group announces their latest release with the Quantum-Safe Security Glossary. The QSS Working Group was formed to address key generation and transmission methods and to help the industry understand quantum-safe methods for protecting networks and data. The working group is focused on...

January 20, 2017

STAR- A Window to the Cloud

By Raj Samani, Chief Technology Officer/EMEA, Intel Security We are all going to live in the cloud. Well that is what every study, and forecast tells us. From our clash of clans villages, to our connected cars we can expect all of our data to be hosted in an unmarked data center...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Newsletter Archive

All of our past newsletters are available online for your convenience.

Read them here

Downloads

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Applied Quantum Safe Security

Applied Quantum Safe Security

Release Date: February 15, 2017

SDP for IaaS

SDP for IaaS

Release Date: February 13, 2017

Quantum Safe Security Glossary

Quantum Safe Security Glossary

Release Date: January 24, 2017

SaaS Governance Working Group Charter

SaaS Governance Working Group Charter

Release Date: January 12, 2017

Cloud Adoption and Security in India

Cloud Adoption and Security in India

The “State on Cloud Adoption and Security in 2016: India” survey was circulated in an effort to understand and evaluate cloud computing trends in India. We hope to understand cloud adoption plans and usage from different industries in India and how cloud adoption can have an impact on organization business strategies and plans. This report…

Release Date: November 22, 2016

Cloud Adoption Practices & Priorities in the Chinese Financial Sector

Cloud Adoption Practices & Priorities in the Chinese Financial Sector

We circulated the “Financial Services Industry Cloud Adoption Survey: China” survey to IT and security professionals in the Financial Services Institutions (FSIs) in China. The goal was not only to raise awareness around Cloud service adoption, but also to provide insight into how finance, government, insurance, and security decision makers take action in their organization…

Release Date: October 28, 2016

Defeating Insider Threats

Defeating Insider Threats

As a follow up to the Top Threats in Cloud Computing and from the months of May to July 2016 we surveyed approximately 100 professionals on the extent of the following: Employees leaking critical information and tradecraft on illicit sites Data types and formats being exfiltrated along with exfiltration mechanisms Why so many data threats…

Release Date: October 19, 2016

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.