Latest News

10/10/2018

Cloud Security Alliance Releases Guidelines on Effectively Managing Security Service in the Cloud

Newest paper offers clearly defined security responsibilities for vendors, customers across various cloud-service modelsSINGAPORE – October 11, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a...

09/27/2018

Cloud Security Alliance Establishes New European Headquarters, GDPR Center of Excellence in Berlin

Berlin, Germany – Sept. 27, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced that in response to rapid membership growth throughout the...

09/25/2018

Cloud Security Alliance Announces Speakers, Sessions 
for 8th Annual CSA Congress

Keynote presenters from the United Nations, Turners Broadcasting, Qualys and Arizona State to discuss global governance, the threat landscape and security innovations that address new cloud security frontiers Seattle, WA – Sept. 25, 2018 – The Cloud Security Alliance (CSA), the world’s lead...

08/20/2018

Cloud Security Alliance Releases Malaysia Financial Sector Cloud 
Adoption Report

Survey offers insight into areas of cloud adoption, IT security budgets, cloud computing, cyber security skills KUALA LUMPUR, MALAYSIA – August 20, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to hel...

08/08/2018

CSA Releases Top Threats to Cloud Computing: Deep Dive

Paper identifies chief cloud security risks, how they fit in a greater security analysis BLACKHAT LAS VEGAS – AUGUST 8, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure clou...

08/07/2018

CSA, OWASP Issue Updated Guidance for Secure Medical 
Device Deployment

Report includes enhanced sections on purchasing and mechanism controls, as well as relevant FDA guidance BLACKHAT LAS VEGAS – AUGUST 7, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure...

06/12/2018

Cloud Security Alliance Issues Recommendations on Firmware Integrity 
in the Cloud Data Center

Group calls for more standardization from hardware manufacturers to improve security SEATTLE, WA – JUNE 12, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing env...

06/07/2018

Volunteers Needed: Application Containers and Microservices Working Group

The CSA Application Containers and Microservices Working Group is searching for volunteers to participate in the development of whitepapers on best practices and challenges in securing containers and microservices. If you are interested in being part of these projects, please sign up for the wo...

06/05/2018

Cloud Security Alliance Issues Code of Conduct Self-Assessment and Certification Tools for GDPR Compliance

New mechanisms offer vested parties structured, transparent path to meeting personal data protection requirements SEATTLE, WA and LONDON – JUNE 5, 2018 – InfoSecurity Europe Conference - The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, cert...

05/29/2018

Open Survey: Enterprise Resource Planning and Cloud Adoption Survey

In February, the Cloud Security Alliance released ”The State of ERP Security in the Cloud” to provide IT and management professionals with a sound overview of cloud security for ERP systems. The following survey will attempt to better understand cloud preparation and migration, features and benef...

See all news

Press Coverage

Security Boulevard |October 16, 2018

Using Application Analytics to Achieve Security at Scale

MobiHealthNews |October 15, 2018

Why healthcare data may be more secure with cloud computing

Security Boulevard |October 12, 2018

CCSP Domain 5: Operations

Security Boulevard |October 12, 2018

CCSP Domain 6: Legal and Compliance

Forbes |October 11, 2018

How To Secure Your Data In The Cloud

Security Boulevard |October 11, 2018

CCSP Domain 3: Cloud Platform and Infrastructure Security

IT World |October 11, 2018

What is enterprise risk management? How to put cybersecurity threats into a business context

Mobile Health News |October 11, 2018

Securing legacy medical devices is daunting – but not optional

Security Boulevard |October 10, 2018

CCSP Domain 4: Cloud Application Security

Security Boulevard |October 10, 2018

CCSP Domain 3: Cloud Platform and Infrastructure Security

Security Boulevard |October 10, 2018

CCSP Domain 2: Cloud Data Security

Security Boulevard |October 10, 2018

CCSP Domain 1: Architectural Concepts & Design Requirements

SDxCentral |October 09, 2018

Will Cloud Security Expansion Lift Symantec Back Into the Black?

SC Magazine |October 01, 2018

Shifting the policy on cyberwar

SC Magazine |October 01, 2018

SaaS application security architectures are broken

California Patch |October 01, 2018

What a CIO Needs to Know About Cloud Security – San Francisco, CA Patch

Tech Beacon |October 01, 2018

5 GDPR compliance tips for your IT Ops team

Nebraska Latino News |September 28, 2018

Cloud Security Alliance abre una nueva sede en Europa, el Centro de Excelencia en materia de RGPD en Berlín

Global Energy Media |September 28, 2018

Cloud Security Alliance gründet neue europäische Zentrale, das GDPR Center of Excellence in Berlin

Intelligent CIO |September 27, 2018

Cloud Security Alliance establishes new European headquarters in Berlin

See all press coverage

Recent Blog Posts

October 17, 2018

Office 365 Security: It Takes Two to Tango

Many cloud apps – including Office 365 – operate under a shared responsibility model. Here’s what that means for your company By Beth Stackpole, Feature Writer, Symantec Security concerns, once a long-standing hurdle to cloud deployment, may be on the wane, but the issue is still very much alive when it comes to cloud-based applications […]


October 16, 2018

Guideline on Effectively Managing Security Service in the Cloud

By Dr. Kai Chen, Director of Cybersecurity Technology, Huawei Technologies Co. Ltd. The cloud computing market is growing ever so rapidly. Affordable, efficient, and scalable, cloud computing remains the best solution for most businesses, and it is heartening to see the number of customers deploying cloud services continue to grow. From the beginning of cloud’s […]


October 15, 2018

How Can the Financial Industry Innovate Faster?

By Peter HJ van Eijk, Head Coach and Cloud Architect, ClubCloudComputing.com How can the financial industry innovate faster? Why do non-technical people need to have a basic understanding of cloud technology? Imagine this scenario. Davinci is a company providing a SaaS solution to banks to process loans and mortgage applications. Davinci runs its own software […]


October 9, 2018

CCSK in the Wild: Survey of 2018 Certificate Holders

Even as more organizations migrate to the cloud, there’s still a concern as to how well those cloud services are being secured. According to an article by Forbes “66% of IT professionals say security is their greatest concern in adopting a cloud computing strategy.” As you embark on your quest to fill this skills gap, […]


October 8, 2018

Software-Defined Perimeter Architecture Guide Preview: Part 4

Part 4 of a four-part series By Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc. Over the past three blog posts on this topic, we’ve provided an overview of the Software-Defined Perimeter (SDP) Architecture Guide, including its outline, core SDP concepts, and a summary of SDP benefits. In this, our final preview blog on the […]


September 28, 2018

CVE and Cloud Services, Part 2: Impacts on Cloud Vulnerability and Risk Management

By Victor Chin, Research Analyst, Cloud Security Alliance, and Kurt Seifried, Director of IT, Cloud Security Alliance This is the second post in a series, where we’ll discuss cloud service vulnerability and risk management trends in relation to the Common Vulnerability and Exposures (CVE) system. In the first blog post, we wrote about the Inclusion […]


September 20, 2018

Recommendations for IoT Firmware Update Processes: Addressing complexities in a vast ecosystem of connected devices

By Sabri Khemissa, IT-OT-Cloud Cybersecurity Strategist,Thales Traditionally, updating software for IT assets involves three stages: analysis, staging, and distribution of the update—a process that usually occurs during off-hours for the business. Typically, these updates apply cryptographic controls (digital signatures) to safeguard the integrity and authenticity of the software. However, the Internet of Things (IoT), with its […]


September 19, 2018

PCI Compliance for Cloud Environments: Tackle FIM and Other Requirements with a Host-Based Approach

By Patrick Flanders, Director of Marketing, Lacework Compliance frameworks and security standards are necessary, but they can be a burden on IT and security teams. They provide structure, process, and management guidelines that enable businesses to serve customers and interoperate with other organizations, all according to accepted guidelines that facilitate a better experience for end […]


September 18, 2018

Software-Defined Perimeter Architecture Guide Preview: Part 3

Part 3 in a four-part series By Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc. Thanks for returning for our third blog posting, providing a preview of the forthcoming Software-Defined Perimeter (SDP) Architecture Guide. In this article, we’re focusing on the “Core SDP Concepts” section of the document, which introduces the underlying principles of SDP, […]


September 14, 2018

Pwned Passwords – Have Your Credentials Been Stolen?

By Paul Sullivan, Software Engineer, Bitglass Data breaches now seem to be a daily occurrence. In recent months, Have I Been Pwned (HIBP) introduced  Pwned Passwords, which allows you to securely check your password against a database of breach data. There are over 280 breaches in the database, and that’s only the tip of the iceberg. Breaches aren’t just a problem for the users who lose their data, but for […]


Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Research Artifacts

Cloud Key Management Charter

Cloud Key Management Charter

Description: The Cloud Key Management Working Group will facilitate the standards for seamless integration between CSPs and Key Broker vendor platforms. It will ensure that enterprise key policies are standardized and implemented in a consistent manner, and that standardization will take place across key management lifecycle operations and a common set of APIs.
Ten Most Critical Risks for Serverless Applications

Ten Most Critical Risks for Serverless Applications

The “Ten Most Critical Risks for Serverless Applications v1.0” document is meant to serve as a security awareness and education guide. The document is curated and maintained by top industry practitioners and security researchers with vast experience in application security, cloud and serverless architectures.
Guidance v4 Info Sheet

Guidance v4 Info Sheet

Description: This version, the first major update since 2011, is the culmination of over a year of dedicated research and public participation from the CSA community, working groups, and the public at large. The Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing acts as a practical, actionable roadmap for individuals and organizations looking to safely and securely adopt the cloud paradigm.
Guideline on Effectively Managing Security Service in the Cloud

Guideline on Effectively Managing Security Service in the Cloud

This initiative aims to develop a research whitepaper, focusing on building up a cloud security services management platform. This whitepaper will serve as a guideline for cloud service providers to secure its cloud platform and provide cloud security services to cloud users, for cloud users to select security qualified cloud service providers, for security vendors to develop their cloud-based security products and services.
SecaaS Working Group Charter

SecaaS Working Group Charter

Description: In order to improve understanding, perception, and thus reputation, Security as a Service requires a clear definition and direction to ensure it is understood and to improve the adoption across industry sectors. This will ensure the market has a clear understanding of what SecaaS is, what it means, the services encompassed and how they can be implemented.
SDP Architecture Guide v2

SDP Architecture Guide v2

Network security architectures, tools, and platforms are falling far short of meeting the challenges presented by today’s threat landscape. Whether you’re reading the headlines in mainstream media, working day-to-day as a network defender, or are a security vendor, it’s clear that our commercial enterprises, governmental organizations, and critical infrastructures are unable to successfully contend with the ongoing and persistent attacks from a wide variety of attackers.
Using BlockChain Technology to Secure the Internet of Things - Japanese Translation

Using BlockChain Technology to Secure the Internet of Things - Japanese Translation

本書「IoT セキュリティのためのブロックチェーン技術の活用」は、Cloud Security Alliance (CSA)が公開して いる「Using Blockchain Technology to Secure the Internet of Things」の日本語訳です。本書は、CSA ジャパ ンが、CSA の許可を得て翻訳し、公開するものです。原文と日本語版の内容に相違があった場合には、原文が優先 されます。

Release Date: 10/03/2018

IoT Firmware Update Processes

IoT Firmware Update Processes

Description: The traditional approach to updating software for IT assets involves analysis, staging and distribution of the update—a process that usually occurs during off-hours for the business. These updates typically have cryptographic controls (digital signatures) applied to safeguard the integrity and authenticity of the software.

Release Date: 09/20/2018

Code of Conduct for GDPR Compliance - Japanese Translation

Code of Conduct for GDPR Compliance - Japanese Translation

説明: 本書「GDPR 準拠の為の行動規範」は、Cloud Security Alliance (CSA)が公開している「CODE OF CONDUCT FOR GDPR COMPLIANCE」の日本語訳および一般社団法人日本クラウドセキュリティアライア ンス(CSAジャパン)が解説を加えたものです。本書は、CSAジャパンが、CSAの許可を得て翻訳し、公開 するものです。原文と日本語版の内容に相違があった場合には、原文が優先されます。

Release Date: 09/14/2018

CCM C5 Mapping

CCM C5 Mapping

This document aims to help organizations assess and bridge compliance gaps between the cloud security frameworks of BSI and the Cloud Security Alliance (CSA). The document contain mappings, gap analysis and gaps compensation between the Cloud Controls Matrix (CCM) and the C5 compliance controls catalogue. The CSA and the CCM working group hope that organizations will find this document useful for their cloud security compliance programs.
Top Threats to Cloud Computing: Deep Dive

Top Threats to Cloud Computing: Deep Dive

Description: This case study attempts to connect all the dots when it comes to security analysis by using nine anecdotes cited in the Top Threats for its foundation. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart’s format provides an attack-style synopsis of the actor, spanning from threats and vulnerabilities to end controls and mitigations. We encourage architects and engineers to use this information as a starting point for their own analysis and comparisons.

Release Date: 08/08/2018

Cloud Security Alliance Code of Conduct for GDPR Compliance

Cloud Security Alliance Code of Conduct for GDPR Compliance

Description: The CSA Code of Conduct is designed to offer both a compliance tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider.

Release Date: 07/10/2018

Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Description: The CAIQ is based upon the CCM and provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix.

Release Date: 10/12/2017

Cloud Controls Matrix v3.0.1 (9-1-17 Update)

Cloud Controls Matrix v3.0.1 (9-1-17 Update)

Description: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.

Release Date: 10/03/2017

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Description: The rise of cloud computing as an ever-evolving technology brings with it a number of opportunities and challenges. With this document, we aim to provide both guidance and inspiration to support business goals while managing and mitigating the risks associated with the adoption of cloud computing technology.

Release Date: 07/26/2017