Latest News

August 26, 2016

Cloud Security Alliance Big Data Working Group Releases ‘100 Best Practices in Big Data’ Report

New Effort to Help Organizations Reduce Security and Privacy Threats in Big Data The Cloud Security Alliance (CSA), today announced the release of the new handbook from the CSA Big Data Working Group, outlining the 100 best practices in big data security. The Big Data Security and Privacy Handbook: 100 Best Practices in Big Data…

August 08, 2016

Cloud Security Alliance Announces Strong Line Up of Trainings and Working Group Sessions Scheduled for Privacy. Security. Risk. 2016 Conference

Presented by CSA Congress and IAPP Privacy Academy, Event to Provide Forum for Professionals to Expand Education and Collaborative Work in IoT, Containerization, Privacy Audits, Threat Intelligence and Privacy Risk Analysis San Jose, CA – August 8, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of…

July 28, 2016

Research Brief: Cloud Security Alliance Mobile Working Group Releases Mobile Application Testing Initiative Report

New Effort to Help Organizations and Individuals Reduce Possible Risk Exposure and Security Threats in Using Mobile Applications Seattle, WA – July 28, 2016 – The Cloud Security Alliance (CSA) today announced the release of a new whitepaper from the CSA Mobile Working Group on a new initiative to support the mobile application security testing community….

July 07, 2016

Mobile Application Security Testing releases its white paper.

The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications. MAST aims define a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and…

July 07, 2016

NEW! Quantum Safe Security Awareness Survey

Quantum Safe Security Awareness Survey The goal of this survey is to collect information from security professionals on their awareness of quantum safe issues and the approaches that can be used to address them. The results of the survey will be disseminated by the CSA and will be available on the Quantum Safe Security Working…

July 06, 2016

Google’s Gerhard Eschelbeck to Keynote at Cloud Security Alliance Congress US at Privacy.Security.Risk Conference

Registration Now Open for the Industry’s Premier Gathering for Cloud Education and Best Practices San Jose, CA – July 6, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that Gerhard Eschelbeck, Vice President,…

June 27, 2016

Cloud Security Alliance Issues New Paper on Understanding Quantum Random Number Generators

The Cloud Security Alliance (CSA) today announced the availability of a new research brief from the Quantum-Safe Security (QSS) Working Group titled Quantum Random Number Generators, a whitepaper that looks to detail the impact of randomness on security in an effort to develop the building blocks for effective encryption. Quantum computing, which involves joining the…

June 07, 2016

Data Privacy and Digital Transformation Survey in English, Español, and Português

Prizes include: 10 CCSK Tokens, 100 $20 Amazon Gift Cards, and a Ring Video Doorbell. Data Privacy and Digital Transformation Cloud-based technologies are driving digital transformation, but new data privacy regulations are hampering adoption. We’d like to understand how you and your organization are balancing this dynamic. Participate Now Privacidade de Dados e Transformação Digital…

See all news

Press Coverage

Cloud Security Resource | June 20, 2016

It’s Time to Secure that Cloud…but What Skills Do You Need?

MSP Mentor | June 17, 2016

Cloud 101: Setting Customer Expectations

Business Reporter | June 15, 2016

#DSCloud16: Firms must take an evidence-based approach to cloud security

InfoSecurity Magazine | June 14, 2016

Ransomware Tunes into Smart TVs

SC Magazine | June 02, 2016

“Children are dying” due to restrictions on data, warns cloud expert

Biz Report | June 01, 2016

Top 4 tips to secure your business in the cloud

Network World | June 01, 2016

Software-defined Perimeter (SDP) Essentials

RCR Wireless | May 31, 2016

ICSA Labs to roll out IoT security testing certification

Security Intelligance | May 27, 2016

2016 Security Conferences: Infosecurity Europe

Baseline | May 27, 2016

Cloud Deployments Grow Despite Security Concerns

Security News Desk | May 27, 2016

Certes Networks shrinks the attack surface at Infosecurity Europe

Securosis Blog | May 24, 2016

Incident Response in the Cloud Age: More Data, No Data, or Both?

Computer News Middle East | May 23, 2016

eHDF enhances its Public Cloud portal

The Straits Times | May 23, 2016

Smart Nation push to see $2.8b worth of tenders this year

Security Brief | May 18, 2016

Waikato University takes on Kiwi cyber security

Vanilla Plus | May 17, 2016

Prpl Foundation to give keynote at Cloud Security Alliance at the Cloud Security Summit in Milan

Government Computer News | May 12, 2016

Scott stresses the IT changes a $3.1B revolving fund could bring

CIO | May 10, 2016

Why banks are finally cashing in on the public cloud

FierceBigData | May 09, 2016

Open source prpl Foundation publishes peer-reviewed IoT security guide

Securosis Blog | May 09, 2016

Updates to Our Black Hat Cloud Security Training Classes

See all press

Recent Blog Posts

August 26, 2016

100 Best Practices in Big Data Security and Privacy

By Ryan Bergsma, Research Intern, CSA ‘Big data’ refers to the massive amounts of digital information companies and governments collect about human beings and our environment. Experts anticipate that the amount of data generated will double every two years, from 2500 exabytes in 2012 to 40,000 exabytes in 2020.  Security...

August 25, 2016

Information Security Promises Are Made To Be Broken

By Mark Wojtasiak, Director of Product Marketing, Code42 Morality insists that people will abide by the law and do the right thing; those promises have and will always be broken. Code42, along with almost every other major player in the information security space attended Black Hat 2016 in Las Vegas. Like every...

August 22, 2016

Which Approach Is Better When Choosing a CASB? API or Proxy? How About Both?

By Bob Gilbert, Vice President/Product Marketing, Netskope There have been recent articles and blog posts arguing that the API approach is better than the proxy approach when it comes to selecting a cloud access security broker (CASB). The argument doesn’t really make sense at all. Both surely have their advantages...

August 19, 2016

Five Scenarios Where Data Visibility Matters—A Lot

By Charles Green, Systems Engineer, Code42 In case you were off enjoying a well-deserved summer holiday and are, like I am, a firm believer in disconnecting from the world while on holiday, you might have missed the recent hacker document dump of the U.S. Democratic National Committee (DNC) emails. Personal...

August 11, 2016

CISOs: Do You Have the Five Critical Skills of a DRO?

By Mark Wojtasiak, Director of Product Marketing, Code42 CISOs exploring career advancement opportunities have a new consideration, according to Gartner VP and Distinguished Analyst Paul Proctor. At a Gartner Security & Risk Management Summit presentation in June, Proctor talked about the evolution of a new enterprise role, which is a...

August 11, 2016

API vs. Proxy: How to Get the Best Protection from Your CASB

By Ganesh Kirti, Founder and CTO, Palerra Cloud Access Security Broker (CASB) software has emerged to help IT get its arms around the full cloud security situation. CASBs are security policy enforcement points between cloud service users and one or more cloud service providers. They can reside on the enterprise’s...

August 05, 2016

Ransomware Growing More Common, More Complex; Modern Endpoint Backup Isn’t Scared

By Susan Richardson, Manager/Content Strategy, Code42 The growing ransomware threat isn’t just about more cybercriminals using the same cryptoware tools. The tools themselves are rapidly growing more sophisticated—and more dangerous. Ransomware growing exponentially, with no signs of slowing A new report from InformationWeek’s Dark Reading highlights key trends in the ransomware...

August 03, 2016

Take-aways from the 2016 Gartner Magic Quadrant for Secure Web Gateways

By Atri Chatterjee, CMO, Zscaler Today’s smart enterprises, regardless of size, should be looking at a Secure Web Gateway (SWG) as part of their defense-in-depth security strategy. In Gartner’s opinion, if you aren’t using an SWG, you are in all likelihood leaving a hole in your enterprise security strategy. Firewalls...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Newsletter Archive

All of our past newsletters are available online for your convenience.

Read them here

Downloads

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1

Consensus Assessments Initiative Questionnaire v3.0.1

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Big Data Security and Privacy Handbook

Big Data Security and Privacy Handbook

Release Date: August 26, 2016

Mitigating Risk Survey Report

Mitigating Risk Survey Report

Release Date: August 17, 2016

Re-Think Security

Release Date: July 15, 2016

Mobile Application Security Testing

Mobile Application Security Testing

The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications. MAST aims define a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and…

Release Date: June 30, 2016

Quantum Random Number Generators

Quantum Random Number Generators

A random number is generated by a process whose outcome is unpredictable, and which cannot be reliably reproduced. Randomness, quantitatively measured by entropy, is the measure of uncertainty or disorder within a set of data. The higher the level of unpredictability, the more random the data is and the more valuable it becomes, particularly for…

Release Date: June 09, 2016

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Identity Security Survey Report

Identity Security Survey Report

Release Date: April 19, 2016

CSA STAR Program & Open Certification Framework in 2016 and Beyond

CSA STAR Program & Open Certification Framework in 2016 and Beyond

The Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) program is the industry’s leading trust mark for cloud security. The CSA Open Certification Framework (OCF) is a program for flexible, incremental and multi-layered CSP certifications according to the CSA’s industry leading security guidance. The OCF/STAR program comprises a global cloud computing assurance framework…

Release Date: April 12, 2016

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.