Latest News
06/24/2019
Cloud Security Alliance Congress EMEA 2019 Call for Papers Deadline Extended
Papers examining new frontiers accelerating change in information security are sought Berlin, Germany – June 26, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing...
06/24/2019
Cloud Security Alliance Releases Cloud Octagon Model to Facilitate Cloud Computing Risk Assessment
Innovative model challenges enterprises to investigate risk from perspective other than that of the cloud service provider SEATTLE – June 24, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help en...
05/21/2019
Cloud Security Alliance Study Identifies New and Unique Security Challenges in Native Cloud, Hybrid and Multi-cloud Environments
Holistic cloud visibility and control over increasingly complex environments are essential for successful deployments in various cloud scenarios SEATTLE – May 21, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of b...
05/13/2019
Registration Opens for Cloud Security Alliance Congress EMEA 2019
Registration has opened for the annual CSA Congress EMEA (Berlin, Nov. 18-21, 2019). This multi-day conference will offer cloud security professionals a unique mixture of compelling presentations and topical discussions on research, technical and policy development, practice, requirements and tools related to cloud security, privacy and emerging technologies.
05/07/2019
Cloud Security Alliance Releases Cloud Operating System (OS) Security Specification Report
The first international research report to define technical requirements for cloud OS security specifications and to address their importanceSINGAPORE – May 8, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices ...
05/07/2019
Cloud Security Alliance Releases Software-Defined Perimeter Architecture Guide
Produced by the Software-Defined Perimeter Working Group, this Software-Defined Perimeter (SDP) Architecture Guide is designed to help enterprises and practitioners learn more about SDP and the economic and technical benefits it can provide, as well as assist users in implementing SDP in their organizations successfully.
04/23/2019
Cloud Security Alliance Announces Federal Summit 2019 Speaker Line-up
Former U.S. CIO Vivek Kundra to share his experience leading change across the U.S. government, the world’s largest consumer of information technology Seattle, WA – April 23, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising aw...
03/05/2019
Cloud Security Alliance Debuts Internet of Things (IoT) Controls Framework and Accompanying Guide
Framework introduces base-level security controls required to mitigate numerous risks associated with IoT systems SAN FRANCISCO – March 4, 2019 – RSA CONFERENCE 2019– The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practic...
03/04/2019
Cloud Security Alliance Announces Decade of Vision Leadership Award Winners
CSA announced the recipients of its Decade of Vision Leadership award, given to the three founding CEOs, who provided the initial startup funding, plus consistent support, mentoring, and evangelism of the CSA mission on a global basis over the last 10 years. The awards were presented at the CSA Summit at RSA Conference.
03/04/2019
Cloud Security Alliance and Internet Security Conference Sign Memorandum of Understanding
As part of the agreement—and at the invitation of the Internet Security Conference (ISC), one of the most insightful high-profile events on network security in Asia-Pacific and worldwide—the CSA will host a CSA Summit co-located with the ISC event in Beijing on Aug. 21-22, 2019. Founded in 2013, the ISC has been successfully held for six years, during which time it has been well recognized, supported and participated by governments, think tanks, business executives, academia, industry influences and technical elites.
Press Coverage
Here is the Secret Behind Getting that Cloud Computing Job
Software Defined Perimeter (SDP): The deployment
As cloud complexities increase, cybersecurity skills gap worsens
Saudi Arabia’s NIC obtains star certification in cloud computing
How Federal Agencies Manage Their Risk in the Cloud
Who’s Responsible for a Cloud Breach? It Depends
Cloud adoptions are obscuring data visibility, says new study
The Secret CSO: Nils Puhlmann, Twilio
Poor Cloud Security Practices Put Data at Risk; A Detailed Look at How Hackers Target Employees
Software Defined Perimeter (SDP): Creating a new network perimeter
The dirty dozen: 12 top cloud security threats
7 Must-Have Cloud Security Certifications In 2019
HIT Think Security challenges in native cloud, hybrid and multi-cloud environments
With cloud expanding, users need umbrella the most
Study Finds Cloud Still Faces Security Concerns Amid Migrations
Tips to Improve Cloud Provider’s Security
Studie der Cloud Security Alliance identifiziert neue und einzigartige Sicherheitsprobleme in nativen, hybriden und Multi-Cloud-Umgebungen
Security and Agility in the Cloud
Closing the Cyber Workforce Gap by Improving the Pipeline
Is Third-Party Risk Assessment Getting Better?
Recent Blog Posts
How to Improve the Accuracy and Completeness of Cloud Computing Risk Assessments?
By Jim de Haas, cloud security expert, ABN AMRO Bank This whitepaper aims to draw upon the security challenges in cloud computing environments and suggests a logical approach to dealing with the security aspects in a holistic way by introducing a Cloud Octagon model. This model makes it easier for organizations to identify, represent and […]
Will Hybrid Cryptography Protect Us from the Quantum Threat?
By Roberta Faux, Director of Advance Cryptography, BlackHorse Solutions Our new white paper explains the pros and cons of hybrid cryptography. The CSA Quantum-Safe Security Working Group has produced a new primer on hybrid cryptography. This paper, “Mitigating the Quantum Threat with Hybrid Cryptography,” is aimed at helping non-technical corporate executives understand how to potentially […]
CSA Issues Top 20 Critical Controls for Cloud Enterprise Resource Planning Customers
By Victor Chin, Research Analyst, Cloud Security Alliance Cloud technologies are being increasingly adopted by organizations, regardless of their size, location or industry. And it’s no different when it comes to business-critical applications, typically known as enterprise resource planning (ERP) applications. Most organizations are migrating business-critical applications to a hybrid architecture of ERP applications. To […]
Security Spotlight: G Suite User Passwords Stored in Plaintext
By Will Houcheime, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks: G Suite User Passwords Stored in Plaintext Since 2005 Contact Data of Millions of Instagram Influencers Exposed Rogue Iframe Phishing Used to Steal Payment Card Information London Commuters to be Tracked Through the Use of Wi-Fi Hotspots Thousands of […]
Roadmap to Earning Your Certificate in Cloud Security Knowledge (CCSK)
By Ryan Bergsma, Training Program Director, Cloud Security Alliance In this blog we’ll be taking a look at how to earn your Certificate of Cloud Security Knowledge (CCSK), from study materials, to how to prepare, to the details of the exam, including a module breakdown, passing rates, format etc. If you’re considering earning your CCSK, […]
What Will Happen If Encryption Used to Protect Data in Corporations Can Be Broken?
By Edward Chiu, Emerging Cybersecurity Technologist, Chevron While the development of quantum computers is still at a nascent stage, its potential in solving problems not feasible with classical computers draws interest from many industries. On one hand, Volkswagen is researching using quantum computers to help optimize traffic, and researchers at Roche are investigating the use […]
Happy Birthday GDPR! – Defending Against Illegitimate Complaints
By John DiMaria; CSSBB, HISP, MHISP, AMBCI, CERP, Assurance Investigatory Fellow – Cloud Security Alliance On May 25th we will celebrate the first birthday of GDPR. Yes, one year ago GDPR was sort of a four-letter word (or acronym if you will). People were in a panic of how they were going to comply and […]
New and Unique Security Challenges in Native Cloud, Hybrid and Multi-cloud Environments
By Hillary Baron, Research Analyst, Cloud Security Alliance CSA’s latest survey, Cloud Security Complexity: Challenges in Managing Security in Hybrid and Multi-Cloud Environments, examines information security concerns in a complex cloud environment. Commissioned by AlgoSec, the survey of 700 IT and security professionals aims to analyze and better understand the state of adoption and security […]
Financial Services: Counting on CASBs
By Will Houcheime, Product Marketing Manager, Bitglass Financial institutions handle a great deal of sensitive data and are highly conscientious of where they store and process it. Nevertheless, they are aware of the many benefits that they can gain by using cloud applications. In order to embrace the cloud’s myriad advantages without compromising the security […]
“Collection #1” Data Breach
By Paul Sullivan, Software Engineer, Bitglass News of the 773 million email data breach that Troy Hunt announced for Have I Been Pwned certainly got a lot of coverage a few months ago. Now that the dust has settled, let’s cut through some of the hype and see what this really means for enterprise security. First, let’s clear […]
Certification
CCSK: Certificate of Cloud Security Knowledge
The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.
Training
CSA Training
The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.
Research Artifacts
Mitigating the Quantum Threat with Hybrid Cryptography
Top 20 Critical Controls for Cloud ERP Customers
Cloud Security Alliance Code of Conduct for GDPR Compliance (Updated - May 2019)
PLA Code of Practice Template Annex 1 (Updated - May 2019)
CSA PLA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU’s GDPR. The CSA PLA Code of Conduct for GDPR Compliance is designed to be an appendix to a Cloud Services Agreement to describe the level of privacy protection that a Cloud Service Provider will provide.
Note: The current version of of the CSA Code of Practice is 3.2 (which replaces 3.1), the updates were to be in compliance and align with the Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679 adopted February 12, 2019.
Preparing Enterprises for the Quantum Computing Cybersecurity Threats
Cloud Security Complexity
Cloud OS Security Specification
SDP Architecture Guide v2
Hybrid Cloud Security Services Charter
Cloud Security Alliance Code of Conduct for GDPR Compliance (Updated - May 2019)
CAIQ-Lite
Top Threats to Cloud Computing: Deep Dive
Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)
Description: The CAIQ is based upon the CCM and provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix.
Cloud Controls Matrix v3.0.1
Description: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.
