Latest News

01/24/2019

Cloud Security Alliance Celebrates 10th Anniversary at CSA Summit at RSA Conference 2019

IBM, Starbucks, Turner CISOs to Give Keynote Addresses SEATTLE – RSA CONFERENCE 2019 - Jan. 24, 2019 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today a...

01/14/2019

New Cloud Security Alliance Study Finds Cybersecurity Incidents and Misconceptions Both Increase as Critical ERP Systems Migrate to Clouds

Seattle, WA – January 11, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released the findings from the first research survey on “Enterprise Re...

12/20/2018

Cloud Security Alliance, National Technology Security Coalition Release “Streamlining Vendor IT Security and Risk Assessments” Whitepaper

Report advocates for a new approach to how organizations manage risks, achieve assurance, and enable trust in the cloudSEATTLE – Dec. 20, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure...

12/10/2018

Cloud Security Alliance Announces 2018 Ron Knode Service 
Award Recipients

Volunteers recognized for dedication, efforts to furthering cloud security best practicesORLANDO – Dec. 11, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment...

12/10/2018

Cloud Security Alliance to Develop Holistic Cloud Incident Response Whitepaper

Singapore – 11 December, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, will be developing a holistic Cloud Incident Response Whitepaper. The framework wi...

12/04/2018

​Cloud Security Alliance and OneTrust Launch Free Vendor Risk Management Tool for CSA Members

The CSA-OneTrust VRM tool is pre-populated with templates reproducing the CSA's best practices for cloud security and privacy assurance and compliance, including the Cloud Control Matrix (CCM), the Consensus Assessment Initiative Questionnaire (CAIQ) and GDPR Code of Conduct.

11/26/2018

International Effort with Collaboration Between Cloud Security Alliance and Huawei Culminated in International Standard ISO/IEC 21878

Singapore – November 26, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is pleased to announce that the international standard ISO/IEC 21878 – Security Gu...

11/15/2018

Cloud Security Alliance’s CCSK Wins Cyber Defense Global Award for Leader Cybersecurity Training

SEATTLE, WA – Nov. 16, 2018– The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that its Certificate of Cloud Security Knowledge (CCSK), the first cr...

10/10/2018

Cloud Security Alliance Releases Guidelines on Effectively Managing Security Service in the Cloud

Newest paper offers clearly defined security responsibilities for vendors, customers across various cloud-service modelsSINGAPORE – October 11, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a...

09/27/2018

Cloud Security Alliance Establishes New European Headquarters, GDPR Center of Excellence in Berlin

Berlin, Germany – Sept. 27, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced that in response to rapid membership growth throughout the...

See all news

Press Coverage

MIT Tech News | February 15, 2019

Cybersecurity Expert Stiennon’s Latest Book: Secure Cloud Transformation

Security Boulevard | February 12, 2019

DevOps Chat: DisruptOps: SecurityOps, Disrupted – RSAC Edition

Trade Arabia | February 11, 2019

Prioritizing security in a multi-cloud world

IT Brief New Zealand | February 11, 2019

Microsoft launches bot service for healthcare sector

Government Technology | February 10, 2019

To Understand IoT Security: Look to the Clouds

ComputerWeekly.com | February 08, 2019

A guide to choosing cloud-based security services

Security Intelligence | February 07, 2019

Moving to the Hybrid Cloud? Make Sure It’s Secure by Design

Security Intelligence | February 07, 2019

Moving to the Hybrid Cloud? Make Sure It’s Secure by Design

Security Boulevard | February 05, 2019

3 Tips to Mitigate Security Risk During an ERP Cloud Migration

Inside Cybersecurity | February 04, 2019

Former BSI official DiMaria gears up to promote Cloud Security Alliance’s STAR program

Inside Cybersecurity | February 01, 2019

Cloud security group calls for clarity in GDPR guidance on requirements, role of regulators

DevOps.com | January 31, 2019

Salt Security Unveils Platform to Secure APIs

Bobsguide | January 30, 2019

Banks must decompose legacy “ball of mud” to grab cloud opportunity

Security Boulevard | January 30, 2019

Software Defined Perimeter – a Modern VPN with Traditional Challenges

Tech Republic | January 28, 2019

How to become a cloud engineer: A cheat sheet

ComputerWeekly.com | January 25, 2019

A cloud compliance checklist for the GDPR age

Continuity Central.com | January 17, 2019

Cyber security incidents and misconceptions both increase as critical ERP systems migrate to the cloud

eWeek | January 17, 2019

Report Looks at Security Misconceptions of Moving ERP to Cloud

InfoWorld | January 16, 2019

ERP cloud migration and its complexities

UberKnowledge | January 16, 2019

Communities, GDPR Opportunities and Security in IoT

See all press coverage

Recent Blog Posts

February 19, 2019

Rocks, Pebbles, Shadow IT

By Rich Campagna, Chief Marketing Officer, Bitglass Way back in 2013/14, Cloud Access Security Brokers (CASBs) were first deployed to identify Shadow IT, or unsanctioned cloud applications. At the time, the prevailing mindset amongst security professionals was that cloud was bad, and discovering Shadow IT was viewed as the first step towards stopping the spread of cloud […]


February 13, 2019

Rethinking Security for Public Cloud

Symantec’s Raj Patel highlights how organizations should be retooling security postures to support a modern cloud environment By Beth Stackpole, Writer, Symantec Enterprises have come a long way with cyber security, embracing robust enterprise security platforms and elevating security roles and best practices. Yet with public cloud adoption on the rise and businesses shifting to […]


February 12, 2019

Bitglass Security Spotlight: Financial Services Facing Cyberattacks

By Will Houcheime, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent months: —Customer information exposed in Bankers Life hack—American Express India leaves customers defenseless—Online HSBC accounts breached—Millions of dollars taken from major Pakistani banks—U.S. government infrastructure accessed via DJI drones Customer information exposed in Bankers Life hack566,000 individuals have been notified […]


February 11, 2019

The 12 Most Critical Risks for Serverless Applications

By Sean Heide, CSA Research Analyst and Ory Segal, Israel Chapter Board Member When building the idea and thought process around implementing a serverless structure for your company, there are a few key risks one must take into account to ensure the architecture is gathering proper controls when speaking to security measures and how to […]


February 8, 2019

SaaS Apps and the Need for Specialized Security

By Paul Sullivan, Software Engineer, Bitglass Keeping cloud services running is a complex, multi-faceted endeavor for cloud service providers. They need to juggle adding new features, keeping their customers’ sensitive data secure, and having high uptime for their services – there is virtually no room for error. Microsoft learned about the need for high uptime […]


February 7, 2019

Deciphering DevSecOps

Security needs to be an integral part of the DevOps roadmap. Enterprise Strategy Group’s Doug Cahill shows the way By Beth Stackpole, Writer, Symantec Security has moved to the forefront of the IT agenda as organizations push forward with digital transformation initiatives. At the same time, DevOps, a methodology that applies agile and lean principles […]


February 5, 2019

Bitglass Security Spotlight: Breaches Expose Millions of Emails, Texts, and Call Logs

By Will Houcheime, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks:  —773 million email accounts published on hacking forum— Unprotected FBI data and Social Security numbers found online — Millions of texts and call logs exposed on unlocked server—South Korean Defense Ministry breached by hackers—Ransomware forces City Hall of Del […]


January 31, 2019

Security Risks and Continuous Development Drive Push for DevSecOps

How the need to speed application creation and subsequent iterations has catalyzed the adoption of the DevOps philosophy By Dwight B. Davis, Writer, Symantec The sharp rise in cyber security attacks and damaging breaches in recent years has driven a new mantra among both application developers and security professionals: “Build security in from the ground […]


January 24, 2019

CCSK Success Stories: From the Financial Sector

By the CSA Education Team This is the second part in a blog series on Cloud Security Training. Today we will be interviewing an infosecurity professional working in the financial sector. John C Checco is President Emeritus for the New York Metro InfraGard Members Alliance, as well as an Information Security professional providing subject matter […]


January 21, 2019

CCM Addenda Updates for Two Additional Standards

By the CSA CCM Working Group Dear Colleagues, We’re happy to announce the publication of the updated Cloud Controls Matrix (CCM) Addenda for the following standards: — German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5) — ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018 These CCM addenda aim to help organizations assess […]


Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Research Artifacts

CCM Mapping Workpackage Template

CCM Mapping Workpackage Template

This document is the companion document to the Methodology for the Mapping of the Cloud Controls Matrix (CCM). It is a CCM mapping workpackage template that can be used by organizations who want to map their frameworks to the CCM.

Release Date: 02/14/2019
The 12 Most Critical Risks for Serverless Applications

The 12 Most Critical Risks for Serverless Applications

The 12 Most Critical Risks for Serverless Applications 2019 document is meant to serve as a security awareness and education guide. This report was curated and maintained by top industry practitioners and security researchers with vast experience in application security, cloud, and serverless architectures.

Release Date: 02/11/2019
The Future of Healthcare

The Future of Healthcare

Globally the Healthcare Industry is a significant component of any country’s infrastructure. In sheer market size, the health care market in the United States of America is the largest in the world. The size of the market means that there is unequaled purchasing power, demand, and opportunity for innovation. In contrast, by structure, reimbursement systems, regulation, issues of access, and complexity it is one of the most opaque.

Release Date: 02/04/2019
Cloud Incident Response Charter

Cloud Incident Response Charter

To develop a holistic Cloud Incident Response (CIR) framework that comprehensively covers key causes of cloud outages (both security and non-security related), and their handling and mitigation strategies.

Release Date: 01/21/2019
CCM v3.0.1 Addendum - BSI Germany C5 v1

CCM v3.0.1 Addendum - BSI Germany C5 v1

This document is an addendum to the Cloud Controls Matrix (CCM) V3.0.1 controls. It contains the additional controls that serves to bridge the gap between CCM and the German Federal Office for Information Security (BSI) Compliance Controls Catalogue (C5).

Release Date: 01/18/2019
CCM v3.0.1 Addendum - ISO 27002 27017 27018 v1.1

CCM v3.0.1 Addendum - ISO 27002 27017 27018 v1.1

This document is an addendum to the Cloud Controls Matrix (CCM) V3.0.1 controls. It contains the additional controls that serves to bridge the gap between CCM and ISO/IEC 27002:2013, ISO/IEC 27017:2015 and ISO/IEC 27018:2014.

Release Date: 01/18/2019
Enterprise Resource Planning and Cloud Adoption

Enterprise Resource Planning and Cloud Adoption

The “Impact of Cloud on ERP” survey report was designed to assess the impact of ERP solutions on organizations and better understand cloud preparation and data migration needs to implement ERP solutions in the cloud. Features and benefits gained, security and privacy challenges, and time to deploy for an ERP Solution in a cloud environment were explored.

Release Date: 01/11/2019
Guideline on Effectively Managing Security Service in the Cloud

Guideline on Effectively Managing Security Service in the Cloud

This initiative aims to develop a research whitepaper, focusing on building up a cloud security services management platform. This whitepaper will serve as a guideline for cloud service providers to secure its cloud platform and provide cloud security services to cloud users, for cloud users to select security qualified cloud service providers, for security vendors to develop their cloud-based security products and services.

Release Date: 01/04/2019
Streamlining Vendor IT Security and Risk Assessments

Streamlining Vendor IT Security and Risk Assessments

A perspective on standards-based assurance of Cloud Providers.

Release Date: 12/09/2018
Top Threats to Cloud Computing: Deep Dive

Top Threats to Cloud Computing: Deep Dive

This case study attempts to connect all the dots when it comes to security analysis by using nine anecdotes cited in the Top Threats for its foundation. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart’s format provides an attack-style synopsis of the actor, spanning from threats and vulnerabilities to end controls and mitigations. We encourage architects and engineers to use this information as a starting point for their own analysis and comparisons.

Release Date: 08/08/2018
Cloud Security Alliance Code of Conduct for GDPR Compliance

Cloud Security Alliance Code of Conduct for GDPR Compliance

The CSA Code of Conduct is designed to offer both a compliance tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider.

Release Date: 07/10/2018
Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Description: The CAIQ is based upon the CCM and provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix.

Release Date: 10/12/2017
Cloud Controls Matrix v3.0.1 (9-1-17 Update)

Cloud Controls Matrix v3.0.1 (9-1-17 Update)

Description: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.

Release Date: 10/03/2017
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

The rise of cloud computing as an ever-evolving technology brings with it a number of opportunities and challenges. With this document, we aim to provide both guidance and inspiration to support business goals while managing and mitigating the risks associated with the adoption of cloud computing technology.

Release Date: 07/26/2017