Latest News
12/04/2018
Cloud Security Alliance and OneTrust Launch Free Vendor Risk Management Tool for CSA Members
The CSA-OneTrust VRM tool is pre-populated with templates reproducing the CSA's best practices for cloud security and privacy assurance and compliance, including the Cloud Control Matrix (CCM), the Consensus Assessment Initiative Questionnaire (CAIQ) and GDPR Code of Conduct.
11/26/2018
International Effort with Collaboration Between Cloud Security Alliance and Huawei Culminated in International Standard ISO/IEC 21878
Singapore – November 26, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is pleased to announce that the international standard ISO/IEC 21878 – Security Gu...
11/15/2018
Cloud Security Alliance’s CCSK Wins Cyber Defense Global Award for Leader Cybersecurity Training
SEATTLE, WA – Nov. 16, 2018– The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that its Certificate of Cloud Security Knowledge (CCSK), the first cr...
10/10/2018
Cloud Security Alliance Releases Guidelines on Effectively Managing Security Service in the Cloud
Newest paper offers clearly defined security responsibilities for vendors, customers across various cloud-service modelsSINGAPORE – October 11, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a...
09/27/2018
Cloud Security Alliance Establishes New European Headquarters, GDPR Center of Excellence in Berlin
Berlin, Germany – Sept. 27, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced that in response to rapid membership growth throughout the...
09/25/2018
Cloud Security Alliance Announces Speakers, Sessions for 8th Annual CSA Congress
Keynote presenters from the United Nations, Turners Broadcasting, Qualys and Arizona State to discuss global governance, the threat landscape and security innovations that address new cloud security frontiers Seattle, WA – Sept. 25, 2018 – The Cloud Security Alliance (CSA), the world’s lead...
08/20/2018
Cloud Security Alliance Releases Malaysia Financial Sector Cloud Adoption Report
Survey offers insight into areas of cloud adoption, IT security budgets, cloud computing, cyber security skills KUALA LUMPUR, MALAYSIA – August 20, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to hel...
08/08/2018
CSA Releases Top Threats to Cloud Computing: Deep Dive
Paper identifies chief cloud security risks, how they fit in a greater security analysis BLACKHAT LAS VEGAS – AUGUST 8, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure clou...
08/07/2018
CSA, OWASP Issue Updated Guidance for Secure Medical Device Deployment
Report includes enhanced sections on purchasing and mechanism controls, as well as relevant FDA guidance BLACKHAT LAS VEGAS – AUGUST 7, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure...
06/12/2018
Cloud Security Alliance Issues Recommendations on Firmware Integrity in the Cloud Data Center
Group calls for more standardization from hardware manufacturers to improve security SEATTLE, WA – JUNE 12, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing env...
Press Coverage
Building a Multi-Cloud Strategy? Be Sure to Address the Security and Management Challenges
ERP Faces New Security Threats
Cloud Security Alliance’s CCSK Wins Cyber Defense Global Award for Leader Cybersecurity Training
How to manage and secure your digital workplace
Paul Thurrott’s Short Takes: November 2
Microsoft Cloud Outpaces Amazon
Microsoft Cloud Outpaces Amazon
Securing Access To Critical Legacy Applications
Things I Know About … Cloud security
How IoT Can Leverage SD-WAN and SDP for Security and Performance
Huawei and CSA Jointly Release the Guideline on Effectively Managing Security Service in the Cloud
Microsoft Rides Cloud to Impressive Earnings Beat; Markets Focus on Amazon Q3
Oracle OpenWorld 2018 – the cloud security story
How to catch security blind spots during a cloud migration
Arvada to Host 3rd Annual Cloud Security Alliance Fall Summit on November 8
Where Next With Cloud Security?
Awards & Recognition Program Honors 5 Alumni
Crypto Quantique claims launch of first quantum-driven secure chip on silicon to strengthen IoT security
Cloud Security Market is Estimated to Reach $12.64 Billion by 2024
New Report from NSFOCUS Analyzes 27 Million Attacks in H1 Cybersecurity Insights Report
Recent Blog Posts
Keeping Your Boat Afloat with a Cloud Access Security Broker
By Prasidh Srikanth, Senior Product Manager, Bitglass If you were on a sinking ship that was full of holes of various sizes, which ones would you patch first? Probably the big ones. Now, consider this: As an enterprise, you’ve been successfully sailing and securing your corporate data on premises for some time. However, now you’re migrating […]
Development of Cloud Security Guidance, with Mapping MY PDPA Standard to CCM Control Domains, Jointly Developed by MDEC and CSA
By Ekta Mishra, Research Analyst/APAC, Cloud Security Alliance The Cloud Security Alliance Cloud Controls Matrix (CCM) provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the CSA CCM rest on its customized relationship to other industry-accepted […]
OneTrust and Cloud Security Alliance Partner to Launch Free Vendor Risk Tool for CSA Members
By Gabrielle Ferree, Public Relations and Marketing Manager, OneTrust OneTrust is excited to announce that we have partnered with Cloud Security Alliance to launch a free Vendor Risk Management (VRM) tool. The tool, available to CSA members today, automates the vendor risk lifecycle for compliance with the GDPR, CCPA and other global privacy frameworks. Get started […]
Typical Challenges in Understanding CCSK and CCSP: Technology Architecture
By Peter HJ van Eijk, Head Coach and Cloud Architect, ClubCloudComputing.com As cloud computing is becoming increasingly mainstream, more people are seeking cloud computing security certification. Because I teach prep courses for the two most popular certifications—the Certificate of Cloud Security Knowledge (CCSK), organized by the Cloud Security Alliance (CSA), and the Certified Cloud Security […]
Bitglass Security Spotlight: US Government Breaches Abound
By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity headlines of recent weeks: —Healthcare.gov breached —US weapons systems contain cybersecurity gaps —Over 35 million US voter records for sale —National Guard faces ransomware attack Healthcare.gov breached 75,000 people had their personal details stolen when hackers breached a government system that is frequently used […]
Cloud Threat Report: Emotet, Dridex, Mylobot Malware Activity – Week of 11/26
By Curtis Jordan, Lead Security Engineer, TruSTAR In TruSTAR, we see that Emotet has been on the rise, particularly over the last two weeks. Also, because of crossover with Dridex C&C servers, we’re seeing an increase in Dridex activity as well. Another piece of malware to be on the lookout for is Mylobot. Mylobot is a highly sophisticated […]
Documentation of Distributed Ledger Technology and Blockchain Use
By Ashish Mehta, Co-chair, CSA Blockchain/Distributed Ledger Working Group CSA’s newest white paper, Beyond Cryptocurrency: Nine Relevant Blockchain and Distributed Ledger Technology (DLT) Use Cases, aims to identify wider use cases for both technologies beyond just cryptocurrency, an area with which both technologies currently have the widest association. In the process of outlining several use […]
How to Do the Impossible and Secure BYOD
By Will Houcheime, Product Marketing Manager, Bitglass The use of cloud tools in the enterprise is becoming increasingly common, enabling employees to collaborate and work incredibly efficiently. On top of this, when employees are allowed to work from their personal devices (known as bring your own device or BYOD), it makes it even easier for them to […]
Fixing Your Mis-Deployed NGFW
By Rich Campagna, Chief Marketing Officer, Bitglass The Firewall/Next-Gen Firewall has been the cornerstone of information security strategy for decades now. The thing is, changes in network traffic patterns have resulted in most firewalls protecting a smaller and smaller percentage of enterprise network traffic over time. This post will illustrate the root cause of these firewall mis-deployments, […]
Weigh in on the Cloud Control Matrix Addenda
Dear Colleagues, The Cloud Security Alliance would like to invite you to review and comment on the Cloud Control Matrix (CCM) addenda for the following standards: —German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5). (Add your comments to CCM-C5.) —ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018. (Add your comments to CCM-ISO.) These […]
Certification
CCSK: Certificate of Cloud Security Knowledge
The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.
Training
CSA Training
The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.
Research Artifacts
Streamlining Vendor IT Security and Risk Assessments
Blockchain DLT Use Cases
Cloud Controls Matrix v3.0.1 (11-12-18 Update)
CCM v3.0 - Chinese Translation
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 (Spanish Translation)
Guideline on Effectively Managing Security Service in the Cloud
Using BlockChain Technology to Secure the Internet of Things - Japanese Translation
IoT Firmware Update Processes
Code of Conduct for GDPR Compliance - Japanese Translation
説明: 本書「GDPR 準拠の為の行動規範」は、Cloud Security Alliance (CSA)が公開している「CODE OF CONDUCT FOR GDPR COMPLIANCE」の日本語訳および一般社団法人日本クラウドセキュリティアライア ンス(CSAジャパン)が解説を加えたものです。本書は、CSAジャパンが、CSAの許可を得て翻訳し、公開 するものです。原文と日本語版の内容に相違があった場合には、原文が優先されます。
CSA Malaysia FSI Report
Top Threats to Cloud Computing: Deep Dive
Cloud Security Alliance Code of Conduct for GDPR Compliance
Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)
Description: The CAIQ is based upon the CCM and provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix.
Cloud Controls Matrix v3.0.1 (9-1-17 Update)
Description: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.
