Latest News

12/04/2018

​Cloud Security Alliance and OneTrust Launch Free Vendor Risk Management Tool for CSA Members

The CSA-OneTrust VRM tool is pre-populated with templates reproducing the CSA's best practices for cloud security and privacy assurance and compliance, including the Cloud Control Matrix (CCM), the Consensus Assessment Initiative Questionnaire (CAIQ) and GDPR Code of Conduct.

11/26/2018

International Effort with Collaboration Between Cloud Security Alliance and Huawei Culminated in International Standard ISO/IEC 21878

Singapore – November 26, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is pleased to announce that the international standard ISO/IEC 21878 – Security Gu...

11/15/2018

Cloud Security Alliance’s CCSK Wins Cyber Defense Global Award for Leader Cybersecurity Training

SEATTLE, WA – Nov. 16, 2018– The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that its Certificate of Cloud Security Knowledge (CCSK), the first cr...

10/10/2018

Cloud Security Alliance Releases Guidelines on Effectively Managing Security Service in the Cloud

Newest paper offers clearly defined security responsibilities for vendors, customers across various cloud-service modelsSINGAPORE – October 11, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a...

09/27/2018

Cloud Security Alliance Establishes New European Headquarters, GDPR Center of Excellence in Berlin

Berlin, Germany – Sept. 27, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced that in response to rapid membership growth throughout the...

09/25/2018

Cloud Security Alliance Announces Speakers, Sessions 
for 8th Annual CSA Congress

Keynote presenters from the United Nations, Turners Broadcasting, Qualys and Arizona State to discuss global governance, the threat landscape and security innovations that address new cloud security frontiers Seattle, WA – Sept. 25, 2018 – The Cloud Security Alliance (CSA), the world’s lead...

08/20/2018

Cloud Security Alliance Releases Malaysia Financial Sector Cloud 
Adoption Report

Survey offers insight into areas of cloud adoption, IT security budgets, cloud computing, cyber security skills KUALA LUMPUR, MALAYSIA – August 20, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to hel...

08/08/2018

CSA Releases Top Threats to Cloud Computing: Deep Dive

Paper identifies chief cloud security risks, how they fit in a greater security analysis BLACKHAT LAS VEGAS – AUGUST 8, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure clou...

08/07/2018

CSA, OWASP Issue Updated Guidance for Secure Medical 
Device Deployment

Report includes enhanced sections on purchasing and mechanism controls, as well as relevant FDA guidance BLACKHAT LAS VEGAS – AUGUST 7, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure...

06/12/2018

Cloud Security Alliance Issues Recommendations on Firmware Integrity 
in the Cloud Data Center

Group calls for more standardization from hardware manufacturers to improve security SEATTLE, WA – JUNE 12, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing env...

See all news

Press Coverage

Security Boulevard |November 26, 2018

Building a Multi-Cloud Strategy? Be Sure to Address the Security and Management Challenges

IT Business Edge |November 21, 2018

ERP Faces New Security Threats

Host Review |November 19, 2018

Cloud Security Alliance’s CCSK Wins Cyber Defense Global Award for Leader Cybersecurity Training

ITweb |November 09, 2018

How to manage and secure your digital workplace

Petri |November 02, 2018

Paul Thurrott’s Short Takes: November 2

Seeking Alpha |October 31, 2018

Microsoft Cloud Outpaces Amazon

Talk Markets |October 30, 2018

Microsoft Cloud Outpaces Amazon

Forbes |October 30, 2018

Securing Access To Critical Legacy Applications

Worcester Business Journal |October 29, 2018

Things I Know About … Cloud security

DZone |October 29, 2018

How IoT Can Leverage SD-WAN and SDP for Security and Performance

Telecom Ramblings |October 29, 2018

Huawei and CSA Jointly Release the Guideline on Effectively Managing Security Service in the Cloud

The Street |October 25, 2018

Microsoft Rides Cloud to Impressive Earnings Beat; Markets Focus on Amazon Q3

Diginomica |October 23, 2018

Oracle OpenWorld 2018 – the cloud security story

GCN |October 23, 2018

How to catch security blind spots during a cloud migration

Denver Post |October 22, 2018

Arvada to Host 3rd Annual Cloud Security Alliance Fall Summit on November 8

Government Technology |October 20, 2018

Where Next With Cloud Security?

Syracuse University News |October 19, 2018

Awards & Recognition Program Honors 5 Alumni

IoT News |October 18, 2018

Crypto Quantique claims launch of first quantum-driven secure chip on silicon to strengthen IoT security

SmallCap Network |October 18, 2018

Cloud Security Market is Estimated to Reach $12.64 Billion by 2024

WICZ TV |October 18, 2018

New Report from NSFOCUS Analyzes 27 Million Attacks in H1 Cybersecurity Insights Report

See all press coverage

Recent Blog Posts

December 7, 2018

Keeping Your Boat Afloat with a Cloud Access Security Broker

By Prasidh Srikanth, Senior Product Manager, Bitglass If you were on a sinking ship that was full of holes of various sizes, which ones would you patch first? Probably the big ones. Now, consider this: As an enterprise, you’ve been successfully sailing and securing your corporate data on premises for some time. However, now you’re migrating […]


December 6, 2018

Development of Cloud Security Guidance, with Mapping MY PDPA Standard to CCM Control Domains, Jointly Developed by MDEC and CSA

By Ekta Mishra, Research Analyst/APAC, Cloud Security Alliance The Cloud Security Alliance Cloud Controls Matrix (CCM) provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the CSA CCM rest on its customized relationship to other industry-accepted […]


December 4, 2018

OneTrust and Cloud Security Alliance Partner to Launch Free Vendor Risk Tool for CSA Members

By Gabrielle Ferree, Public Relations and Marketing Manager, OneTrust OneTrust is excited to announce that we have partnered with Cloud Security Alliance to launch a free Vendor Risk Management (VRM) tool. The tool, available to CSA members today, automates the vendor risk lifecycle for compliance with the GDPR, CCPA and other global privacy frameworks. Get started […]


December 3, 2018

Typical Challenges in Understanding CCSK and CCSP: Technology Architecture

By Peter HJ van Eijk, Head Coach and Cloud Architect, ClubCloudComputing.com As cloud computing is becoming increasingly mainstream, more people are seeking cloud computing security certification. Because I teach prep courses for the two most popular certifications—the Certificate of Cloud Security Knowledge (CCSK), organized by the Cloud Security Alliance (CSA), and the Certified Cloud Security […]


November 30, 2018

Bitglass Security Spotlight: US Government Breaches Abound

By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity headlines of recent weeks: —Healthcare.gov breached —US weapons systems contain cybersecurity gaps —Over 35 million US voter records for sale —National Guard faces ransomware attack Healthcare.gov breached 75,000 people had their personal details stolen when hackers breached a government system that is frequently used […]


November 30, 2018

Cloud Threat Report: Emotet, Dridex, Mylobot Malware Activity – Week of 11/26

By Curtis Jordan, Lead Security Engineer, TruSTAR In TruSTAR, we see that Emotet has been on the rise, particularly over the last two weeks. Also, because of crossover with Dridex C&C servers, we’re seeing an increase in Dridex activity as well. Another piece of malware to be on the lookout for is Mylobot. Mylobot is a highly sophisticated […]


November 27, 2018

Documentation of Distributed Ledger Technology and Blockchain Use

By Ashish Mehta, Co-chair, CSA Blockchain/Distributed Ledger Working Group CSA’s newest white paper, Beyond Cryptocurrency: Nine Relevant Blockchain and Distributed Ledger Technology (DLT) Use Cases, aims to identify wider use cases for both technologies beyond just cryptocurrency, an area with which both technologies currently have the widest association. In the process of outlining several use […]


November 26, 2018

How to Do the Impossible and Secure BYOD

By Will Houcheime, Product Marketing Manager, Bitglass The use of cloud tools in the enterprise is becoming increasingly common, enabling employees to collaborate and work incredibly efficiently. On top of this, when employees are allowed to work from their personal devices (known as bring your own device or BYOD), it makes it even easier for them to […]


November 23, 2018

Fixing Your Mis-Deployed NGFW

By Rich Campagna, Chief Marketing Officer, Bitglass The Firewall/Next-Gen Firewall has been the cornerstone of information security strategy for decades now. The thing is, changes in network traffic patterns have resulted in most firewalls protecting a smaller and smaller percentage of enterprise network traffic over time. This post will illustrate the root cause of these firewall mis-deployments, […]


November 20, 2018

Weigh in on the Cloud Control Matrix Addenda

Dear Colleagues, The Cloud Security Alliance would like to invite you to review and comment on the Cloud Control Matrix (CCM) addenda for the following standards: —German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5). (Add your comments to CCM-C5.) —ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018. (Add your comments to CCM-ISO.) These […]


Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Research Artifacts

Streamlining Vendor IT Security and Risk Assessments

Streamlining Vendor IT Security and Risk Assessments

A perspective on standards-based assurance of Cloud Providers.

Release Date: 12/09/2018
Blockchain DLT Use Cases

Blockchain DLT Use Cases

Thanks to the rise in popularity of Bitcoin cryptocurrency, the innovative technologies of Blockchain and other systems of distributed ledger technology (DLT) have proven their ability to increase security of data during transactions and provide immutable long-term data storage.

Release Date: 11/27/2018
Cloud Controls Matrix v3.0.1 (11-12-18 Update)

Cloud Controls Matrix v3.0.1 (11-12-18 Update)

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Working Group has released a minor update for the CCM v3.0.1. This update incorporates mappings to IEC 62443-3-3 and BSI Compliance Controls Catalogue (C5). File attached.

Release Date: 11/12/2018
CCM v3.0 - Chinese Translation

CCM v3.0 - Chinese Translation

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud customers seeking to assess the overall security risk of a cloud service. The CSA CCM provides a detailed controls framework that is aligned with Cloud Security Alliance’s Security Guidance in 16 domains.

Release Date: 10/19/2018
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 (Spanish Translation)

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 (Spanish Translation)

Con este documento, nuestro objetivo es proporcionar tanto orientación como inspiración para respaldar los objetivos comerciales, mientras se gestionan y mitigan los riesgos asociados con la adopción de la tecnología de computación en la nube.

Release Date: 10/19/2018
Guideline on Effectively Managing Security Service in the Cloud

Guideline on Effectively Managing Security Service in the Cloud

This initiative aims to develop a research whitepaper, focusing on building up a cloud security services management platform. This whitepaper will serve as a guideline for cloud service providers to secure its cloud platform and provide cloud security services to cloud users, for cloud users to select security qualified cloud service providers, for security vendors to develop their cloud-based security products and services.

Release Date: 10/19/2018
Using BlockChain Technology to Secure the Internet of Things - Japanese Translation

Using BlockChain Technology to Secure the Internet of Things - Japanese Translation

本書「IoT セキュリティのためのブロックチェーン技術の活用」は、Cloud Security Alliance (CSA)が公開して いる「Using Blockchain Technology to Secure the Internet of Things」の日本語訳です。本書は、CSA ジャパ ンが、CSA の許可を得て翻訳し、公開するものです。原文と日本語版の内容に相違があった場合には、原文が優先 されます。

Release Date: 10/03/2018
IoT Firmware Update Processes

IoT Firmware Update Processes

The traditional approach to updating software for IT assets involves analysis, staging and distribution of the update—a process that usually occurs during off-hours for the business. These updates typically have cryptographic controls (digital signatures) applied to safeguard the integrity and authenticity of the software.

Release Date: 09/20/2018
Code of Conduct for GDPR Compliance - Japanese Translation

Code of Conduct for GDPR Compliance - Japanese Translation

説明: 本書「GDPR 準拠の為の行動規範」は、Cloud Security Alliance (CSA)が公開している「CODE OF CONDUCT FOR GDPR COMPLIANCE」の日本語訳および一般社団法人日本クラウドセキュリティアライア ンス(CSAジャパン)が解説を加えたものです。本書は、CSAジャパンが、CSAの許可を得て翻訳し、公開 するものです。原文と日本語版の内容に相違があった場合には、原文が優先されます。

Release Date: 09/14/2018
CSA Malaysia FSI Report

CSA Malaysia FSI Report

The “Cloud Adoption in the Malaysian Financial Services Industry (FSI) sector” survey was undertaken by CSA to understand and evaluate cloud adoption trends and concerns in the FSI in that country.

Release Date: 08/20/2018
Top Threats to Cloud Computing: Deep Dive

Top Threats to Cloud Computing: Deep Dive

This case study attempts to connect all the dots when it comes to security analysis by using nine anecdotes cited in the Top Threats for its foundation. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart’s format provides an attack-style synopsis of the actor, spanning from threats and vulnerabilities to end controls and mitigations. We encourage architects and engineers to use this information as a starting point for their own analysis and comparisons.

Release Date: 08/08/2018
Cloud Security Alliance Code of Conduct for GDPR Compliance

Cloud Security Alliance Code of Conduct for GDPR Compliance

The CSA Code of Conduct is designed to offer both a compliance tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider.

Release Date: 07/10/2018
Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Description: The CAIQ is based upon the CCM and provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix.

Release Date: 10/12/2017
Cloud Controls Matrix v3.0.1 (9-1-17 Update)

Cloud Controls Matrix v3.0.1 (9-1-17 Update)

Description: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.

Release Date: 10/03/2017
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

The rise of cloud computing as an ever-evolving technology brings with it a number of opportunities and challenges. With this document, we aim to provide both guidance and inspiration to support business goals while managing and mitigating the risks associated with the adoption of cloud computing technology.

Release Date: 07/26/2017