Mission Statement
To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.
CSA News
January 13, 2016
CSA Survey: 64.9% of IT Trusts the Cloud as Much or More than On-Premises Solutions
Sponsored by Skyhigh Networks, New Report Highlights Shift in Strategy Around Cloud Adoption and Security Seattle, WA – January 13, 2015 – Cloud Adoption does not have to mean opening up your organization to increased security risks and threats if the right policies are in place. That’s what the findings from a new Cloud Security…
January 13, 2016
Upcoming CloudBytes for January and February 2016
Emerging Approaches in a Cloud Connected Enterprise: Containers and Microservices Presenter: Anil Karmel, Co-Founder and CEO of C2 Labs Date: Jan 28–10:30am PT (6:30 GMT) Containers such as Docker and CoreOS Rkt deliver incredible capabilities to developers and operators and are powering the DevOps revolution in application development and deployment. Docker in particular has taken…
January 11, 2016
Cloud Security Alliance Summit 2016 Set to Kick Off RSA Conference with “Cloudifying Information Security”
Star of ABC’s Shark Tank and Former Commissioner of U.S. Securities and Exchange Commission to Serve as Featured Keynote Speakers at Annual Event San Francisco, CA – January 11, 2016 (RSA Conference 2016) – The Cloud Security Alliance (CSA) today announced its preliminary agenda for CSA Summit 2016, a full-day event being held at the RSA Conference on…
January 08, 2016
Cloud Security Alliance Announces Formation of Australia and New Zealand Regional Coordinating Body
New Body to Serve Growing Demand for Cloud Security Interest and Best Practices through Access to More Regional Activities SINGAPORE – January 8, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the formation…
December 16, 2015
CSA APAC and NCDRC sign Memorandum of Understanding (MOU)
The Cloud Security Alliance APAC and National Cyber Defense Research Centre (NCDRC) entered into a Memorandum of Understanding (MOU) on December 12, 2015. BANGALORE – December 16, 2015 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment,…
Press Coverage
TMCnet | December 28, 2015
Cloud Security Alliance Releases Cloud Services API
Networks Asia | December 18, 2015
Cloud federation – simplifying access control
Networks Asia | December 18, 2015
Cloud federation – simplifying access control
TMCnet | December 15, 2015
Why Cloud Security Credentials Really Matter in a Dynamically Changing Environment
SYS-CON | December 14, 2015
Microfinance Monitor | December 14, 2015
PES University Opens Country’s Cyber Defense Research Centre
IT Pro Portal | December 14, 2015
How to securely embrace shadow IT in the enterprise
CSO Online | December 10, 2015
When it comes to cloud security which is better? Heavy hand or gentle policing?
CloudTweaks News | December 09, 2015
PRINCIPLES FOR DATA PROTECTION IN THE CLOUD IN 2016
OSTATIC | December 09, 2015
IDG Survey Shows Strength in the Cloud, But Security Isn’t Locked Down
Asia Cloud Forum | December 08, 2015
Certification
CCSK: Certificate of Cloud Security Knowledge
The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.
Training
CSA Training
The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.
Downloads
Cloud Controls Matrix v3.0.1 (12-10-15 Update)
New and updated mappings, consolidation of redundant controls, rewritten controls for clarity of intent, STAR enablement, and SDO alignment. For CCM-related feedback, please contact ccm-leadership@cloudsecurityalliance.org.
Release Date: December 10, 2015
Big Data Taxonomy
A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.
Release Date: September 18, 2014
Consensus Assessments Initiative Questionnaire v3.0.1
Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”
Release Date: July 11, 2014
Enterprise Architecture v2.0
The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.
Release Date: February 25, 2013
Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union
The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.
Release Date: February 24, 2013
Security Guidance for Critical Areas of Mobile Computing
Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.
Release Date: November 08, 2012
Security Guidance for Critical Areas of Focus in Cloud Computing V3.0
The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.
Release Date: November 14, 2011
Consensus Assessments Initiative Questionnaire v1.1
Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.
Release Date: September 01, 2011
The Cloud Balancing Act for IT: Between Promise and Peril
Cloud Adoption does not have to mean opening up your organization to increased security risks and threats if the right policies are in place.
Release Date: January 13, 2016
CloudTrust Protocol Prototype Source Code
The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service customers can ask for and receive information related to the security of the services they use in the cloud, promoting transparency and trust. The source code implements a CTP server that acts as a gateway between cloud customers and cloud…
Release Date: December 10, 2015
Cloud Controls Matrix v3.0.1 (12-10-15 Update)
New and updated mappings, consolidation of redundant controls, rewritten controls for clarity of intent, STAR enablement, and SDO alignment. For CCM-related feedback, please contact ccm-leadership@cloudsecurityalliance.org.
Release Date: December 10, 2015
International Standardization Council Policies & Procedures
In today’s technological environment, standards play a critical role in product development and market competitiveness. Every input, behavior, and action has both a contributory and a potential legal consequence. These procedures help protect the International Standardization Council (ISC or Council) participants and the CSA by establishing the necessary framework for a sound process.
Release Date: October 15, 2015
Cloud Forensics Capability Maturity Model
Release Date: October 12, 2015
CloudTrust Protocol Data Model and API
The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service customers can ask for and receive information related to the security of the services they use in the cloud, promoting transparency and trust. This document focuses on the definition of the CTP Data Model and Application Programing Interface.
Release Date: October 09, 2015
Identity and Access Management for the Internet of Things
Release Date: September 28, 2015
What is Post-Quantum Cryptography
Release Date: September 28, 2015
What is Quantum Key Distribution?
The security of QKD relies on fundamental laws of nature, which are invulnerable to increasing computational power, new attack algorithms or quantum computers. It is secure against the most arbitrarily powerful eavesdroppers.
Release Date: August 05, 2015
Cloud Computing Market Maturity
This white paper reports the results of a recent study conducted by ISACA and the Cloud Security Alliance to examine cloud market maturity through four lenses: cloud use and satisfaction level, expected growth, cloud-adoption drivers, and limitations to cloud adoption.
Release Date: July 15, 2015
Security Trust and Assurance Registry
STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.
Welcome New Members
The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:
- Coalfire
- Nixu
- Clearmanage
- PNC Financial Services Group
- Imperva
This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.