Mission Statement

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more

Check out our calendar of upcoming CCSK & CCM training courses

Latest News

March 15, 2017

CSA Launches 2 New Research Working Groups with Huawei – Call for Participation

In our mission to build a more secure Cloud ecosystem, the Cloud Security Alliance (CSA) is commencing on working on 2 new research working groups together with our executive member Huawei. Cloud Component Specifications WG Looking at the current environment, there are several internationally recognized standards that guide and evaluate cloud service providers in ISMS…

March 13, 2017

Call for Participation: SaaS Governance Working Group

The Cloud Security Alliance would like to invite you to participate in the SaaS Governance Working Group. The SaaS Governance working group aims to benefit all parties in the Software-as-a-Service (SaaS) ecosystem by supporting a common understanding of SaaS related risks from the perspectives of the cloud customer and cloud service provider. We are currently…

February 27, 2017

Searching for Blockchain Co-Chair

CSA is searching for another co-chair to help lead the Blockchain / Distributed Ledger working group who is preferably from the financial side. Being a co-chair of the work group presents great opportunities such as networking and interacting closely with volunteers representing some of the top minds in information security and cloud computing. Responsibilities include:…

February 13, 2017

Cloud Security Alliance Establishes New Third-Party Consultancy Program to Ensure Best Practices in Secure Cloud Implementation

CSA Names Optiv As First Certified Provider for New Program SAN FRANCISCO, CA – February 13, 2017 – RSA Conference 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the formation of the CSA Global…

February 13, 2017

Cloud Security Alliance Releases New Software Defined Perimeter for Infrastructure-as-a-Service Research

New Report Outlines How SDP Can Be Applied to Infrastructure-as-a-Service Environments, Including Requirements, Benefits and Key Use Cases SAN FRANCISCO, CA – February 13, 2017 – RSA Conference 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment,…

February 13, 2017

Cloud Security Alliance Announces General Availability of STARWatch Cloud Security Management Application

Compliance Management SaaS Application Formally Launches Boasting More than 250 Active Users SAN FRANCISCO – February 13, 2017 – RSA Conference 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the launch of STARWatch, a…

January 25, 2017

Reviewers Needed: Security Guidance for Critical Areas of Mobile Computing

Dear Colleagues, The Mobile Working Group is updating the document entitled “Security Guidance for Critical Areas of Mobile Computing” last published in 2012. To streamline the updating process, we are opening a peer review of the 2012 document. We are looking for SMEs to provide feedback on the content or sections that need updating, deleting,…

January 25, 2017

CSA’s Mobile Working Group Seeking New Co-Chair

The Cloud Security Alliance’s Mobile Working Group is seeking new co-chairs to develop and maintain a research portfolio providing capabilities to lead the crystallization of best practices for mobile security, help industry and government on adoption of best practices, establish liaisons with other organizations in order to coordinate the development of mobile security standards, and…

See all news

Press Coverage

IT Business Edge | November 23, 2016

CSA Trials SaaS App for Assessing Cloud Security

Data Center Knowledge | November 23, 2016

Report: SaaS Dominates Cloud Usage in India

MSP Mentor | November 23, 2016

IoT and the Cloud: What to Watch Out For

The Hindu Business Line | November 23, 2016

62% companies on cloud for less than two years: survey

Business Standard | November 23, 2016

Instasafe, CSA release “State of Cloud Adoption and Security in India” survey report

Help Net Security | November 18, 2016

New infosec products of the week: November 18, 2016

RCR Wireless | November 17, 2016

Security remains significant hurdle for industry cloud efforts

Network World | November 15, 2016

Goodbye, NAC. Hello, software-defined perimeter

Executive Blog | November 15, 2016

Vormetric’s Wayne Lewandowski: Cloud Encryption Gateways Can Help Agencies Address Cloud Security Issues

Bob's Guide | November 09, 2016

How can financial services firms prevent costly cloud data breaches?

Active Telecoms | November 03, 2016

Cloud adoption by financial services in China past the tipping point

The Whir | November 02, 2016

Smart Card Alliance Calls for Stronger IoT Security in Wake of DDoS Attacks

Research and Markets | October 28, 2016

CSA’S IOT SECURITY REPORT

Security Systems News | October 26, 2016

Securing IoT

Info World | October 26, 2016

Forrester: OpenStack, AWS are today’s cloud ‘safe bets’

CSC Blogs | October 24, 2016

The Dyn DNS attacks: What we know now

Tech News World | October 13, 2016

IoT Could Become Playground for Botnets Gone Wild

The Register | October 13, 2016

Devs! Here’s how to secure your IoT network, in, uh, 75 easy pages

Government Technology Magazine | October 13, 2016

New Guide Offers Advice on Securing Internet of Things Products

Christian Science Monitor | October 13, 2016

Your home might be secretly carrying out cyberattacks

See all press

Recent Blog Posts

March 23, 2017

Brexit or Bust: What Does It Mean for Data?

By Nic Scott, Managing Director/UK, Code 42 What’s the latest on Brexit? When the UK government triggers Article 50, it will signal the start of the official two-year countdown until the UK leaves the European Union. According to UK Prime Minister Theresa May, this is still on track to happen at...

March 22, 2017

Odds Are in Quantum Encryption’s Favor

By Jane Melia, Vice President of Strategic Business Development , QuintessenceLabs and Co-chair, CSA Quantum-safe Security Working Group Image credit: Jeff Kubina No kinds of organizations have tighter security than the average casino. After all, the house always wins, and it wants to keep those winnings. A recent Wired article, however, explains how a...

March 15, 2017

Observations on CSA Summit at RSA – Part 1

By Katie Lewin, Federal Director, Cloud Security Alliance CSA Summit at RSA was a day-long session on Securing the Converged Cloud organized around presentations and panels from leading vendors such as Centrify, Veracode, Microsoft, and Netskope, as well as a talk on “Effective Cybersecurity” by Ret. Gen. Keith Alexander and a...

March 13, 2017

Preparing for the Quantum Future: Setting Global Security Standards to Make Us Quantum-Safe

By Frank Guanco, Quantum-Safe Security Working Group, Cloud Security Alliance Recently there has been an increase in the perceived threat of the quantum computer to modern cryptographic standards in widespread use. During the last year, security agencies such as the United States Government National Security Agency (NSA) and the United...

March 09, 2017

Market & Technology Readiness (MTRLs)

By Frank Khan Sullivan, Vice President/Marketing, Strategic Blue There is a need to communicate a project’s maturity to a non-technical audience. The Market & Technology Readiness Level Framework [PDF] aims to provide decision makers with a holistic view of a project’s maturity in a simple way – with a single...

March 08, 2017

Prepare for Windows 10 Migration the Gartner Way

By Jeremy Zoss, Managing Editor, Code42 It’s 2017, which means there’s a good chance your company is preparing to migrate to Windows 10. The operating system may have launched back in 2015, but this is the year that Gartner predicts enterprise adoption of the operating system will truly take off, hitting...

February 24, 2017

Is Your Industry at High Risk of Insider Threat?

By Jeremy Zoss, Managing Editor, Code42 In the movies, data theft is usually the work of outsiders. You’ve witnessed the scene a million times: A cyber thief breaks into a business, avoiding security measures, dodging guards and employees, and making off with a USB stick of valuable data seconds before he...

February 23, 2017

The Rise in SSL-based Threats

By Derek Gooley, Security Researcher, Zscaler Overview The majority of Internet traffic is now encrypted. With the advent of free SSL providers like Let’s Encrypt, the move to encryption has become easy and free. On any given day in the Zscaler cloud, more than half of the traffic that inspected uses...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Newsletter Archive

All of our past newsletters are available online for your convenience.

Read them here

Downloads

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Applied Quantum Safe Security

Applied Quantum Safe Security

Release Date: March 13, 2017

SDP for IaaS

SDP for IaaS

Release Date: February 13, 2017

Quantum Safe Security Glossary

Quantum Safe Security Glossary

Release Date: January 24, 2017

SaaS Governance Working Group Charter

SaaS Governance Working Group Charter

Release Date: January 12, 2017

Cloud Adoption and Security in India

Cloud Adoption and Security in India

The “State on Cloud Adoption and Security in 2016: India” survey was circulated in an effort to understand and evaluate cloud computing trends in India. We hope to understand cloud adoption plans and usage from different industries in India and how cloud adoption can have an impact on organization business strategies and plans. This report…

Release Date: November 22, 2016

Cloud Adoption Practices & Priorities in the Chinese Financial Sector

Cloud Adoption Practices & Priorities in the Chinese Financial Sector

We circulated the “Financial Services Industry Cloud Adoption Survey: China” survey to IT and security professionals in the Financial Services Institutions (FSIs) in China. The goal was not only to raise awareness around Cloud service adoption, but also to provide insight into how finance, government, insurance, and security decision makers take action in their organization…

Release Date: October 28, 2016

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.