CSA News

January 13, 2016

CSA Survey: 64.9% of IT Trusts the Cloud as Much or More than On-Premises Solutions

Sponsored by Skyhigh Networks, New Report Highlights Shift in Strategy Around Cloud Adoption and Security Seattle, WA – January 13, 2015 – Cloud Adoption does not have to mean opening up your organization to increased security risks and threats if the right policies are in place. That’s what the findings from a new Cloud Security…

January 13, 2016

Upcoming CloudBytes for January and February 2016

Emerging Approaches in a Cloud Connected Enterprise: Containers and Microservices Presenter: Anil Karmel, Co-Founder and CEO of C2 Labs Date: Jan 28–10:30am PT (6:30 GMT) Containers such as Docker and CoreOS Rkt deliver incredible capabilities to developers and operators and are powering the DevOps revolution in application development and deployment. Docker in particular has taken…

January 11, 2016

Cloud Security Alliance Summit 2016 Set to Kick Off RSA Conference with “Cloudifying Information Security”

Star of ABC’s Shark Tank and Former Commissioner of U.S. Securities and Exchange Commission to Serve as Featured Keynote Speakers at Annual Event San Francisco, CA – January 11, 2016 (RSA Conference 2016) – The Cloud Security Alliance (CSA) today announced its preliminary agenda for CSA Summit 2016, a full-day event being held at the RSA Conference on…

January 08, 2016

Cloud Security Alliance Announces Formation of Australia and New Zealand Regional Coordinating Body

New Body to Serve Growing Demand for Cloud Security Interest and Best Practices through Access to More Regional Activities SINGAPORE – January 8, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the formation…

December 16, 2015

CSA APAC and NCDRC sign Memorandum of Understanding (MOU)

The Cloud Security Alliance APAC and National Cyber Defense Research Centre (NCDRC) entered into a Memorandum of Understanding (MOU) on December 12, 2015. BANGALORE – December 16, 2015 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment,…

See all news

Press Coverage

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Downloads

Cloud Controls Matrix v3.0.1 (12-10-15 Update)

Cloud Controls Matrix v3.0.1 (12-10-15 Update)

New and updated mappings, consolidation of redundant controls, rewritten controls for clarity of intent, STAR enablement, and SDO alignment. For CCM-related feedback, please contact ccm-leadership@cloudsecurityalliance.org.

Release Date: December 10, 2015

Big Data Taxonomy

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Consensus Assessments Initiative Questionnaire v3.0.1

Consensus Assessments Initiative Questionnaire v3.0.1

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: July 11, 2014

Enterprise Architecture v2.0

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

The Cloud Balancing Act for IT: Between Promise and Peril

The Cloud Balancing Act for IT: Between Promise and Peril

Cloud Adoption does not have to mean opening up your organization to increased security risks and threats if the right policies are in place.

Release Date: January 13, 2016

CloudTrust Protocol Prototype Source Code

The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service customers can ask for and receive information related to the security of the services they use in the cloud, promoting transparency and trust. The source code implements a CTP server that acts as a gateway between cloud customers and cloud…

Release Date: December 10, 2015

Cloud Controls Matrix v3.0.1 (12-10-15 Update)

Cloud Controls Matrix v3.0.1 (12-10-15 Update)

New and updated mappings, consolidation of redundant controls, rewritten controls for clarity of intent, STAR enablement, and SDO alignment. For CCM-related feedback, please contact ccm-leadership@cloudsecurityalliance.org.

Release Date: December 10, 2015

International Standardization Council Policies & Procedures

In today’s technological environment, standards play a critical role in product development and market competitiveness. Every input, behavior, and action has both a contributory and a potential legal consequence. These procedures help protect the International Standardization Council (ISC or Council) participants and the CSA by establishing the necessary framework for a sound process.

Release Date: October 15, 2015

Cloud Forensics Capability Maturity Model

Release Date: October 12, 2015

CloudTrust Protocol Data Model and API

The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service customers can ask for and receive information related to the security of the services they use in the cloud, promoting transparency and trust. This document focuses on the definition of the CTP Data Model and Application Programing Interface.

Release Date: October 09, 2015

What is Post-Quantum Cryptography

Release Date: September 28, 2015

What is Quantum Key Distribution?

The security of QKD relies on fundamental laws of nature, which are invulnerable to increasing computational power, new attack algorithms or quantum computers. It is secure against the most arbitrarily powerful eavesdroppers.

Release Date: August 05, 2015

Cloud Computing Market Maturity

Cloud Computing Market Maturity

This white paper reports the results of a recent study conducted by ISACA and the Cloud Security Alliance to examine cloud market maturity through four lenses: cloud use and satisfaction level, expected growth, cloud-adoption drivers, and limitations to cloud adoption.

Release Date: July 15, 2015

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.