MISSION STATEMENT

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.

Learn More

Latest News

April 24, 2014

CSA Responds to President Obama’s “Big Data” Initiative Request for Information

On January 17, 2014, President Obama called for senior government officials to lead a comprehensive review of the ways in which “big data” will affect how Americans live and work.

April 02, 2014

Cloud Security Alliance (CSA) Announces SAP Has Joined CSA as an Executive Corporate Member

SAP will participate in key research with the CSA on Horizon 2020 – the EU framework programme for research and innovation.

April 01, 2014

SIT Partners The Cloud Security Alliance In Landmark Agreement

SIT students will have the opportunity to participate in CSA events in Asia Pacific, and will be given priority placements to work with CSA during the course of their studies.

Latest In Research

April 24, 2014

Featured Research: CIRRUS

The CIRRUS project aims to provide high-level, high-impact support and coordination for European ICT security research projects. Project activities include standardization and certification schemes, integrating research projects with EU policy and strategy, internationalization, and supporting industry best practices and public private cooperation initiatives.

April 24, 2014

CSA Seeks Input on Cloud Data Protection Cert

The Cloud Security Alliance invites you to review the Cloud Data Protection Cert, a new candidate project proposed for inclusion in the CSA Research Portfolio.

April 24, 2014

Volunteer Spotlight: David Lingenfelter

David Lingenfelter is a seasoned security professional with nearly 20 years of experience in risk management, information security, compliance and policy development.

top downloads

Title, Description	Version	Release Date	Download
Security Guidance	3	11/14/2011	Download
Cloud Controls Matrix	3	09/26/2013	Download
Consensus Assessments Initiative Questionnaire	1.1	09/01/2011	Download
The Notorious Nine: Cloud Computing Top Threats in 2013	1.0	02/25/2013	Download
Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union	1.0	02/25/13	Download
CSA Position Paper on AICPA Service Organization Control Reports	1.0	02/25/2013	Download
Security Guidance for Critical Areas of Mobile Computing	1.0	11/08/2012	Download
Top Threats to Mobile Computing	1.0	10/04/2012	Download
Mobile Device Management: Key Components	1.0	09/20/2012	Download
Cloud Consumer Advocacy Questionnaire and Information Survey Results (CCAQIS)	1	11/16/2011	Download
TCI Reference Architecture Model	2.0	02/25/2013	Download
SecaaS Defined Categories of Service 2011	1.0	09/26/2011	Download
GRC Stack	--	--	Download
CSA Chapter Launch Guide	1.0	--/--/2011	Download

certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud. Learn More

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training. Learn More

RESEARCH INITIATIVES

Security Guidance for Critical Areas of Focus in Cloud Computing
Foundational best practices for securing cloud computing.

Security Guidance for Critical Areas of Focus in Cloud Computing
Foundational best practices for securing cloud computing.

Cloud Controls Matrix
Security controls framework for cloud provider and cloud consumers

Cloud Controls Matrix
Security controls framework for cloud provider and cloud consumers

Consensus Assessments Initiative
Research tools and processes to perform consistent measurements of cloud providers

Consensus Assessments Initiative
Research tools and processes to perform consistent measurements of cloud providers

Cloud Audit
Forum in which providers can automate the Audit, Assertion, Assessment, and Assurance (A6) of IaaS, PaaS, and SaaS environments.

Cloud Audit
Forum in which providers can automate the Audit, Assertion, Assessment, and Assurance (A6) of IaaS, PaaS, and SaaS environments.

CloudCERT
Enhance the capability of the cloud community to prepare for and respond to vulnerabilities, threats, and incidents in order to preserve trust in cloud computing.

CloudCERT
Enhance the capability of the cloud community to prepare for and respond to vulnerabilities, threats, and incidents in order to preserve trust in cloud computing.

Trusted Cloud Initiative
Promote Education, Research and Certification of Secure and Interoperable Identity in the Cloud

Trusted Cloud Initiative
Promote Education, Research and Certification of Secure and Interoperable Identity in the Cloud

GRC Stack
An integrated suite of 4 CSA initiatives: CloudAudit, Cloud Controls Matrix, CAI Questionnaire, the Cloud Trust Protocol.

GRC Stack
An integrated suite of 4 CSA initiatives: CloudAudit, Cloud Controls Matrix, CAI Questionnaire, the Cloud Trust Protocol.

Cloud Trust Protocol
The mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers.

Cloud Trust Protocol
The mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers.

Health Information Managment Working Group

Health Information Managment
Provide direct influence on how health information service providers deliver secure cloud solutions to their clients.

Health Information Managment
Provide direct influence on how health information service providers deliver secure cloud solutions to their clients.

Cloud Data Governance
Understanding the requirements and needs of stakeholders on governing and operating data in the Cloud, and prioritizing and answering the key problems and questions identified by Cloud stakeholders.

Cloud Data Governance
Understanding the requirements and needs of stakeholders on governing and operating data in the Cloud, and prioritizing and answering the key problems and questions identified by Cloud stakeholders.

Security as a Service
Research for gaining greater understanding for how to deliver security solutions via cloud models.

Security as a Service
Research for gaining greater understanding for how to deliver security solutions via cloud models.

Top Threats
Provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies.

Top Threats
Provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies.

Telecom Working Group
Provide direct influence on how to deliver secure cloud solutions and foster cloud awareness within all aspects of Telecommunications.

Telecom Working Group
Provide direct influence on how to deliver secure cloud solutions and foster cloud awareness within all aspects of Telecommunications.

Innovation Initiative
The CSA Innovation Initiative is a working group within the Cloud Security Alliance (CSA) created to foster secure innovation in information technology.

Innovation Initiative
The CSA Innovation Initiative is a working group within the Cloud Security Alliance (CSA) created to foster secure innovation in information technology.

Mobile Working Group
The CSA Mobile working group will be responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point.

Mobile Working Group
The CSA Mobile working group will be responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point.

Open Certification Framework
The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers.

Open Certification Framework
The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers.

Privacy Level Agreement
This working group will create PLA templates that can be a powerful self-regulatory harmonization tool.

Privacy Level Agreement
This working group will create PLA templates that can be a powerful self-regulatory harmonization tool.

Incident Management and Forensics
Best practices for incident management and forensics in cloud environments.

Incident Management and Forensics
Best practices for incident management and forensics in cloud environments.

Legal Information Center
The CSA Legal Information Center is an expert-led community resource for global legal issues impacting cloud computing.

Legal Information Center
The CSA Legal Information Center is an expert-led community resource for global legal issues impacting cloud computing.

Security, Trust

& Assurance Registry

STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.

STAR Information
STAR Registry Entries
STAR Submission Form

Welcome New Members

The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:

Beisen
Brightline
Unitas Global
Five9
Dropbox

View all Members

Translate CSA

Get Involved

Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing.

Upcoming Events

April 29 - May 1, 2014

Infosecurity Europe 2014

Featuring over 325 exhibitors, the most diverse range of new products and services, an unrivalled FREE education programme and 13,006 unique visitors.

Cloud Data Protection Cert Webcasts

Webcast: Peer Review of Cloud Data Protection Cert for inclusion into CSA GRC Stack Cloud Data Protection Cert is intended to be a web-based tool that presents Cloud Providers and Cloud Consumers with a tiered data sensitivity model. We are proposing that the Cloud Data Protection Cert be included as part of the CSA’s Governance,...

23 May 2014

CSA Japan Summit 2014

This event targets consumers and providers of cloud computing who together share a concern for cloud security and corporate decision making.

June 3rd 2014

Data Risk Management in Financial Services (DRMFS)

The Data Risk Management in Financial Services, 3rd of June 2014, at the London Stock Exchange brings the financial industry together to debate the threats to data security, both internal and external.

3 - 4 June 2014

ASEAN CSA Summit 2014

The industry event for IT security professionals and executives wanting to further their knowledge of cloud security. Learn More

September 16-19, 2014

CSA Congress 2014 & IAPP Privacy Academy 2014

By bringing together the IAPP’s Privacy Academy and the CSA Congress this fall we've broadened the educational and networking opportunities available for both IAPP and CSA members. Learn More

19-20 November 2014

CSA EMEA Congress 2014

The congress’s unique mix of R&D, end-user and industry audience members promises, compelling sessions, interesting discussions, networking and business opportunities throughout the event. Learn More

View all Upcoming Events

Cloud Security Readiness Tool

Take a short survey that assesses your current IT environment with regard to systems, processes, and productivity. The survey information creates a custom non-commercial report that provides recommendations on your IT state and helps you evaluate the benefits of cloud computing.

Get Started Now