Latest News

August 08, 2016

Cloud Security Alliance Announces Strong Line Up of Trainings and Working Group Sessions Scheduled for Privacy. Security. Risk. 2016 Conference

Presented by CSA Congress and IAPP Privacy Academy, Event to Provide Forum for Professionals to Expand Education and Collaborative Work in IoT, Containerization, Privacy Audits, Threat Intelligence and Privacy Risk Analysis San Jose, CA – August 8, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of…

July 28, 2016

Research Brief: Cloud Security Alliance Mobile Working Group Releases Mobile Application Testing Initiative Report

New Effort to Help Organizations and Individuals Reduce Possible Risk Exposure and Security Threats in Using Mobile Applications Seattle, WA – July 28, 2016 – The Cloud Security Alliance (CSA) today announced the release of a new whitepaper from the CSA Mobile Working Group on a new initiative to support the mobile application security testing community….

July 07, 2016

Mobile Application Security Testing releases its white paper.

The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications. MAST aims define a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and…

July 07, 2016

NEW! Quantum Safe Security Awareness Survey

Quantum Safe Security Awareness Survey The goal of this survey is to collect information from security professionals on their awareness of quantum safe issues and the approaches that can be used to address them. The results of the survey will be disseminated by the CSA and will be available on the Quantum Safe Security Working…

July 06, 2016

Google’s Gerhard Eschelbeck to Keynote at Cloud Security Alliance Congress US at Privacy.Security.Risk Conference

Registration Now Open for the Industry’s Premier Gathering for Cloud Education and Best Practices San Jose, CA – July 6, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that Gerhard Eschelbeck, Vice President,…

June 27, 2016

Cloud Security Alliance Issues New Paper on Understanding Quantum Random Number Generators

The Cloud Security Alliance (CSA) today announced the availability of a new research brief from the Quantum-Safe Security (QSS) Working Group titled Quantum Random Number Generators, a whitepaper that looks to detail the impact of randomness on security in an effort to develop the building blocks for effective encryption. Quantum computing, which involves joining the…

June 07, 2016

Data Privacy and Digital Transformation Survey in English, Español, and Português

Prizes include: 10 CCSK Tokens, 100 $20 Amazon Gift Cards, and a Ring Video Doorbell. Data Privacy and Digital Transformation Cloud-based technologies are driving digital transformation, but new data privacy regulations are hampering adoption. We’d like to understand how you and your organization are balancing this dynamic. Participate Now Privacidade de Dados e Transformação Digital…

June 01, 2016

Open Peer Review: Application Containers and Microservices Charter

The CSA encourages its community to provide feedback in order to help identify any critical areas which may be missing in this document’s focus as it regards to scope, deliverables/activities, and mission. The open review and comments period starts today and ends on Friday, July 1, 2016. We appreciate your feedback. Contribute now

See all news

Press Coverage

Cloud Security Resource | June 20, 2016

It’s Time to Secure that Cloud…but What Skills Do You Need?

MSP Mentor | June 17, 2016

Cloud 101: Setting Customer Expectations

Business Reporter | June 15, 2016

#DSCloud16: Firms must take an evidence-based approach to cloud security

InfoSecurity Magazine | June 14, 2016

Ransomware Tunes into Smart TVs

SC Magazine | June 02, 2016

“Children are dying” due to restrictions on data, warns cloud expert

Biz Report | June 01, 2016

Top 4 tips to secure your business in the cloud

Network World | June 01, 2016

Software-defined Perimeter (SDP) Essentials

RCR Wireless | May 31, 2016

ICSA Labs to roll out IoT security testing certification

Security Intelligance | May 27, 2016

2016 Security Conferences: Infosecurity Europe

Baseline | May 27, 2016

Cloud Deployments Grow Despite Security Concerns

Security News Desk | May 27, 2016

Certes Networks shrinks the attack surface at Infosecurity Europe

Securosis Blog | May 24, 2016

Incident Response in the Cloud Age: More Data, No Data, or Both?

Computer News Middle East | May 23, 2016

eHDF enhances its Public Cloud portal

The Straits Times | May 23, 2016

Smart Nation push to see $2.8b worth of tenders this year

Security Brief | May 18, 2016

Waikato University takes on Kiwi cyber security

Vanilla Plus | May 17, 2016

Prpl Foundation to give keynote at Cloud Security Alliance at the Cloud Security Summit in Milan

Government Computer News | May 12, 2016

Scott stresses the IT changes a $3.1B revolving fund could bring

CIO | May 10, 2016

Why banks are finally cashing in on the public cloud

FierceBigData | May 09, 2016

Open source prpl Foundation publishes peer-reviewed IoT security guide

Securosis Blog | May 09, 2016

Updates to Our Black Hat Cloud Security Training Classes

See all press

Recent Blog Posts

August 22, 2016

Which Approach Is Better When Choosing a CASB? API or Proxy? How About Both?

By Bob Gilbert, Vice President/Product Marketing, Netskope There have been recent articles and blog posts arguing that the API approach is better than the proxy approach when it comes to selecting a cloud access security broker (CASB). The argument doesn’t really make sense at all. Both surely have their advantages...

August 19, 2016

Five Scenarios Where Data Visibility Matters—A Lot

By Charles Green, Systems Engineer, Code42 In case you were off enjoying a well-deserved summer holiday and are, like I am, a firm believer in disconnecting from the world while on holiday, you might have missed the recent hacker document dump of the U.S. Democratic National Committee (DNC) emails. Personal...

August 11, 2016

CISOs: Do You Have the Five Critical Skills of a DRO?

By Mark Wojtasiak, Director of Product Marketing, Code42 CISOs exploring career advancement opportunities have a new consideration, according to Gartner VP and Distinguished Analyst Paul Proctor. At a Gartner Security & Risk Management Summit presentation in June, Proctor talked about the evolution of a new enterprise role, which is a...

August 11, 2016

API vs. Proxy: How to Get the Best Protection from Your CASB

By Ganesh Kirti, Founder and CTO, Palerra Cloud Access Security Broker (CASB) software has emerged to help IT get its arms around the full cloud security situation. CASBs are security policy enforcement points between cloud service users and one or more cloud service providers. They can reside on the enterprise’s...

August 05, 2016

Ransomware Growing More Common, More Complex; Modern Endpoint Backup Isn’t Scared

By Susan Richardson, Manager/Content Strategy, Code42 The growing ransomware threat isn’t just about more cybercriminals using the same cryptoware tools. The tools themselves are rapidly growing more sophisticated—and more dangerous. Ransomware growing exponentially, with no signs of slowing A new report from InformationWeek’s Dark Reading highlights key trends in the ransomware...

August 03, 2016

Take-aways from the 2016 Gartner Magic Quadrant for Secure Web Gateways

By Atri Chatterjee, CMO, Zscaler Today’s smart enterprises, regardless of size, should be looking at a Secure Web Gateway (SWG) as part of their defense-in-depth security strategy. In Gartner’s opinion, if you aren’t using an SWG, you are in all likelihood leaving a hole in your enterprise security strategy. Firewalls...

July 25, 2016

A Game of Pwns: A Storm of (Pas)swords

By Jacob Ansari, Manager, Schellman Despite their perpetual status as old news, passwords and their security weaknesses continue to make headlines and disrupt security in ever-expanding ways, and the usual advice about better protection continues to go unheeded or, more worryingly, fails to address the threats any longer. As attacks continue to...

July 22, 2016

Modern Endpoint Backup Sees Data Leak Before It Hurts

By Ann Fellman, Vice President/Marketing and Enterprise Product Marketing Director, Code42 Picture this: You’re enjoying a beautiful summer Saturday, watching your kid on the soccer field, when your phone rings. It’s work. Bummer. “Hi, this is Ben from the InfoSec team. It appears that John Doe, whose last day is next...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Newsletter Archive

All of our past newsletters are available online for your convenience.

Read them here

Downloads

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1

Consensus Assessments Initiative Questionnaire v3.0.1

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Mitigating Risk Survey Report

Mitigating Risk Survey Report

Release Date: August 17, 2016

Re-Think Security

Release Date: July 15, 2016

Mobile Application Security Testing

Mobile Application Security Testing

The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications. MAST aims define a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and…

Release Date: June 30, 2016

Quantum Random Number Generators

Quantum Random Number Generators

A random number is generated by a process whose outcome is unpredictable, and which cannot be reliably reproduced. Randomness, quantitatively measured by entropy, is the measure of uncertainty or disorder within a set of data. The higher the level of unpredictability, the more random the data is and the more valuable it becomes, particularly for…

Release Date: June 09, 2016

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Identity Security Survey Report

Identity Security Survey Report

Release Date: April 19, 2016

CSA STAR Program & Open Certification Framework in 2016 and Beyond

CSA STAR Program & Open Certification Framework in 2016 and Beyond

The Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) program is the industry’s leading trust mark for cloud security. The CSA Open Certification Framework (OCF) is a program for flexible, incremental and multi-layered CSP certifications according to the CSA’s industry leading security guidance. The OCF/STAR program comprises a global cloud computing assurance framework…

Release Date: April 12, 2016

Mobile Application Security Testing Initiative Revised Charter

Mobile Application Security Testing Initiative Revised Charter

Mobile applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing. The Mobile Application Security Testing initiative will aim to create a safer cloud ecosystem for mobile applications by creating systematic approaches to application…

Release Date: March 14, 2016

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.