Latest News

01/14/2019

New Cloud Security Alliance Study Finds Cybersecurity Incidents and Misconceptions Both Increase as Critical ERP Systems Migrate to Clouds

Seattle, WA – January 11, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released the findings from the first research survey on “Enterprise Re...

12/20/2018

Cloud Security Alliance, National Technology Security Coalition Release “Streamlining Vendor IT Security and Risk Assessments” Whitepaper

Report advocates for a new approach to how organizations manage risks, achieve assurance, and enable trust in the cloudSEATTLE – Dec. 20, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure...

12/10/2018

Cloud Security Alliance Announces 2018 Ron Knode Service 
Award Recipients

Volunteers recognized for dedication, efforts to furthering cloud security best practicesORLANDO – Dec. 11, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment...

12/10/2018

Cloud Security Alliance to Develop Holistic Cloud Incident Response Whitepaper

Singapore – 11 December, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, will be developing a holistic Cloud Incident Response Whitepaper. The framework wi...

12/04/2018

​Cloud Security Alliance and OneTrust Launch Free Vendor Risk Management Tool for CSA Members

The CSA-OneTrust VRM tool is pre-populated with templates reproducing the CSA's best practices for cloud security and privacy assurance and compliance, including the Cloud Control Matrix (CCM), the Consensus Assessment Initiative Questionnaire (CAIQ) and GDPR Code of Conduct.

11/26/2018

International Effort with Collaboration Between Cloud Security Alliance and Huawei Culminated in International Standard ISO/IEC 21878

Singapore – November 26, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is pleased to announce that the international standard ISO/IEC 21878 – Security Gu...

11/15/2018

Cloud Security Alliance’s CCSK Wins Cyber Defense Global Award for Leader Cybersecurity Training

SEATTLE, WA – Nov. 16, 2018– The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that its Certificate of Cloud Security Knowledge (CCSK), the first cr...

10/10/2018

Cloud Security Alliance Releases Guidelines on Effectively Managing Security Service in the Cloud

Newest paper offers clearly defined security responsibilities for vendors, customers across various cloud-service modelsSINGAPORE – October 11, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a...

09/27/2018

Cloud Security Alliance Establishes New European Headquarters, GDPR Center of Excellence in Berlin

Berlin, Germany – Sept. 27, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced that in response to rapid membership growth throughout the...

09/25/2018

Cloud Security Alliance Announces Speakers, Sessions 
for 8th Annual CSA Congress

Keynote presenters from the United Nations, Turners Broadcasting, Qualys and Arizona State to discuss global governance, the threat landscape and security innovations that address new cloud security frontiers Seattle, WA – Sept. 25, 2018 – The Cloud Security Alliance (CSA), the world’s lead...

See all news

Press Coverage

Continuity Central.com |January 17, 2019

Cyber security incidents and misconceptions both increase as critical ERP systems migrate to the cloud

eWeek |January 17, 2019

Report Looks at Security Misconceptions of Moving ERP to Cloud

InfoWorld |January 16, 2019

ERP cloud migration and its complexities

https://www.infoworld.com/article/3332926/cloud-computing/what-you-must-know-about-moving-erp-to-the-cloud.html#jump |January 15, 2019

What you must know about moving ERP to the cloud

Cybersecurity Incidents and Misconceptions Increase as Critical ERP Systems Migrate to Clouds |January 15, 2019

BW BusinessWorld

BW BusinessWorld |January 15, 2019

Cybersecurity Incidents and Misconceptions Increase as Critical ERP Systems Migrate to Clouds

IoT Innovator |January 14, 2019

Cloud Security Alliance Study Reveals Rise in Cybersecurity Incidents and Misconceptions as Critical ERP Systems Migrate to Clouds

Security Week |January 14, 2019

Security Expectations and Mis-Conceptions in Migrating ERP to the Cloud

HelpNet Security |January 14, 2019

Most organizations are migrating data for ERP apps to the cloud

Diginomica |January 14, 2019

Cloud ERP taking off but confusion persists around security and control topics

Health Data Management |January 14, 2019

How to address the skills gap in cloud security

Cloud Tech |January 14, 2019

Cloud Security Alliance: Cloud ERP making waves but caution persists around security

TechBizWeb |January 14, 2019

Security Expectations and Mis-Conceptions in Migrating ERP to the Cloud

DevOps |January 11, 2019

New Cloud Security Alliance Study Finds Cybersecurity Incidents and Misconceptions Both Increase as Critical ERP Systems Migrate to Clouds

Politico |January 11, 2019

Incoming NASS leader rejects Democrats’ election security bill

Health Data Management |January 11, 2019

Concern for security of data in the cloud worries IT execs

eWeek |January 11, 2019

The Security Challenges of Moving ERP to the Cloud

Dark Reading |January 11, 2019

Who Takes Responsibility for Cyberattacks in the Cloud?

TechRepublic |January 11, 2019

69% of enterprises moving business-critical applications to the cloud

Tech Target |January 10, 2019

What is a software-defined perimeter, and do I need it?

See all press coverage

Recent Blog Posts

December 17, 2018

Addressing the Skills Gap in Cloud Security Professionals

By Ryan Bergsma, Training Program Director, CSA One of the math lessons that has always stuck with me from childhood is that if you took a penny and doubled it every day for a month,  it would make you a millionaire. In fact, it wouldn’t even take the whole month, you would be a millionaire on […]


December 7, 2018

Keeping Your Boat Afloat with a Cloud Access Security Broker

By Prasidh Srikanth, Senior Product Manager, Bitglass If you were on a sinking ship that was full of holes of various sizes, which ones would you patch first? Probably the big ones. Now, consider this: As an enterprise, you’ve been successfully sailing and securing your corporate data on premises for some time. However, now you’re migrating […]


December 6, 2018

Development of Cloud Security Guidance, with Mapping MY PDPA Standard to CCM Control Domains, Jointly Developed by MDEC and CSA

By Ekta Mishra, Research Analyst/APAC, Cloud Security Alliance The Cloud Security Alliance Cloud Controls Matrix (CCM) provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the CSA CCM rest on its customized relationship to other industry-accepted […]


December 4, 2018

OneTrust and Cloud Security Alliance Partner to Launch Free Vendor Risk Tool for CSA Members

By Gabrielle Ferree, Public Relations and Marketing Manager, OneTrust OneTrust is excited to announce that we have partnered with Cloud Security Alliance to launch a free Vendor Risk Management (VRM) tool. The tool, available to CSA members today, automates the vendor risk lifecycle for compliance with the GDPR, CCPA and other global privacy frameworks. Get started […]


December 3, 2018

Typical Challenges in Understanding CCSK and CCSP: Technology Architecture

By Peter HJ van Eijk, Head Coach and Cloud Architect, ClubCloudComputing.com As cloud computing is becoming increasingly mainstream, more people are seeking cloud computing security certification. Because I teach prep courses for the two most popular certifications—the Certificate of Cloud Security Knowledge (CCSK), organized by the Cloud Security Alliance (CSA), and the Certified Cloud Security […]


November 30, 2018

Bitglass Security Spotlight: US Government Breaches Abound

By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity headlines of recent weeks: —Healthcare.gov breached —US weapons systems contain cybersecurity gaps —Over 35 million US voter records for sale —National Guard faces ransomware attack Healthcare.gov breached 75,000 people had their personal details stolen when hackers breached a government system that is frequently used […]


November 30, 2018

Cloud Threat Report: Emotet, Dridex, Mylobot Malware Activity – Week of 11/26

By Curtis Jordan, Lead Security Engineer, TruSTAR In TruSTAR, we see that Emotet has been on the rise, particularly over the last two weeks. Also, because of crossover with Dridex C&C servers, we’re seeing an increase in Dridex activity as well. Another piece of malware to be on the lookout for is Mylobot. Mylobot is a highly sophisticated […]


November 27, 2018

Documentation of Distributed Ledger Technology and Blockchain Use

By Ashish Mehta, Co-chair, CSA Blockchain/Distributed Ledger Working Group CSA’s newest white paper, Beyond Cryptocurrency: Nine Relevant Blockchain and Distributed Ledger Technology (DLT) Use Cases, aims to identify wider use cases for both technologies beyond just cryptocurrency, an area with which both technologies currently have the widest association. In the process of outlining several use […]


November 26, 2018

How to Do the Impossible and Secure BYOD

By Will Houcheime, Product Marketing Manager, Bitglass The use of cloud tools in the enterprise is becoming increasingly common, enabling employees to collaborate and work incredibly efficiently. On top of this, when employees are allowed to work from their personal devices (known as bring your own device or BYOD), it makes it even easier for them to […]


November 23, 2018

Fixing Your Mis-Deployed NGFW

By Rich Campagna, Chief Marketing Officer, Bitglass The Firewall/Next-Gen Firewall has been the cornerstone of information security strategy for decades now. The thing is, changes in network traffic patterns have resulted in most firewalls protecting a smaller and smaller percentage of enterprise network traffic over time. This post will illustrate the root cause of these firewall mis-deployments, […]


Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Research Artifacts

CCM v3.0.1 Addendum - BSI Germany C5 v1

CCM v3.0.1 Addendum - BSI Germany C5 v1

This document is an addendum to the Cloud Controls Matrix (CCM) V3.0.1 controls. It contains the additional controls that serves to bridge the gap between CCM and the German Federal Office for Information Security (BSI) Compliance Controls Catalogue (C5).

Release Date: 01/18/2019
CCM v3.0.1 Addendum - ISO 27002 27017 27018 v1.1

CCM v3.0.1 Addendum - ISO 27002 27017 27018 v1.1

This document is an addendum to the Cloud Controls Matrix (CCM) V3.0.1 controls. It contains the additional controls that serves to bridge the gap between CCM and ISO/IEC 27002:2013, ISO/IEC 27017:2015 and ISO/IEC 27018:2014.

Release Date: 01/18/2019
Enterprise Resource Planning and Cloud Adoption

Enterprise Resource Planning and Cloud Adoption

The “Impact of Cloud on ERP” survey report was designed to assess the impact of ERP solutions on organizations and better understand cloud preparation and data migration needs to implement ERP solutions in the cloud. Features and benefits gained, security and privacy challenges, and time to deploy for an ERP Solution in a cloud environment were explored.

Release Date: 01/11/2019
Cloud Incident Response Charter

Cloud Incident Response Charter

To develop a holistic Cloud Incident Response (CIR) framework that comprehensively covers key causes of cloud outages (both security and non-security related), and their handling and mitigation strategies.

Release Date: 01/10/2019
Guideline on Effectively Managing Security Service in the Cloud

Guideline on Effectively Managing Security Service in the Cloud

This initiative aims to develop a research whitepaper, focusing on building up a cloud security services management platform. This whitepaper will serve as a guideline for cloud service providers to secure its cloud platform and provide cloud security services to cloud users, for cloud users to select security qualified cloud service providers, for security vendors to develop their cloud-based security products and services.

Release Date: 01/04/2019
Streamlining Vendor IT Security and Risk Assessments

Streamlining Vendor IT Security and Risk Assessments

A perspective on standards-based assurance of Cloud Providers.

Release Date: 12/09/2018
Blockchain DLT Use Cases

Blockchain DLT Use Cases

Thanks to the rise in popularity of Bitcoin cryptocurrency, the innovative technologies of Blockchain and other systems of distributed ledger technology (DLT) have proven their ability to increase security of data during transactions and provide immutable long-term data storage.

Release Date: 11/27/2018
Cloud Controls Matrix v3.0.1 (11-12-18 Update)

Cloud Controls Matrix v3.0.1 (11-12-18 Update)

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Working Group has released a minor update for the CCM v3.0.1. This update incorporates mappings to IEC 62443-3-3 and BSI Compliance Controls Catalogue (C5). File attached.

Release Date: 11/12/2018
CCM v3.0 - Chinese Translation

CCM v3.0 - Chinese Translation

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud customers seeking to assess the overall security risk of a cloud service. The CSA CCM provides a detailed controls framework that is aligned with Cloud Security Alliance’s Security Guidance in 16 domains.

Release Date: 10/19/2018
Top Threats to Cloud Computing: Deep Dive

Top Threats to Cloud Computing: Deep Dive

This case study attempts to connect all the dots when it comes to security analysis by using nine anecdotes cited in the Top Threats for its foundation. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart’s format provides an attack-style synopsis of the actor, spanning from threats and vulnerabilities to end controls and mitigations. We encourage architects and engineers to use this information as a starting point for their own analysis and comparisons.

Release Date: 08/08/2018
Cloud Security Alliance Code of Conduct for GDPR Compliance

Cloud Security Alliance Code of Conduct for GDPR Compliance

The CSA Code of Conduct is designed to offer both a compliance tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider.

Release Date: 07/10/2018
Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Description: The CAIQ is based upon the CCM and provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix.

Release Date: 10/12/2017
Cloud Controls Matrix v3.0.1 (9-1-17 Update)

Cloud Controls Matrix v3.0.1 (9-1-17 Update)

Description: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.

Release Date: 10/03/2017
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

The rise of cloud computing as an ever-evolving technology brings with it a number of opportunities and challenges. With this document, we aim to provide both guidance and inspiration to support business goals while managing and mitigating the risks associated with the adoption of cloud computing technology.

Release Date: 07/26/2017