CCM & CAIQ Peer Review Watch CLIC TITC Videos CSA Congress 2014 Software Defined Perimeter SAFEcode

MISSION STATEMENT

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.

Learn More
Page Dividing Line

Latest News Arrow to Content

April 24, 2014

CSA Responds to President Obama’s “Big Data” Initiative Request for Information

On January 17, 2014, President Obama called for senior government officials to lead a comprehensive review of the ways in which “big data” will affect how Americans live and work.

April 02, 2014

Cloud Security Alliance (CSA) Announces SAP Has Joined CSA as an Executive Corporate Member

SAP will participate in key research with the CSA on Horizon 2020 – the EU framework programme for research and innovation.

April 01, 2014

SIT Partners The Cloud Security Alliance In Landmark Agreement

SIT students will have the opportunity to participate in CSA events in Asia Pacific, and will be given priority placements to work with CSA during the course of their studies.

Read More News

Latest In Research Arrow to Content

April 24, 2014

Featured Research: CIRRUS

The CIRRUS project aims to provide high-level, high-impact support and coordination for European ICT security research projects. Project activities include standardization and certification schemes, integrating research projects with EU policy and strategy, internationalization, and supporting industry best practices and public private cooperation initiatives.

April 24, 2014

CSA Seeks Input on Cloud Data Protection Cert

The Cloud Security Alliance invites you to review the Cloud Data Protection Cert, a new candidate project proposed for inclusion in the CSA Research Portfolio.

April 24, 2014

Volunteer Spotlight: David Lingenfelter

David Lingenfelter is a seasoned security professional with nearly 20 years of experience in risk management, information security, compliance and policy development.

Read More Research News

top downloads Arrow to Content

Title, Description Version Release Date Download
Security Guidance
3 11/14/2011 Download
Cloud Controls Matrix
3 09/26/2013 Download
Consensus Assessments Initiative Questionnaire
1.1 09/01/2011 Download
The Notorious Nine: Cloud Computing Top Threats in 2013
1.0 02/25/2013 Download
Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union
1.0 02/25/13 Download
CSA Position Paper on AICPA Service Organization Control Reports 1.0 02/25/2013 Download
Security Guidance for Critical Areas of Mobile Computing
1.0 11/08/2012 Download
Top Threats to Mobile Computing
1.0 10/04/2012 Download
Mobile Device Management: Key Components
1.0 09/20/2012 Download
Cloud Consumer Advocacy Questionnaire and Information Survey Results (CCAQIS)
1 11/16/2011 Download
TCI Reference Architecture Model
2.0 02/25/2013 Download
SecaaS Defined Categories of Service 2011
1.0 09/26/2011 Download
GRC Stack
-- -- Download
CSA Chapter Launch Guide
1.0 --/--/2011 Download

certification Arrow to Content

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud. Learn More

Training Arrow to Content

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training. Learn More

RESEARCH INITIATIVES Arrow to Content

Security Guidance for Critical Areas of Focus in Cloud Computing
Foundational best practices for securing cloud computing.

Security Guidance for Critical Areas of Focus in Cloud Computing
Foundational best practices for securing cloud computing.

Cloud Controls Matrix
Security controls framework for cloud provider and cloud consumers

Cloud Controls Matrix
Security controls framework for cloud provider and cloud consumers

Consensus Assessments Initiative
Research tools and processes to perform consistent measurements of cloud providers

Consensus Assessments Initiative
Research tools and processes to perform consistent measurements of cloud providers

Cloud Audit
Forum in which providers can automate the Audit, Assertion, Assessment, and Assurance (A6) of IaaS, PaaS, and SaaS environments.

Cloud Audit
Forum in which providers can automate the Audit, Assertion, Assessment, and Assurance (A6) of IaaS, PaaS, and SaaS environments.

CloudCERT
Enhance the capability of the cloud community to prepare for and respond to vulnerabilities, threats, and incidents in order to preserve trust in cloud computing.

CloudCERT
Enhance the capability of the cloud community to prepare for and respond to vulnerabilities, threats, and incidents in order to preserve trust in cloud computing.

Trusted Cloud Initiative
Promote Education, Research and Certification of Secure and Interoperable Identity in the Cloud

Trusted Cloud Initiative
Promote Education, Research and Certification of Secure and Interoperable Identity in the Cloud

GRC Stack
An integrated suite of 4 CSA initiatives: CloudAudit, Cloud Controls Matrix, CAI Questionnaire, the Cloud Trust Protocol.

GRC Stack
An integrated suite of 4 CSA initiatives: CloudAudit, Cloud Controls Matrix, CAI Questionnaire, the Cloud Trust Protocol.

Cloud Trust Protocol
The mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers.

Cloud Trust Protocol
The mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers.

Health Information Managment
Provide direct influence on how health information service providers deliver secure cloud solutions to their clients.

Health Information Managment
Provide direct influence on how health information service providers deliver secure cloud solutions to their clients.

Cloud Data Governance
Understanding the requirements and needs of stakeholders on governing and operating data in the Cloud, and prioritizing and answering the key problems and questions identified by Cloud stakeholders.

Cloud Data Governance
Understanding the requirements and needs of stakeholders on governing and operating data in the Cloud, and prioritizing and answering the key problems and questions identified by Cloud stakeholders.

Security as a Service
Research for gaining greater understanding for how to deliver security solutions via cloud models.

Security as a Service
Research for gaining greater understanding for how to deliver security solutions via cloud models.

Top Threats
Provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies.

Top Threats
Provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies.

Telecom Working Group
Provide direct influence on how to deliver secure cloud solutions and foster cloud awareness within all aspects of Telecommunications.

Telecom Working Group
Provide direct influence on how to deliver secure cloud solutions and foster cloud awareness within all aspects of Telecommunications.

Innovation Initiative
The CSA Innovation Initiative is a working group within the Cloud Security Alliance (CSA) created to foster secure innovation in information technology.

Innovation Initiative
The CSA Innovation Initiative is a working group within the Cloud Security Alliance (CSA) created to foster secure innovation in information technology.

Mobile Working Group
The CSA Mobile working group will be responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point.

Mobile Working Group
The CSA Mobile working group will be responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point.

Open Certification Framework
The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers.

Open Certification Framework
The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers.

Privacy Level Agreement
This working group will create PLA templates that can be a powerful self-regulatory harmonization tool.

Privacy Level Agreement
This working group will create PLA templates that can be a powerful self-regulatory harmonization tool.

Incident Management and Forensics
Best practices for incident management and forensics in cloud environments.

Incident Management and Forensics
Best practices for incident management and forensics in cloud environments.

Legal Information Center
The CSA Legal Information Center is an expert-led community resource for global legal issues impacting cloud computing.

Legal Information Center
The CSA Legal Information Center is an expert-led community resource for global legal issues impacting cloud computing.

Page Dividing Line