Latest News

April 28, 2016

Cloud Security Alliance Announces World Class Speaker Line Up for Second Annual Federal Summit

Program to Feature Insights and Perspectives into the Federal Government Cloud Strategy and Use of Cloud Services along with Best Practices to Ensure Cloud Security in Regulatory Environments Washington, DC – April 28, 2016 – The Cloud Security Alliance (CSA) today announced a world-class line up of speakers and presentations for its second annual Cloud Security Alliance Federal…

April 25, 2016

Cloud Security Alliance Announces Speakers and Presentations for Upcoming SecureCloud 2016 Conference

Leaders from Intel, Microsoft, Forrester Research and NIST Among Presenters at Upcoming Premiere European Cloud Security Event DUBLIN, IRELAND – April 25, 2016 – The Cloud Security Alliance (CSA), in collaboration with Fraunhofer FOKUS and ENISA, today announced the presentations and speaker line up for the upcoming SecureCloud conference. The SecureCloud 2016 conference is scheduled for…

April 22, 2016

NEW! Mitigating Risk for Cloud Apps Survey.

Time: 15 minutes Prizes: 10 CCSK Tokens Closing Date: May 23rd Participate Now Abstract: Current state of SaaS security – with several years of cloud adoption in many organizations, approaches to security have been evolving rapidly. The purpose of this survey is to look at the specific concerns, policies, and controls that enterprises are using….

April 21, 2016

Cloud Security Alliance to Offer CCSK ‘Train the Trainer’ Course in Milan

Three-day course to be held in conjunction with Cloud Security Summit 2016 The Cloud Security Alliance (CSA) is pleased to announce that it will host its CCSK Train the Trainer course in Milan (May 17 and 18-19) at the ITWAY Academy as part of the Cloud Security Summit 2016. Conducted by recognized international CCSK trainer…

April 20, 2016

Open Peer Review: Cloud Data Center Security Working Group Charter

The Cloud Security Alliance would like to invite you to review and comment on a proposed Cloud Data Center Security Working Group Charter. The focus of the Cloud Data Center Security working group is to develop and maintain a research portfolio providing capabilities to assist the cloud provider industry in enhancing their Data Centers’ security….

April 20, 2016

CloudBytes Webinars in May

We have several interesting webinars coming up in May! Meeting international requirements and leveraging CSA STAR for supply chain management John DiMaria of BSI May 4th–10am PST Improve CX, Productivity, Revenues and Security with Identity Coherence Steve Tout of Forte Advisory May 5th–9am PST Risk-based Security Webinars: Risky Business: Key Cloud Security Metrics…

April 13, 2016

Open Survey: Defeating Insider Threats

We have a new survey entitled “Defeating the Insider Threat and Shoring up the Data Security Lifecycle“ Participate now Time: 10-15 minutes Prizes: 5 CCSK Tokens Goal of the Survey: Everything we know about defeating the insider threat seems not to be solving the problem. In fact, evidence from the Deep and Open Web points…

March 31, 2016

Cloud Security Alliance Releases Results of Software-Defined Perimeter Hackathon

CSA, The World’s Leading Cloud Organization Collaborated with Verizon and Vidder To Validate Security and Feasibility of High Availability Public Cloud Architecture at Fourth Annual CSA Hackathon at the RSA Conference 2016 SEATTLE, WA – March 31, 2016 – The Cloud Security Alliance (CSA), today released The Software Defined Perimeter (SDP) Hackathon #4 Report: High…

See all news

Press Coverage

PCR | April 14, 2016

Intel report reveals ‘critical’ need for improved trust to advance cloud adoption

VMBlog | April 14, 2016

Intel Security Report Shows Majority of IT Budgets Will Focus on Cloud, Indicates Need for Education on the Value of Cloud and How to Secure It | April 14, 2016

Business needs education in cloud value and security, study shows

FierceITSecurity | April 14, 2016

IoT cybersecurity will be the next big thing, predicts ABI

FedScoop | April 14, 2016

For cloud adoption to grow, so must trust — report | April 14, 2016

Enterprises stick with private cloud systems

Channel Partners | April 14, 2016


TechWeek Europe | April 14, 2016

UK Cloud Adoption Slower Than US, Brazil, and Australia

Silicon Republic | April 13, 2016

As more people trust the cloud, the more reason to secure it

VentureBeat | April 13, 2016

IT budgets focus on cloud, but it has to be more secure | April 13, 2016

EU watchdog rejects Safe Harbor replacement – where does this leave your business?

Wha Tech | April 12, 2016

The rise of shadow IT

Cloud Security Resource | March 31, 2016

Noted CISSP Cites Need for Certified Cloud Security Professional (CCSP) Certification

Cloud Tweaks | March 30, 2016


Computer Business Review | March 29, 2016

Clouds lifting: a brighter public sector security outlook ahead?

Information Management | March 28, 2016

The 12 Top Treacherous Cloud Computing Threats

Security Intelligence | March 22, 2016

Security Challenges With the Virtual Network: Part II

Cyber Security Trend | March 16, 2016

(ISC)2 CEO David Shearer Discusses Cyber Security Trends and Need for Certified Professionals

Straits Times Singapore | March 15, 2016

Plans for all Singaporeans to get new e-IC for online transactions on the cards

CRN | March 10, 2016

Resellers cite ransomware as top threat in CRN Security Summit

See all press

Recent Blog Posts

April 27, 2016

10 Key Questions to Answer Before Upgrading Enterprise Software

By Rachel Holdgrafer, Business Content Strategist, Code42 The evolution of software has made possible things we never dreamed. With software upgrades come new competencies and capabilities, better security, speed, power and often disruption. Whenever something new enters an existing ecosystem, it can upset the works. The cadence of software upgrades in...

April 26, 2016

Survey of IT Pros Highlights Lack of Understanding of SaaS Data Loss Risks

By Melanie Sommer, Director of Marketing, Spanning by EMC Recently, Spanning – an EMC company and provider of backup and recovery for SaaS applications – announced the results of a survey* of over 1,000 IT professionals across the U.S. and the U.K. about trends in SaaS data protection. It turns...

April 25, 2016

Can a CASB Protect You From the Treacherous 12?

By Ganesh Kirti, Founder and CTO, Palerra Many frequently asked questions related to cloud security have included concerns about compliance and insider threats. But lately, a primary question is whether cloud services are falling victim to the same level of external attack as the data center. With Software as a...

April 21, 2016

The Panama Papers, Mossack Fonseca and Security Fundamentals

By Matt Wilgus, Practice Director, Schellman The release of details contained in the Panama Papers will be one of the biggest news stories of the year. The number of high-profile individuals implicated will continue to grow as teams comb through the 11.5 million documents leaked from Mossack Fonseca, a Panamanian law firm....

April 20, 2016

May the Fourth Be with EU

Data Privacy Gets a Stronger Light Saber By Nigel Hawthorn, EMEA Marketing Director, Skyhigh Networks On April 14, 2016, the EU Parliament passed the long-awaited new EU rules for personal data protection (GDPR). Everyone who holds or processes data on individuals in the 28 countries of the EU has until Star Wars Day 2018...

April 20, 2016

WP29: Thumbs Down to Draft EU-US Privacy Shield

By  Françoise Gilbert,Global Privacy and Cybersecurity Attorney, Greenberg Traurig In a 58-page opinion published April 13, 2016, the influential European Union Article 29 Working Party (WP29), which includes representatives of the data protection authorities of the 28 EU Member States, expressed significant concerns with respect to the terms of the proposed EU-US...

April 19, 2016

BYOD Stalled? Three Tips to Get It Going

By Susan Richardson, Manager/Content Strategy, Code42 Despite some surveys that say Bring Your own Device (BYOD) is growing, the CyberEdge Group’s recently released 2016 Cyberthreat Defense Report found that enterprise BYOD programs have stalled. Only one-third of respondents this year had implemented a BYOD policy—the same as two years ago. And...

April 12, 2016

Panama Papers Expose Data Security Deficiencies in Law Firms

By Rick Orloff, Chief Security Officer, Code42 The unprecedented leak of 11.5 million files from the database of the world’s fourth biggest offshore law firm is riveting. As details continue to emerge about the Panama Papers leak, the money laundering and secretive tax regimes and high-profile clientele make for a juicy...

Read the blog


CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more


CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Newsletter Archive

All of our past newsletters are available online for your convenience.

Read them here


Consensus Assessments Initiative Questionnaire v3.0.1

Consensus Assessments Initiative Questionnaire v3.0.1

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Cloud Controls Matrix v3.0.1 (1-21-16 Update)

Cloud Controls Matrix v3.0.1 (1-21-16 Update)

New and updated mappings, consolidation of redundant controls, rewritten controls for clarity of intent, STAR enablement, and SDO alignment. For CCM-related feedback, please contact

Release Date: December 10, 2015

Big Data Taxonomy

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Identity Security Survey Report

Identity Security Survey Report

Release Date: April 19, 2016

CSA STAR Program & Open Certification Framework in 2016 and Beyond

CSA STAR Program & Open Certification Framework in 2016 and Beyond

The Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) program is the industry’s leading trust mark for cloud security. The CSA Open Certification Framework (OCF) is a program for flexible, incremental and multi-layered CSP certifications according to the CSA’s industry leading security guidance. The OCF/STAR program comprises a global cloud computing assurance framework…

Release Date: April 12, 2016

Cloud Controls Matrix v3.0.1 (3-18-16 Update)

Cloud Controls Matrix v3.0.1 (3-18-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: March 18, 2016

Mobile Application Security Testing Initiative Revised Charter

Mobile Application Security Testing Initiative Revised Charter

Mobile applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing. The Mobile Application Security Testing initiative will aim to create a safer cloud ecosystem for mobile applications by creating systematic approaches to application…

Release Date: March 14, 2016

Defining Categories of Security as a Service: Continuous Monitoring

Defining Categories of Security as a Service: Continuous Monitoring

In order to improve the understanding of Security as a Service and accelerate market acceptance, clear categorization and definitions of these services is necessary. This document provides a high overview of the business and technical elements needed to evaluate the risks associated with the category of Continuous Monitoring.

Release Date: February 29, 2016

‘The Treacherous Twelve’ Cloud Computing Top Threats in 2016

‘The Treacherous Twelve’ Cloud Computing Top Threats in 2016

“The Treacherous 12 – Cloud Computing Top Threats in 2016” plays a crucial role in the CSA research ecosystem. The purpose of the report is to provide organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies. The report reflects the current consensus among…

Release Date: February 29, 2016

Security Position Paper – Network Function Virtualization

Security Position Paper – Network Function Virtualization

This white paper discusses some of the potential security issues and concerns, and offers guidance for securing a Virtual Network Function (NFV) based architecture, whereby security services are provisioned in the form of Virtual Network Functions (VNFs).

Release Date: February 29, 2016

State of Cloud Security 2016

State of Cloud Security 2016

Cloud computing is an incredible innovation. While at its heart a simple concept, the packaging of compute resources as an on demand service is having a fundamental impact on information technology with far reaching consequences. Cloud is disrupting most industries in a rapid fashion and is becoming the back end for all other forms of…

Release Date: February 27, 2016

Security as a Service Working Group Charter

Security as a Service Working Group Charter

Release Date: February 12, 2016

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.