Latest News

June 07, 2016

Data Privacy and Digital Transformation Survey in English, Español, and Português

Prizes include: 10 CCSK Tokens, 100 $20 Amazon Gift Cards, and a Ring Video Doorbell. Data Privacy and Digital Transformation Cloud-based technologies are driving digital transformation, but new data privacy regulations are hampering adoption. We’d like to understand how you and your organization are balancing this dynamic. Participate Now Privacidade de Dados e Transformação Digital…

June 01, 2016

Open Peer Review: Application Containers and Microservices Charter

The CSA encourages its community to provide feedback in order to help identify any critical areas which may be missing in this document’s focus as it regards to scope, deliverables/activities, and mission. The open review and comments period starts today and ends on Friday, July 1, 2016. We appreciate your feedback. Contribute now

May 26, 2016

Open Surveys: Mitigating Risk for Cloud Apps and IT Security in the Age of Cloud

We have two surveys open. If you have a few minutes and would like to win some cool prizes, consider taking our surveys. Mitigating Risk for Cloud Apps Time: 10-15 minutes Prizes: 10 CCSK tokens and a fun new prize will be added shortly Abstract: Current state of SaaS security – with several years of…

May 26, 2016

Open Peer Review – Big Data Security and Privacy Handbook: 100 Best Practices in Big Data Security and Privacy

The Cloud Security Alliance would like to invite you to review and comment on the Big Data working group’s latest document, Big Data Security and Privacy Handbook: 100 Best Practices in Big Data Security and Privacy. This document lists out in detail the best practices that should be followed by big data service providers to…

May 16, 2016

Cloud Security Alliance Asia Pacific Hosts Its 5th Annual CSA APAC Summit

SINGAPORE – May 11, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, announced today that it hosted its 5th annual CSA APAC Summit in Singapore, beginning May 3rd. The weeklong event was attended by thought leaders,…

April 28, 2016

Cloud Security Alliance Announces World Class Speaker Line Up for Second Annual Federal Summit

Program to Feature Insights and Perspectives into the Federal Government Cloud Strategy and Use of Cloud Services along with Best Practices to Ensure Cloud Security in Regulatory Environments Washington, DC – April 28, 2016 – The Cloud Security Alliance (CSA) today announced a world-class line up of speakers and presentations for its second annual Cloud Security Alliance Federal…

April 25, 2016

Cloud Security Alliance Announces Speakers and Presentations for Upcoming SecureCloud 2016 Conference

Leaders from Intel, Microsoft, Forrester Research and NIST Among Presenters at Upcoming Premiere European Cloud Security Event DUBLIN, IRELAND – April 25, 2016 – The Cloud Security Alliance (CSA), in collaboration with Fraunhofer FOKUS and ENISA, today announced the presentations and speaker line up for the upcoming SecureCloud conference. The SecureCloud 2016 conference is scheduled for…

April 22, 2016

NEW! Mitigating Risk for Cloud Apps Survey.

Time: 15 minutes Prizes: 10 CCSK Tokens Closing Date: May 23rd Participate Now Abstract: Current state of SaaS security – with several years of cloud adoption in many organizations, approaches to security have been evolving rapidly. The purpose of this survey is to look at the specific concerns, policies, and controls that enterprises are using….

See all news

Press Coverage

Cloud Security Resource | June 20, 2016

It’s Time to Secure that Cloud…but What Skills Do You Need?

MSP Mentor | June 17, 2016

Cloud 101: Setting Customer Expectations

Business Reporter | June 15, 2016

#DSCloud16: Firms must take an evidence-based approach to cloud security

InfoSecurity Magazine | June 14, 2016

Ransomware Tunes into Smart TVs

SC Magazine | June 02, 2016

“Children are dying” due to restrictions on data, warns cloud expert

Biz Report | June 01, 2016

Top 4 tips to secure your business in the cloud

Network World | June 01, 2016

Software-defined Perimeter (SDP) Essentials

RCR Wireless | May 31, 2016

ICSA Labs to roll out IoT security testing certification

Security Intelligance | May 27, 2016

2016 Security Conferences: Infosecurity Europe

Baseline | May 27, 2016

Cloud Deployments Grow Despite Security Concerns

Security News Desk | May 27, 2016

Certes Networks shrinks the attack surface at Infosecurity Europe

Securosis Blog | May 24, 2016

Incident Response in the Cloud Age: More Data, No Data, or Both?

Computer News Middle East | May 23, 2016

eHDF enhances its Public Cloud portal

The Straits Times | May 23, 2016

Smart Nation push to see $2.8b worth of tenders this year

Security Brief | May 18, 2016

Waikato University takes on Kiwi cyber security

Vanilla Plus | May 17, 2016

Prpl Foundation to give keynote at Cloud Security Alliance at the Cloud Security Summit in Milan

Government Computer News | May 12, 2016

Scott stresses the IT changes a $3.1B revolving fund could bring

CIO | May 10, 2016

Why banks are finally cashing in on the public cloud

FierceBigData | May 09, 2016

Open source prpl Foundation publishes peer-reviewed IoT security guide

Securosis Blog | May 09, 2016

Updates to Our Black Hat Cloud Security Training Classes

See all press

Recent Blog Posts

June 22, 2016

Verizon DBIR Says You Can’t Stop the Storm—But You Can See It Coming

By Susan Richardson, Manager/Content Strategy, Code42 The 2016 Verizon Data Breach Investigations Report (DBIR) paints a grim picture of the unavoidable enterprise data breach. But accepting the inevitability of breaches doesn’t mean accepting defeat. It’s like severe weather: you can’t prevent a tornado or hurricane. But with the right visibility tools,...

June 20, 2016

Why You Need a Multi-Layer Approach to Public Cloud Security

By Scott Montgomery, Vice President & Chief Technical Strategist, Intel Security Group Would you hand your house keys to a total stranger and then go away on vacation for two weeks? Probably not, but that’s precisely what some businesses do when they move applications and data to the public cloud. Security...

June 17, 2016

Confident Endpoint Visibility Responds to Modern Data Protection Problems

By Joe Payne, President and CEO, Code42 Consumer tech adoption has outpaced tech evolution in business for more than ten years. SaaS and cloud solutions, new apps and devices are at the disposal of empowered workers, making it very easy for employees to get what they need to work anywhere or—despite...

June 15, 2016

More Than One-Fourth of Malware Files “Shared”

By Krishna Narayanaswamy, Chief Scientist, Netskope Last week, Netskope released its global Cloud Report as well as its Europe, Middle East and Africa version highlighting cloud activity from January through March of 2016. Each quarter we report on aggregated, anonymized findings such as top used apps, top activities, top policy violations, and other cloud security findings from...

June 14, 2016

Securing the Hybrid Cloud: What Skills Do You Need?

By Brian Dye, Corporate Vice President & General Manager/Corporate Products, Intel Security Group With enterprises moving to hybrid cloud environments, IT architectures are increasingly spread among on-premises infrastructure and public and private cloud platforms. Hybrid models offer many well-documented benefits, but they also introduce more complexity for securing data and applications across the...

June 10, 2016

Leaky End Users Star in DBIR 2016

By Susan Richardson, Manager/Content Strategy, Code42 Insider threat once again tops the list of enterprise cyber security threats in the 2016 Verizon Data Breach Investigations Report (DBIR). For the second straight year, Verizon research showed that the average enterprise is less likely to have its data stolen than to have an...

June 08, 2016

Filling the Cloud Security IT Skills Gap… and Preventing Attrition

By Brian Dye, Corporate Vice President & General Manager/Corporate Products, Intel Security Group With all the various cloud services being offered in multiple deployment options, coupled with the 500,000 new security threats discovered daily, the strain on IT staff has never been greater. The need to retain cyber-security pros, versed in all the...

June 02, 2016

Five Telltale Signs You Don’t Have the Latest Backup System

By Susan Richardson, Manager/Content Strategy, Code42 It’s Backup Awareness Month—time to take stock of how well your backup system is serving your organization. To help you get started, here are five telltale signs you don’t have the most modern endpoint backup system: 1. You still get Help Desk calls to retrieve...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Newsletter Archive

All of our past newsletters are available online for your convenience.

Read them here

Downloads

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1

Consensus Assessments Initiative Questionnaire v3.0.1

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Quantum Random Number Generators

Quantum Random Number Generators

A random number is generated by a process whose outcome is unpredictable, and which cannot be reliably reproduced. Randomness, quantitatively measured by entropy, is the measure of uncertainty or disorder within a set of data. The higher the level of unpredictability, the more random the data is and the more valuable it becomes, particularly for…

Release Date: June 09, 2016

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Controls Matrix v3.0.1 (6-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Identity Security Survey Report

Identity Security Survey Report

Release Date: April 19, 2016

CSA STAR Program & Open Certification Framework in 2016 and Beyond

CSA STAR Program & Open Certification Framework in 2016 and Beyond

The Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) program is the industry’s leading trust mark for cloud security. The CSA Open Certification Framework (OCF) is a program for flexible, incremental and multi-layered CSP certifications according to the CSA’s industry leading security guidance. The OCF/STAR program comprises a global cloud computing assurance framework…

Release Date: April 12, 2016

Mobile Application Security Testing Initiative Revised Charter

Mobile Application Security Testing Initiative Revised Charter

Mobile applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing. The Mobile Application Security Testing initiative will aim to create a safer cloud ecosystem for mobile applications by creating systematic approaches to application…

Release Date: March 14, 2016

Defining Categories of Security as a Service: Continuous Monitoring

Defining Categories of Security as a Service: Continuous Monitoring

In order to improve the understanding of Security as a Service and accelerate market acceptance, clear categorization and definitions of these services is necessary. This document provides a high overview of the business and technical elements needed to evaluate the risks associated with the category of Continuous Monitoring.

Release Date: February 29, 2016

‘The Treacherous Twelve’ Cloud Computing Top Threats in 2016

‘The Treacherous Twelve’ Cloud Computing Top Threats in 2016

“The Treacherous 12 – Cloud Computing Top Threats in 2016” plays a crucial role in the CSA research ecosystem. The purpose of the report is to provide organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies. The report reflects the current consensus among…

Release Date: February 29, 2016

Security Position Paper – Network Function Virtualization

Security Position Paper – Network Function Virtualization

This white paper discusses some of the potential security issues and concerns, and offers guidance for securing a Virtual Network Function (NFV) based architecture, whereby security services are provisioned in the form of Virtual Network Functions (VNFs).

Release Date: February 29, 2016

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.