Mission Statement
To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more
To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more
June 12, 2018
Group calls for more standardization from hardware manufacturers to improve security SEATTLE, WA – JUNE 12, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released a new position paper from the Cloud Security Industry Summit (CSIS)…
June 07, 2018
The CSA Application Containers and Microservices Working Group is searching for volunteers to participate in the development of whitepapers on best practices and challenges in securing containers and microservices. If you are interested in being part of these projects, please sign up for the working group here: https://cloudsecurityalliance.org/group/containerization/#_overview. If you don’t hear back within a…
June 05, 2018
New mechanisms offer vested parties structured, transparent path to meeting personal data protection requirements SEATTLE, WA and LONDON – JUNE 5, 2018 – InfoSecurity Europe Conference – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released the…
May 29, 2018
In February, the Cloud Security Alliance released ”The State of ERP Security in the Cloud” to provide IT and management professionals with a sound overview of cloud security for ERP systems. The following survey will attempt to better understand cloud preparation and migration, features and benefits gained, and the security and privacy challenges for an…
May 23, 2018
Report offers an overview of challenges involved with future of data security SEATTLE, WA – May 23, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released its newest report, “The State of Post-Quantum Cryptography.”…
May 14, 2018
System to be based on a common framework for deployment, use and maintenance Seattle, WA– May 14, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announces that it has partnered with the Federal Risk…
May 11, 2018
Joins world-class speaker line-up of federal and cybersecurity experts Seattle, WA – May 11, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, announced today that Bob Gourley, former CTO of the Defense Intelligence Agency…
May 10, 2018
Presentations to focus on how agencies can shift to a secure cloud for mission critical systems Seattle, WA – May 9, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is pleased to announce the speaker…
Government Technology | June 16, 2018
How Does Arizona Government Address Information Security?
ExecutiveGov | June 13, 2018
Jim Reavis: Cloud Security Alliance, GSA’s FedRAMP Partner to Develop ‘FedSTAR’ Cloud Certification
Cloud Security Alliance Issues Recommendations On Firmware Integrity In The Cloud Data Center | June 13, 2018
Federal News Radio | June 12, 2018
New FedSTAR cloud certification to improve compatibility for agencies, private companies
Idaho State Journal | June 12, 2018
Cloud Security Alliance Issues Recommendations on Firmware Integrity in the Cloud Data Center
OpenGov Asia | June 08, 2018
South Korea announces medical and transportation cybersecurity guide
Finextra | June 07, 2018
The Risks of Shadow IT at Financial Services Firms
WAFB | June 07, 2018
June 14, 2018
By Jon-Michael C. Brook, Principal, Guide Holdings, LLC The security industry is understaffed. By a lot. Previous estimates by the Ponemon Institute suggest as much as 50 percent underemployment for cybersecurity positions. Seventy percent of existing IT security organizations are understaffed and 58 percent say it’s difficult to retain qualified candidates. ESG’s...
June 13, 2018
By Chris Higgins, Technical Support Engineer, Bitglass In my last post, I introduced Microsoft Workplace Join. It’s a really convenient feature that can automatically log users in to corporate accounts from any devices of their choosing. However, this approach essentially eliminates all sense of security. So, if you’re a sane and...
June 12, 2018
By John Yeoh, Research Director/Americas, Cloud Security Alliance As valued members, we wanted you to be among the first to hear about the newest report out from CSA—Firmware Integrity in the Cloud Data Center, in which key cloud providers and datacenter development stakeholders share their thoughts on building cloud infrastructure using...
June 12, 2018
By Shamun Mahmud, Research Analyst, Cloud Security Alliance The Cloud Security Alliance’s Software Defined Perimeter Working Group set out to author a comprehensive resource on the terms and definitions within software defined perimeter (SDP) architectures. SDP has changed since the working group’s inception in 2014, so the Working Group went about...
June 11, 2018
By Michael Pitcher, Vice President, Technical Cyber Services, Coalfire Federal I recently spoke at the Cloud Security Alliance’s Federal Summit on the topic “Continuous Monitoring / Continuous Diagnostics and Mitigation (CDM) Concepts in the Cloud.” As government has moved and will continue to move to the cloud, it is becoming increasingly...
June 08, 2018
By Chris Higgins, Technical Support Engineer, Bitglass It’s no secret that enterprise users wish to access work data and applications from a mix of both corporate and personal devices. In order to help facilitate this mix of devices, Microsoft has introduced a new feature called Workplace Join into Azure Active Directory, Microsoft’s cloud-based...
June 06, 2018
By Jacob Serpa, Product Marketing Manager, Bitglass In recent years, the cloud has attracted countless organizations with its promises of increased productivity, improved collaboration, and decreased IT overhead. As more and more companies migrate, more and more cloud-based tools arise. In its fourth cloud adoption report, Bitglass reveals the state...
June 05, 2018
By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Today, with the growing popularity of cloud computing, there exists a wealth of resources for companies that are considering—or are in the process of—migrating their data to the cloud. From checklists to best practices, the Internet teems with advice. But what about the things...
The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.
The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.
Release Date: June 12, 2018
Release Date: June 12, 2018
Release Date: June 07, 2018
Release Date: June 07, 2018
Release Date: May 23, 2018
Release Date: May 21, 2018
Release Date: April 19, 2018
Release Date: April 17, 2018
Release Date: April 16, 2018
Release Date: April 16, 2018
Release Date: June 12, 2018
Release Date: June 12, 2018
Release Date: May 23, 2018
Release Date: April 19, 2018
Release Date: April 17, 2018
Release Date: April 16, 2018
Release Date: April 16, 2018
Release Date: February 13, 2018
Description: The State of ERP Security in the Cloud briefly highlights some of the issues and challenges of migrating ERP solutions to the cloud. The document examines common security and privacy risks that organizations might incur during a transition to the cloud, as well as how organizations have mitigated these hazards.
Release Date: February 07, 2018
Release Date: October 12, 2017
Release Date: October 03, 2017
Release Date: July 26, 2017
Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…
Release Date: June 06, 2016
Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”
Release Date: February 01, 2016
A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.
Release Date: September 18, 2014
The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.
Release Date: February 25, 2013
The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.
Release Date: February 24, 2013
Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.
Release Date: November 08, 2012
The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.
Release Date: November 14, 2011
Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.
Release Date: September 01, 2011
No meetings currently posted. Check back soon.
STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.
The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:
