Latest News

10/10/2018

Cloud Security Alliance Releases Guidelines on Effectively Managing Security Service in the Cloud

Newest paper offers clearly defined security responsibilities for vendors, customers across various cloud-service modelsSINGAPORE – October 11, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a...

09/27/2018

Cloud Security Alliance Establishes New European Headquarters, GDPR Center of Excellence in Berlin

Berlin, Germany – Sept. 27, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced that in response to rapid membership growth throughout the...

09/25/2018

Cloud Security Alliance Announces Speakers, Sessions 
for 8th Annual CSA Congress

Keynote presenters from the United Nations, Turners Broadcasting, Qualys and Arizona State to discuss global governance, the threat landscape and security innovations that address new cloud security frontiers Seattle, WA – Sept. 25, 2018 – The Cloud Security Alliance (CSA), the world’s lead...

08/20/2018

Cloud Security Alliance Releases Malaysia Financial Sector Cloud 
Adoption Report

Survey offers insight into areas of cloud adoption, IT security budgets, cloud computing, cyber security skills KUALA LUMPUR, MALAYSIA – August 20, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to hel...

08/08/2018

CSA Releases Top Threats to Cloud Computing: Deep Dive

Paper identifies chief cloud security risks, how they fit in a greater security analysis BLACKHAT LAS VEGAS – AUGUST 8, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure clou...

08/07/2018

CSA, OWASP Issue Updated Guidance for Secure Medical 
Device Deployment

Report includes enhanced sections on purchasing and mechanism controls, as well as relevant FDA guidance BLACKHAT LAS VEGAS – AUGUST 7, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure...

06/12/2018

Cloud Security Alliance Issues Recommendations on Firmware Integrity 
in the Cloud Data Center

Group calls for more standardization from hardware manufacturers to improve security SEATTLE, WA – JUNE 12, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing env...

06/07/2018

Volunteers Needed: Application Containers and Microservices Working Group

The CSA Application Containers and Microservices Working Group is searching for volunteers to participate in the development of whitepapers on best practices and challenges in securing containers and microservices. If you are interested in being part of these projects, please sign up for the wo...

06/05/2018

Cloud Security Alliance Issues Code of Conduct Self-Assessment and Certification Tools for GDPR Compliance

New mechanisms offer vested parties structured, transparent path to meeting personal data protection requirements SEATTLE, WA and LONDON – JUNE 5, 2018 – InfoSecurity Europe Conference - The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, cert...

05/29/2018

Open Survey: Enterprise Resource Planning and Cloud Adoption Survey

In February, the Cloud Security Alliance released ”The State of ERP Security in the Cloud” to provide IT and management professionals with a sound overview of cloud security for ERP systems. The following survey will attempt to better understand cloud preparation and migration, features and benef...

See all news

Press Coverage

Petri |November 02, 2018

Paul Thurrott’s Short Takes: November 2

Seeking Alpha |October 31, 2018

Microsoft Cloud Outpaces Amazon

Talk Markets |October 30, 2018

Microsoft Cloud Outpaces Amazon

Forbes |October 30, 2018

Securing Access To Critical Legacy Applications

The Street |October 25, 2018

Microsoft Rides Cloud to Impressive Earnings Beat; Markets Focus on Amazon Q3

Diginomica |October 23, 2018

Oracle OpenWorld 2018 – the cloud security story

GCN |October 23, 2018

How to catch security blind spots during a cloud migration

Denver Post |October 22, 2018

Arvada to Host 3rd Annual Cloud Security Alliance Fall Summit on November 8

Government Technology |October 20, 2018

Where Next With Cloud Security?

Syracuse University News |October 19, 2018

Awards & Recognition Program Honors 5 Alumni

IoT News |October 18, 2018

Crypto Quantique claims launch of first quantum-driven secure chip on silicon to strengthen IoT security

SmallCap Network |October 18, 2018

Cloud Security Market is Estimated to Reach $12.64 Billion by 2024

WICZ TV |October 18, 2018

New Report from NSFOCUS Analyzes 27 Million Attacks in H1 Cybersecurity Insights Report

DevOps.com |October 17, 2018

DevOps Chat: disrupt:Ops Brings Security Closer to DevOps

Security Boulevard |October 16, 2018

Using Application Analytics to Achieve Security at Scale

Prsync.com |October 16, 2018

Features of using cloud technologies for organisations

MobiHealthNews |October 15, 2018

Why healthcare data may be more secure with cloud computing

Plant Engineering |October 15, 2018

Six IoT implementation challenges and solutions

Security Boulevard |October 12, 2018

CCSP Domain 5: Operations

Security Boulevard |October 12, 2018

CCSP Domain 6: Legal and Compliance

See all press coverage

Recent Blog Posts

November 12, 2018

Cloud Security Alliance Releases Minor Update to CCM v3.0.1

By the CSA Research Team The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Working Group has released a minor update for the CCM v3.0.1. This update incorporates mappings to IEC 62443-3-3 and BSI Compliance Controls Catalogue (C5). The CCM is specifically designed to provide fundamental security principles to guide cloud vendors and to assist […]


November 9, 2018

Cloud Security Alliance Announces the Release of the Spanish Translation of Guidance 4.0

By JR Santos, Executive Vice President of Research, Cloud Security Alliance. The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the release of Guidance for Critical Areas of Focus in Cloud Computing 4.0 in Spanish. This is the […]


November 8, 2018

Seven Reasons Why Proxy-based CASBs Are Required for Office 365

By Rich Campagna, Chief Marketing Officer, Bitglass A competing CASB vendor blogged recently on why proxy-based Cloud Access Security Brokers (CASBs) shouldn’t be used for Office 365. The post cites “7 reasons,” all of which are variations of just one reason: their CASB breaks each time Microsoft makes changes to Office 365.  What they call “application breakages” due to […]


November 5, 2018

Bitglass Security Spotlight: Uber, Apollo, & Chegg

By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity stories of recent weeks: —Uber fined $148 million over cover-up —Apollo database of 200 million contacts breached —Chegg hack exposes 40 million users’ credentials —Port of San Diego faces cyberattack Uber fined $148 million over cover-up In late 2016, Uber suffered a breach at […]


October 31, 2018

Bitglass Security Spotlight: Veeam, Mongo Lock, Password Theft, Atlas Quantum & the 2020 Census

By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity headlines of recent weeks: —440 million email addresses exposed by Veeam —Unprotected MongoDB databases being targeted —42 million emails, passwords, and more leaked —Cold-boot attacks steal passwords and encryption keys —2 billion devices still vulnerable to Bluetooth attack —Atlas Quantum, cryptocurrency platform, breached —Security […]


October 29, 2018

POC the CASB

By Rich Campagna, Chief Marketing Officer, Bitglass The Cloud Access Security Broker, or CASB, space has quickly made its way to the mainstream, with organizations of every size and every industry deploying CASBs whenever their data moves beyond the firewall. While ready for primetime and widely deployed, some enterprises are taking the risky step of skipping the […]


October 25, 2018

Bitglass Security Spotlight: Yale, LifeLock, SingHealth, Malware Evolving & Reddit Breached

By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity headlines of recent months: —Future malware to recognize victims’ faces —Reddit suffers breach —6 million records of Georgian voters exposed —RASPITE Group attacks US infrastructure —Decade-old breach at Yale uncovered —Bug exposes LifeLock customer data —Patient data of 1.5 million exposed in SingHealth breach […]


October 19, 2018

In Europe, Cloud Is the New Default

By Salim Hafid, Senior Product Marketing Manager, Bitglass If you keep up with the blog, you’ll remember our 2018 global cloud adoption report, wherein thousands of organizations deployed cloud apps since we last conducted our automated analysis of over 100,000 firms. Many in EMEA wanted to know how Europe stacked up against the rest of […]


October 17, 2018

Office 365 Security: It Takes Two to Tango

Many cloud apps – including Office 365 – operate under a shared responsibility model. Here’s what that means for your company By Beth Stackpole, Feature Writer, Symantec Security concerns, once a long-standing hurdle to cloud deployment, may be on the wane, but the issue is still very much alive when it comes to cloud-based applications […]


October 16, 2018

Guideline on Effectively Managing Security Service in the Cloud

By Dr. Kai Chen, Director of Cybersecurity Technology, Huawei Technologies Co. Ltd. The cloud computing market is growing ever so rapidly. Affordable, efficient, and scalable, cloud computing remains the best solution for most businesses, and it is heartening to see the number of customers deploying cloud services continue to grow. From the beginning of cloud’s […]


Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Research Artifacts

Cloud Controls Matrix v3.0.1 (11-12-18 Update)

Cloud Controls Matrix v3.0.1 (11-12-18 Update)

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Working Group has released a minor update for the CCM v3.0.1. This update incorporates mappings to IEC 62443-3-3 and BSI Compliance Controls Catalogue (C5). File attached.

Release Date: 11/12/2018

Using BlockChain Technology to Secure the Internet of Things - Japanese Translation

Using BlockChain Technology to Secure the Internet of Things - Japanese Translation

本書「IoT セキュリティのためのブロックチェーン技術の活用」は、Cloud Security Alliance (CSA)が公開して いる「Using Blockchain Technology to Secure the Internet of Things」の日本語訳です。本書は、CSA ジャパ ンが、CSA の許可を得て翻訳し、公開するものです。原文と日本語版の内容に相違があった場合には、原文が優先 されます。

Release Date: 10/03/2018

IoT Firmware Update Processes

IoT Firmware Update Processes

The traditional approach to updating software for IT assets involves analysis, staging and distribution of the update—a process that usually occurs during off-hours for the business. These updates typically have cryptographic controls (digital signatures) applied to safeguard the integrity and authenticity of the software.

Release Date: 09/20/2018

Code of Conduct for GDPR Compliance - Japanese Translation

Code of Conduct for GDPR Compliance - Japanese Translation

説明: 本書「GDPR 準拠の為の行動規範」は、Cloud Security Alliance (CSA)が公開している「CODE OF CONDUCT FOR GDPR COMPLIANCE」の日本語訳および一般社団法人日本クラウドセキュリティアライア ンス(CSAジャパン)が解説を加えたものです。本書は、CSAジャパンが、CSAの許可を得て翻訳し、公開 するものです。原文と日本語版の内容に相違があった場合には、原文が優先されます。

Release Date: 09/14/2018

CSA Malaysia FSI Report

CSA Malaysia FSI Report

The “Cloud Adoption in the Malaysian Financial Services Industry (FSI) sector” survey was undertaken by CSA to understand and evaluate cloud adoption trends and concerns in the FSI in that country.

Release Date: 08/20/2018

Top Threats to Cloud Computing: Deep Dive

Top Threats to Cloud Computing: Deep Dive

This case study attempts to connect all the dots when it comes to security analysis by using nine anecdotes cited in the Top Threats for its foundation. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart’s format provides an attack-style synopsis of the actor, spanning from threats and vulnerabilities to end controls and mitigations. We encourage architects and engineers to use this information as a starting point for their own analysis and comparisons.

Release Date: 08/08/2018

OWASP Secure Medical Devices Deployment Standard

OWASP Secure Medical Devices Deployment Standard

With the explosion of botnets and other malware that now target IoT devices (of which medical devices can be considered a subtype) the need for security-minded deployments of medical devices is now more essential than ever. This guide is intended to serve as comprehensive guide to the secure deployment of medical devices within a healthcare facility.

Release Date: 08/07/2018

Security Position Paper Network Function Virtualization - Chinese Translation

Security Position Paper Network Function Virtualization - Chinese Translation

近五年来,随着云基础设施的能力和复杂性飞速演进,安全风险也相应上升。 虽然虚拟化已不是一个很新的概念,但几乎任何人都可以对计算、存储、网络和应 用程序等资源进行虚拟化的想法会增加安全威胁的影响和速度。同时,全球地缘政 治格局已从由机遇驱动的网络攻击转变为资金充足的国家行动

Release Date: 08/03/2018

Using BlockChain Technology to Secure the Internet of Things - Chinese Translation

Using BlockChain Technology to Secure the Internet of Things - Chinese Translation

在过去的四年中,技术专家、首席数字官、营销经理、记者、博客作者和研究机构讨论 并 推广了一种新的分布式模型,将区块链技术应用于安全事务处理和存储。国际数据公司 IDC FutureScape 预测,到 2020 年,全球 20%的贸易融资将纳入区块链。

Release Date: 08/03/2018

Top Threats to Cloud Computing: Deep Dive

Top Threats to Cloud Computing: Deep Dive

This case study attempts to connect all the dots when it comes to security analysis by using nine anecdotes cited in the Top Threats for its foundation. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart’s format provides an attack-style synopsis of the actor, spanning from threats and vulnerabilities to end controls and mitigations. We encourage architects and engineers to use this information as a starting point for their own analysis and comparisons.

Release Date: 08/08/2018

Cloud Security Alliance Code of Conduct for GDPR Compliance

Cloud Security Alliance Code of Conduct for GDPR Compliance

The CSA Code of Conduct is designed to offer both a compliance tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider.

Release Date: 07/10/2018

Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Description: The CAIQ is based upon the CCM and provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix.

Release Date: 10/12/2017

Cloud Controls Matrix v3.0.1 (9-1-17 Update)

Cloud Controls Matrix v3.0.1 (9-1-17 Update)

Description: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.

Release Date: 10/03/2017

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

The rise of cloud computing as an ever-evolving technology brings with it a number of opportunities and challenges. With this document, we aim to provide both guidance and inspiration to support business goals while managing and mitigating the risks associated with the adoption of cloud computing technology.

Release Date: 07/26/2017