Mission Statement

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more

Latest News

November 21, 2017

Cloud Security Alliance Issues New Code of Conduct for GDPR Compliance

Significant updates provide actionable guidance to reflect new European personal protection obligations Edinburgh, Scotland – November 21, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released the CSA Code of Conduct for GDPR Compliance,…

November 20, 2017

Cloud Security Alliance Releases New Cloud Security for Startups Report

New White Paper Helps Software-as-a-Service Startups Build Solid Security by Aligning Security Controls with Product Development and Investment Rounds SEATTLE, WA – November 20, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released a…

October 20, 2017

Cloud Security Alliance Releases Updates to ‘The Treacherous 12: Cloud Computing Top Threats in 2016’

Updates Extend Real-World Examples to Align with Top Security Threats SEATTLE, WA – October 20, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced an updated ‘Treacherous 12: Top Threats to Cloud Computing +…

August 30, 2017

Cloud Security Alliance Announces Release of Newest Report on ‘Improving Metrics in Cyber Resiliency”

White paper introduces key metrics to measure threats, recover lost functionality in wake of attack SEATTLE, WA – August 30, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the release of Improving Metrics…

July 27, 2017

Cloud Security Alliance Announces Upcoming Launch of CCSK v4

Updates to industry leading cloud certificate reflect evolving cloud landscape and the need for qualified security professionals. LAS VEGAS, NV – Black Hat 2017, Booth BB5 – July 26, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud…

July 26, 2017

Cloud Security Alliance Announces Major Updates to Guidance v4.0

Domains Restructured and Rewritten to Better Represent the Current State and Future of Cloud Computing Security LAS VEGAS, NV – Blackhat 2017 – July 26, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced…

July 25, 2017

The Inaugural Philippines Summit attracts over 700 attendees

At the Inaugural Cloud Security Alliance (CSA) Philippines Summit held on 11 July 2017, twenty-seven leading IT companies and start-ups demonstrated innovations across sectors of Cloud technology including Security, Datacenter, Enterprise, Mobile Apps, and E-Commerce. The CSA PH Summit was held at the Golden Ballroom of Okada Manila, and attracted over 282 C-levels, government dignitaries,…

June 05, 2017

Cloud Security Alliance Announces “Grand Opening” of Its New Third-Party Global Consultancy Program

Selected Inaugural Providers BH Consulting, KPMG, Optiv and Securosis Ready to Help Organizations Ensure Secure Cloud Implementation Best Practices SEATTLE, WA – June 5, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the…

See all news

Press Coverage

Recent Blog Posts

November 21, 2017

Your Morning Security Spotlight

By Jacob Serpa, Product Marketing Manager, Bitglass The top cybersecurity stories of the week revolved around malware and breaches. Infections and data theft remain very threatening realities for the enterprise. 400 Million Malware Infections in Q3 of 2017 In the last few months, malware has successfully infected hundred of millions of devices around the world. As...

November 09, 2017

IT Sales in the Age of the Cloud

By Mathias Widler, Regional Sales Director, Zscaler The cloud is associated not only with a change in corporate structures, but also a transformation of the channel and even sales itself. Cloudification makes it necessary for sales negotiations to be held with decision-makers in different departments and time zones, with different...

October 26, 2017

Days of Our Stolen Identity: The Equifax Soap Opera

By Kate Donofrio, Senior Associate, Schellman & Co. The Equifax saga continues like a soap opera, Days of Our Stolen Identity.  Every time it appears the Equifax drama is ending, a new report surfaces confirming additional security issues. On Thursday, September 12, NPR reported that Equifax took down their website this...

October 20, 2017

What’s New with the Treacherous 12?

By the CSA Top Threats Working Group In 2016, the CSA Top Threats Working Group published the Treacherous 12: Top Threats to Cloud Computing, which expounds on 12 categories of security issues that are relevant to cloud environments. The 12 security issues were determined by a survey of 271 respondents. Following...

October 19, 2017

CSA Releases Minor Update to CCM, CAIQ

By the CSA Research Team The Cloud Security Alliance has released a minor update for the Cloud Control Matrix (CCM) and the Consensus Assessment Initiative Questionnaire (CAIQ) v3.0.1. This update incorporates mappings to Shared Assessments 2017 Agreed Upon Procedures (AUP), PCI DSS v3.2, CIS-AWS-Foundation v1.1, HITRUST CSF v8.1, NZISM v2.5....

October 04, 2017

The GDPR and Personal Data…HELP!

By Chris Lippert, Senior Associate, Schellman & Co. With the General Data Protection Regulation (GDPR) becoming effective May 25, 2018, organizations (or rather, organisations) seem to be stressing a bit. Most we speak with are asking, “where do we even start?” or “what is included as personal data under the GDPR?”...

September 27, 2017

Webinar: How Threat Intelligence Sharing Can Help You Stay Ahead of Attacks

By Lianna Catino, Communications Manager, TruSTAR Technology According to a recent Ponemon Institute survey of more than 1,000 security practitioners, 84 percent say threat intelligence is “essential to a strong security posture,” but the data is too voluminous and complex to be actionable. Enter the CloudCISC Working Group. Powered by TruSTAR’s...

August 30, 2017

Improving Metrics in Cyber Resiliency: A Study from CSA

By  Dr. Senthil Arul, Lead Author, Improving Metrics in Cyber Resiliency With the growth in cloud computing, businesses rely on the network to access information about operational assets being stored away from the local server. Decoupling information assets from other operational assets could result in poor operational resiliency if the cloud is...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Downloads

Cloud Security for Startups

Release Date: November 20, 2017

Top Threats to Cloud Computing Plus: Industry Insights

Abstract: The Top Threats to Cloud Computing Plus: Industry Insights serves as a validation of the relevance of security issues discussed in the earlier document as wells as provides references and overviews of these incidents. In total, 21 anecdotes and examples are featured in the document. The references and overview of each anecdote and example…

Release Date: October 20, 2017

Improving Metrics in Cyber Resiliency

Release Date: August 30, 2017

Security Guidance v4.0 Info Sheet

Release Date: July 26, 2017

A Repeatable Cloud-first Deployment Process Model

By now the benefits of cloud computing are generally understood at high level. What is not necessarily clear are the details of the potential security, legal, financial, and compliance impacts that cloud adoption will produce. The stakeholders who are currently responsible for these areas are sometimes not sufficiently familiar with how a cloud-first strategy affects…

Release Date: June 06, 2017

Observations and Recommendations on Connected Vehicle Security

The introduction of Connected Vehicles (CVs) has been discussed for many years. Pilot implementations currently underway are evaluating CV operations in realistic municipal environments. CVs are beginning to operate in complex environments composed of both legacy and modernized traffic infrastructure. Security systems, tools and guidance are needed to aid in protecting CVs and the supporting…

Release Date: May 25, 2017

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.