Mission Statement

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more

Latest News

May 14, 2018

Cloud Security Alliance Announces FedSTAR, a New Joint Certification System with FedRAMP

System to be based on a common framework for deployment, use and maintenance 
Seattle, WA– May 14, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announces that it has partnered with the Federal Risk…

May 11, 2018

Bob Gourley to Speak on Nation State Attacks at CSA Federal Summit 2018

Joins world-class speaker line-up of federal and cybersecurity experts 
 Seattle, WA – May 11, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, announced today that Bob Gourley, former CTO of the Defense Intelligence Agency…

May 10, 2018

Cloud Security Alliance Announces Federal Summit 2018 Speaker Line-up

Presentations to focus on how agencies can shift to a secure cloud 
for mission critical systems Seattle, WA – May 9, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is pleased to announce the speaker…

May 09, 2018

CSA Summit Returns to Infosecurity Europe 2018

World’s leading cloud security organization brings its premier event to Europe’s top information security conference Seattle, WA – May 9, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the agenda for the second…

April 23, 2018

National Technology Security Coalition (NTSC) and Cloud Security Alliance (CSA) Partner to Improve Cloud Computing Security

ATLANTA, GA (April 23, 2018) – The National Technology Security Coalition (NTSC) and the Cloud Security Alliance (CSA) announced a partnership to advance cloud computing security at the RSA Conference’s CSA Summit on Monday, April 16. Pete Chronis, CISO of Turner and an NTSC Board Member, announced the partnership during his talk “The CISOs’ role…

April 19, 2018

Cloud Security Alliance’s Newest Research Report Examines a Day Without Safe Cryptography

What would happen to our daily lives if our most commonly used methods of encryption were to suddenly disappear? SEATTLE, WA and SAN FRANCISCO, CA – RSA Conference Booth #1039 – April 19, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help…

April 17, 2018

GDPR Preparation and Challenges Survey Report Explores Overall Industry Preparedness in Achieving Compliance

Eighty-three percent of companies lack confidence in their ability to meet May 25 deadline SEATTLE, WA and SAN FRANCISCO, CA – RSA Conference Booth #1039 – April 17, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing…

April 16, 2018

Cloud Security Alliance Releases New Research: Building a Foundation for Successful Cyber Threat Intelligence Exchange

Paper offers key considerations for corporations seeking to collaborate on security incidents impacting the cloud environment SEATTLE, WA and SAN FRANCISCO, CA – RSA Conference Booth #1039 – April 16, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure…

See all news

Press Coverage

Recent Blog Posts

May 21, 2018

Surprise Apps in Your CASB PoC

By Rich Campagna, Chief Marketing Officer, Bitglass Barely five years old, the Cloud Access Security Broker (CASB) market is undergoing its second major shift in primary usage. The first CASBs to hit the market way back in 2013-2014 primarily provided visibility into Shadow IT. Interest in that visibility use case quickly waned in...

May 18, 2018

Majority of Australian Data Breaches Caused by Human Error

By Rich Campagna, Chief Marketing Officer, Bitglass It wasn’t long ago that the first breach under the Office of the Australian Information Commissioner’s (OAIC) Privacy Amendment Bill was made public. Now, OAIC is back with their first Quarterly Statistics Report of Notifiable Data Breaches. While the report doesn’t offer much in the way of detail, it...

May 17, 2018

Bitglass Security Spotlight: LinkedIn, Vector, and AWS

By Jacob Serpa, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks: —LinkedIn security gap exposes users’ data —Vector app reveals customers’ information —AWS misconfiguration makes LocalBlox user information public —New malware steals data via power lines —Banking apps deemed the most unsecured LinkedIn security gap...

May 11, 2018

Orbitz: Why You Can’t Secure Data in the Dark

By Jacob Serpa, Product Marketing Manager, Bitglass On March 1, 2018, Orbitz discovered that a malicious party may have stolen information from one of its legacy platforms. The compromised platform housed Orbitz customer information such as mailing addresses, phone numbers, email addresses, and full names, as well as details about nearly 900,000...

May 10, 2018

baseStriker: Office 365 Security Fails To Secure 100 Million Email Users

By Yoav Nathaniel, Customer Success Manager, Avanan We recently uncovered what may be the largest security flaw in Office 365 since the service was created. Unlike similar attacks that could be learned and blocked, using this vulnerability hackers can completely bypass all of Microsoft’s security, including its advanced services – ATP,...

May 08, 2018

One Simple Way to Avoid 57 Percent of Breaches

By Rich Campagna, Chief Marketing Officer, Bitglass I recently caught wind of a survey of 3000 cybersecurity professionals commissioned by ServiceNow and Ponemon. One of the first statistics that jumped out at me? “57% of data breach victims said they were breached due to an unpatched known vulnerability.” That’s bananas! And this massive...

May 01, 2018

The Case for CASB: Healthcare

By Rich Campagna, Chief Marketing Officer, Bitglass Over the past couple of years, Cloud Access Security Brokers (CASBs) have gone from a nascent, barely known technology to the de facto standard for secure public cloud enablement in every enterprise vertical. Early on, it’s tough to draw patterns across industries, but once you have...

April 26, 2018

Are Traditional Security Tools Dead?

By Salim Hafid, Product Marketing Manager, Bitglass When evaluating security options, CISOs and security architects are always looking to the solution that will minimize cost and administrative overhead while maximizing data protection. At the highest levels, enterprises have relied on traditional tools as a means of protecting data over the long...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Downloads

A Day Without Safe Cryptography

Release Date: April 19, 2018

State of Cloud Report

Release Date: April 16, 2018

The State of Enterprise Resource Planning Security in the Cloud

Description: The State of ERP Security in the Cloud briefly highlights some of the issues and challenges of migrating ERP solutions to the cloud. The document examines common security and privacy risks that organizations might incur during a transition to the cloud, as well as how organizations have mitigated these hazards.

Release Date: February 07, 2018

Quantum-Safe Security Awareness Survey

Release Date: January 26, 2018

A Day Without Safe Cryptography

Release Date: April 19, 2018

State of Cloud Report

Release Date: April 16, 2018

The State of Enterprise Resource Planning Security in the Cloud

Description: The State of ERP Security in the Cloud briefly highlights some of the issues and challenges of migrating ERP solutions to the cloud. The document examines common security and privacy risks that organizations might incur during a transition to the cloud, as well as how organizations have mitigated these hazards.

Release Date: February 07, 2018

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.