Mission Statement

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more

Latest News

August 30, 2017

Cloud Security Alliance Announces Release of Newest Report on ‘Improving Metrics in Cyber Resiliency”

White paper introduces key metrics to measure threats, recover lost functionality in wake of attack SEATTLE, WA – August 30, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the release of Improving Metrics…

July 27, 2017

Cloud Security Alliance Announces Upcoming Launch of CCSK v4

Updates to industry leading cloud certificate reflect evolving cloud landscape and the need for qualified security professionals. LAS VEGAS, NV – Black Hat 2017, Booth BB5 – July 26, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud…

July 26, 2017

Cloud Security Alliance Announces Major Updates to Guidance v4.0

Domains Restructured and Rewritten to Better Represent the Current State and Future of Cloud Computing Security LAS VEGAS, NV – Blackhat 2017 – July 26, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced…

July 25, 2017

The Inaugural Philippines Summit attracts over 700 attendees

At the Inaugural Cloud Security Alliance (CSA) Philippines Summit held on 11 July 2017, twenty-seven leading IT companies and start-ups demonstrated innovations across sectors of Cloud technology including Security, Datacenter, Enterprise, Mobile Apps, and E-Commerce. The CSA PH Summit was held at the Golden Ballroom of Okada Manila, and attracted over 282 C-levels, government dignitaries,…

June 05, 2017

Cloud Security Alliance Announces “Grand Opening” of Its New Third-Party Global Consultancy Program

Selected Inaugural Providers BH Consulting, KPMG, Optiv and Securosis Ready to Help Organizations Ensure Secure Cloud Implementation Best Practices SEATTLE, WA – June 5, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the…

May 25, 2017

Cloud Security Alliance Releases New Guidance for Connected Vehicle Security

New Report from Internet of Things (IoT) Working Group Identifies Vehicle Attack Vectors and Impacts, Provides Recommendations for Securing the Connected Vehicle Environment SEATTLE, WA – May 25, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing…

May 03, 2017

Cloud Security Alliance Announces Third Annual Federal Summit

Program to Feature Experts from DHS, HHS, and GSA on the State and Future of Cloud Security in Government and Industry, IoT and More Washington, DC – May 2, 2017 – The Cloud Security Alliance (CSA) today announced the line-up of featured speakers and discussions for its third annual Cloud Security Alliance Federal Summit, a…

May 01, 2017

Cloud Security Alliance Hosts 28th ISO/IEC JTC 1/SC 27 Meetings

NEW ZEALAND – April 25, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that it has successfully hosted the 28th ISO/IEC JTC 1/SC 27 Plenary and Working Group Meetings. The meeting in New…

See all news

Press Coverage

Recent Blog Posts

August 30, 2017

Improving Metrics in Cyber Resiliency: A Study from CSA

By  Dr. Senthil Arul, Lead Author, Improving Metrics in Cyber Resiliency With the growth in cloud computing, businesses rely on the network to access information about operational assets being stored away from the local server. Decoupling information assets from other operational assets could result in poor operational resiliency if the cloud is...

August 21, 2017

Security Needs Vs. Business Strategy – Finding a Common Ground

By Yael Nishry, Vice President of Business Development, Vaultive Even before cloud adoption became mainstream, it wasn’t uncommon for IT security needs to conflict with both business strategy and end user preferences. Almost everyone with a background in security has found themselves in the awkward position of having to advise...

August 18, 2017

Ransomware Explained

By Ryan Hunt, PR and Content Manager, SingleHop How it Works  —  Plus Tips for Prevention & Recovery Ransomware attacks — a type of malware (a.ka. malicious software) — are proliferating around the globe at a blistering pace. In Q1 2017, a new specimen emerged every 4.2 seconds!* What makes ransomware a go-to...

July 28, 2017

Is the Cloud Moving Too Fast for Security?

By Doug Lane, Vice President/Product Marketing, Vaultive In February 2017, a vulnerability in Slack was discovered which had the potential to expose the data of the company’s reported four million daily active users. Another breach in February on CloudFlare, a content delivery network, leaked sensitive customer data stored by millions of...

July 26, 2017

Guidance for Critical Areas of Focus in Cloud Computing Has Been Updated

Newest version reflects real-world security practices, future of cloud computing security By J.R. Santos, Executive Vice President of Research, Cloud Security Alliance Today marks a momentous day not only for CSA but for all IT and information security professionals as we release Guidance for Critical Areas of Focus in Cloud...

July 24, 2017

Patch Me If You Can

By Yogi Chandiramani, Technical Director/EMEA, Zscaler In May, the worldwide WannaCry attack infected more than 200,000 workstations. A month later, just as organizations were regaining their footing, we saw another ransomware attack, which impacted businesses in more than 65 countries. What have we learned about these attacks? Compromises/infections can happen...

July 19, 2017

Cyberattacks Are Here: Security Lessons from Jon Snow, White Walkers & Others from Game of Thrones

An analysis of Game of Thrones characters as cyber threats to your enterprise. By Virginia Satrom, Senior Public Relations Specialist, Forcepoint As most of you have probably seen, we recently announced our new human point brand campaign. Put simply, we are leading the way in making security not just a technology issue, but...

July 10, 2017

CSA Industry Blog Listed Among 100 Top Information Security Blogs for Data Security

Our blog was recently ranked 35th among 100 top information security blogs for data security professionals by Feedspot. Among the other blogs named to the list were The Hacker News, Krebs on Security and Dark Reading. Needless to say, we’re honored to be in such good company. To be listed, Feedspot’s editorial...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Newsletter Archive

All of our past newsletters are available online for your convenience.

Read them here

Downloads

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Improving Metrics in Cyber Resiliency

Release Date: August 30, 2017

Security Guidance v4.0 Info Sheet

Release Date: July 26, 2017

A Repeatable Cloud-first Deployment Process Model

By now the benefits of cloud computing are generally understood at high level. What is not necessarily clear are the details of the potential security, legal, financial, and compliance impacts that cloud adoption will produce. The stakeholders who are currently responsible for these areas are sometimes not sufficiently familiar with how a cloud-first strategy affects…

Release Date: June 06, 2017

Observations and Recommendations on Connected Vehicle Security

The introduction of Connected Vehicles (CVs) has been discussed for many years. Pilot implementations currently underway are evaluating CV operations in realistic municipal environments. CVs are beginning to operate in complex environments composed of both legacy and modernized traffic infrastructure. Security systems, tools and guidance are needed to aid in protecting CVs and the supporting…

Release Date: May 25, 2017

State of Cloud Adoption in APAC 2017

Release Date: April 23, 2017

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.