Mission Statement

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more

Latest News

August 20, 2018

Cloud Security Alliance Releases Malaysia Financial Sector Cloud 
Adoption Report

Survey offers insight into areas of cloud adoption, IT security budgets, cloud computing, cyber security skills KUALA LUMPUR, MALAYSIA – August 20, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, and Malaysia Digital Economy Corporation…

August 08, 2018

CSA Releases Top Threats to Cloud Computing: Deep Dive

Paper identifies chief cloud security risks, how they fit in a greater security analysis BLACKHAT LAS VEGAS – AUGUST 8, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced the release of the Top Threats…

August 07, 2018

CSA, OWASP Issue Updated Guidance for Secure Medical 
Device Deployment

Report includes enhanced sections on purchasing and mechanism controls, as well as relevant FDA guidance BLACKHAT LAS VEGAS – AUGUST 7, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, in conjunction with the Open Web Application Security…

June 12, 2018

Cloud Security Alliance Issues Recommendations on Firmware Integrity 
in the Cloud Data Center

Group calls for more standardization from hardware manufacturers to improve security SEATTLE, WA – JUNE 12, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released a new position paper from the Cloud Security Industry Summit (CSIS)…

June 07, 2018

Volunteers Needed: Application Containers and Microservices Working Group

The CSA Application Containers and Microservices Working Group is searching for volunteers to participate in the development of whitepapers on best practices and challenges in securing containers and microservices. If you are interested in being part of these projects, please sign up for the working group here: https://cloudsecurityalliance.org/group/containerization/#_overview. If you don’t hear back within a…

June 05, 2018

Cloud Security Alliance Issues Code of Conduct Self-Assessment and Certification Tools for GDPR Compliance

New mechanisms offer vested parties structured, transparent path to meeting personal data protection requirements SEATTLE, WA and LONDON – JUNE 5, 2018 – InfoSecurity Europe Conference – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released the…

May 29, 2018

Open Survey: Enterprise Resource Planning and Cloud Adoption Survey

In February, the Cloud Security Alliance released ”The State of ERP Security in the Cloud” to provide IT and management professionals with a sound overview of cloud security for ERP systems. The following survey will attempt to better understand cloud preparation and migration, features and benefits gained, and the security and privacy challenges for an…

May 23, 2018

Cloud Security Alliance Releases The State of Post-Quantum Cryptography

Report offers an overview of challenges involved with future of data security SEATTLE, WA – May 23, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released its newest report, “The State of Post-Quantum Cryptography.”…

See all news

Press Coverage

Recent Blog Posts

August 20, 2018

EU GDPR vs US: What Is Personal Data?

  By Rich Campagna, Chief Marketing Officer, Bitglass May 25, 2018—GDPR enforcement day,—has come and gone with little fan fare (and about 6 quadrillion privacy policy updates), but that doesn’t mean we all know what to do to get into compliance. In fact, some measures put only one third of organizations in...

August 13, 2018

CVE and Cloud Services, Part 1: The Exclusion of Cloud Service Vulnerabilities

By Kurt Seifried, Director of IT, Cloud Security Alliance and Victor Chin, Research Analyst, Cloud Security Alliance The vulnerability management process has traditionally been supported by a finely balanced ecosystem, which includes such stakeholders as security researchers, enterprises, and vendors. At the crux of this ecosystem is the Common Vulnerabilities and Exposures...

July 31, 2018

Software-Defined Perimeter Architecture Guide Preview

Part 1 in a four-part series. By Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc. The Software-Defined Perimeter (SDP) Working Group was founded five years ago, with a mission to promote and evangelize a new, more secure architecture for managing user access to applications. Since the initial publication of the...

July 20, 2018

Convincing Organizations to Say “Yes to InfoSec”

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Security departments have their hands full. The first half of my career was government-centric, and we always seemed to be the “no” team, eliminating most initiatives before they started. The risks were often found to outweigh the benefits, and unless there was a very...

July 16, 2018

What Is a CASB?

By Dylan Press, Director of Marketing, Avanan Email is the #1 attack vector. Cloud Account Takeover is the #1 attack target. A CASB is the best way to protect against these threats. Gartner first defined the term Cloud Access Security Broker (CASB) in 2011, when most IT applications were hosted...

July 12, 2018

Avoiding Cyber Fatigue in Four Easy Steps

By Jon-Michael C. Brook, Principal, Guide Holdings, LLC Cyber alert fatigue. In the cybersecurity space, it is inevitable. Every day, there will be a new disclosure, a new hack, a new catchy title for the latest twist on an old attack sequence. As a 23-year practitioner, the burnout is a real thing,...

July 09, 2018

Methodology for the Mapping of the Cloud Controls Matrix

By Victor Chin, Research Analyst, Cloud Security Alliance The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud customers seeking to assess the overall security risk of a cloud service. To reduce compliance fatigue in the cloud services industry, the CCM...

June 29, 2018

Cloud Migration Strategies and Their Impact on Security and Governance

By Peter HJ van Eijk, Head Coach and Cloud Architect, ClubCloudComputing.com Public cloud migrations come in different shapes and sizes, but I see three major approaches. Each of these has very different technical and governance implications. Three approaches to cloud migration Companies dying to get rid of their data centers...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Downloads

CSA Malaysia FSI Report

Description: The “Cloud Adoption in the Malaysian Financial Services Industry (FSI) sector” survey was undertaken by CSA to understand and evaluate cloud adoption trends and concerns in the FSI in that country.

Release Date: August 20, 2018

CCM Mapping Workpackage Template

Description: This document is the companion document to the Methodology for the Mapping of the Cloud Controls Matrix (CCM). It is a CCM mapping workpackage template that can be used by organizations who want to map their frameworks to the CCM.

Release Date: August 13, 2018

Top Threats to Cloud Computing: Deep Dive

Description: This case study attempts to connect all the dots when it comes to security analysis by using nine anecdotes cited in the Top Threats for its foundation. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart’s format provides an attack-style…

Release Date: August 08, 2018

OWASP Secure Medical Devices Deployment Standard

Description: With the explosion of botnets and other malware that now target IoT devices (of which medical devices can be considered a subtype) the need for security-minded deployments of medical devices is now more essential than ever. This guide is intended to serve as comprehensive guide to the secure deployment of medical devices within a…

Release Date: August 07, 2018

Security Position Paper Network Function Virtualization – Chinese Translation

近五年来,随着云基础设施的能力和复杂性飞速演进,安全风险也相应上升。 虽然虚拟化已不是一个很新的概念,但几乎任何人都可以对计算、存储、网络和应 用程序等资源进行虚拟化的想法会增加安全威胁的影响和速度。同时,全球地缘政 治格局已从由机遇驱动的网络攻击转变为资金充足的国家行动。

Release Date: August 03, 2018

Using BlockChain Technology to Secure the Internet of Things – Chinese Translation

在过去的四年中,技术专家、首席数字官、营销经理、记者、博客作者和研究机构讨论 并 推广了一种新的分布式模型,将区块链技术应用于安全事务处理和存储。国际数据公司 IDC FutureScape 预测,到 2020 年,全球 20%的贸易融资将纳入区块链。

Release Date: August 03, 2018

Security Guidance v4.0 – Chinese Translation

欢迎来到云安全联盟关于云计算关键领域安全指南的第四个版本。云计算的兴起是一项不 断发展的技术,它带来了许多机遇和挑战。通过这个文档,我们的目标是提供指导和灵感来支 持业务目标,同时管理和减轻采用云计算技术相关的风险。

Release Date: August 03, 2018

GEAB State of the Cloud 2018 – Chinese Translation

云安全联盟全球企业顾问委员会成立于2016年,是由十多位行业的大型跨国公 司的顶尖专家组成的代表团队。该委员会的成立是为了表达大型IT终端用户的观点, 并融合云计算使用者信息安全相关的观点。

Release Date: August 03, 2018

CSA Code of Conduct for GDPR Compliance – Chinese Translation

云安全联盟 CSA 近期发布了 CoC for GDPR Compliance(CSA GDPR 合规行为准则),旨 在为云服务提供商(CSP)、云消费者、及相关企业提供 GDPR 合规解决方案,并提供涉及云服 务提供商应提交的关于数据保护级别的透明性准则。这个准则为各种规模的客户提供工具来评 估其个人数据保护水平从而支持决策。它也指导任何规模和地点的云服务提供商,遵守欧盟 (EU)个人数据保护法规,并以结构化的方式披露其提供给客户的个人数据保护级别。

Release Date: August 03, 2018

Building a Foundation for Successful Cyber Threat Intelligence Exchange – Chinese Translation

描述: 当前网络攻击的频率和复杂程度在不断提高。攻击者可能是个人,也可能是资源丰富、 组织严密的团伙。面对这样的威胁,企业如果只关注内部防护措施,可能建成最后被绕过 “马其顿防线”;如果只依赖自身的情报能力,可能面临攻防不对等的窘境。为了解决上述问 题,网络威胁情报(CTI, Cyber Threat Intelligence)

Release Date: August 03, 2018

Top Threats to Cloud Computing: Deep Dive

Description: This case study attempts to connect all the dots when it comes to security analysis by using nine anecdotes cited in the Top Threats for its foundation. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart’s format provides an attack-style…

Release Date: August 08, 2018

Cloud Security Alliance Code of Conduct for GDPR Compliance

Description: The CSA Code of Conduct is designed to offer both a compliance tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider.

Release Date: July 10, 2018

CCM Mapping Methodology

Description: The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud customers seeking to assess the overall security risk of a cloud service. The CSA CCM provides a detailed controls framework that is aligned with Cloud Security Alliance’s Security Guidance in 16 domains.

Release Date: July 09, 2018

Cloud Controls Matrix (CCM) v3.0.1 ISO Reverse Mapping

Description: This latest expansion to the CCM incorporates the ISO/IEC 27017:2015:2015 and ISO/IEC 27018:20147:2015 and ISO/IEC 27002:2013 controls, introduces a new approach to the development of the CCM, and an updated approach to incorporate new industry control standards.

Release Date: June 26, 2018

Firmware Integrity in the Cloud Data Center

Description: This paper presents the point of view from key stakeholders in datacenter development regarding how to build cloud infrastructure using secure servers and in order to enable customers to trust the cloud provider’s infrastructure at the hardware/firmware level. In general, security of a cloud server at the firmware level is comprised of two equally…

Release Date: June 12, 2018

Software Defined Perimeter Glossary

Description: The Software Defined Perimeter (SDP) Glossary is a reference document that brings together SDP related terms and definitions from various professional resources. The terms and supporting information in the SDP glossary cover a broad range of areas, including the components of SDP and common supporting technologies.

Release Date: June 12, 2018

The State of Post-Quantum Cryptography

Description: Most people pay little attention to the lock icon on their browser’s address bar that signifies a secure connection called HTTPS. This connection establishes secure communications by providing authentication of the website and web server as well as encryption of communications between the client and server. If the connection is not secure, then a…

Release Date: May 23, 2018

A Day Without Safe Cryptography

Description: Over the past fifty years, the digital age has sparked the creation of a remarkable infrastructure through which a nearly infinite variety of digital transactions and communications are executed, enabling businesses, education, governments, and communities to thrive and prosper. Millions of new devices are connecting to the Internet, creating, processing, and transferring digital information…

Release Date: April 19, 2018

GDPR Preparation and Awareness Survey Report

Description: Cloud computing, the Internet of Things, Artificial Intelligence, and other new technologies allow businesses to have better customer engagement, more access to data, and powerful analytical tools. Providers are racing to bring these technologies to the enterprise and users are anxious to take advantage of their benefits.

Release Date: April 17, 2018

State of Cloud Report

Description: Innovators and early adopters have been using cloud for years taking advantage of the quicker deployment, greater scalability, and cost saving of services. The growth of cloud computing continues to accelerate offering more solutions with added features and benefits, including security.

Release Date: April 16, 2018

Best Practices for Cyber Incident Exchange

Description: No organization is immune from cyber attack. Malicious actors collaborate with skill and agility, effectively moving from target to target at a breakneck pace. New attacks are directed at dozens of companies within the first 24 hours and hundreds within a few days.

Release Date: April 16, 2018

Using Blockchain Technology to Secure the Internet of Things

Description: In the last four years, technical experts, chief digital officers, marketing managers, journalists, bloggers and research institutions have discussed and promoted a new distributed model for secure transaction processing and storage using blockchain technology. IDC FutureScape predicted that by 2020, 20% of global trade finance will incorporate blockchain.

Release Date: February 13, 2018

The State of Enterprise Resource Planning Security in the Cloud

Description: The State of ERP Security in the Cloud briefly highlights some of the issues and challenges of migrating ERP solutions to the cloud. The document examines common security and privacy risks that organizations might incur during a transition to the cloud, as well as how organizations have mitigated these hazards.

Release Date: February 07, 2018

Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Description: The CAIQ is based upon the CCM and provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix.

Release Date: October 12, 2017

Cloud Controls Matrix v3.0.1 (9-1-17 Update)

Description: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.

Release Date: October 03, 2017

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Description: The rise of cloud computing as an ever-evolving technology brings with it a number of opportunities and challenges. With this document, we aim to provide both guidance and inspiration to support business goals while managing and mitigating the risks associated with the adoption of cloud computing technology.

Release Date: July 26, 2017

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

This website uses third-party profiling cookies to provide services in line with the preferences you reveal while browsing the Website. By continuing to browse this Website, you consent to the use of these cookies. If you wish to object such processing, please read the instructions described in our Privacy Policy.