Mission Statement

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more

Check out our calendar of upcoming CCSK & CCM training courses

Latest News

April 17, 2017

Cloud Security Alliance Hosts Successful APAC Summit 2017

Singapore – April 13, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that it successfully hosted its 6th annual CSA APAC Summit in Singapore on April 10, 2017. The one-day event was attended by thought…

April 03, 2017

CSA to Host Inaugural Summit in Boston

First Annual Boston Event to Focus on Cloud Revolution and Accelerating Business BOSTON, MA – April 3, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that the CSA Boston Chapter is hosting the…

March 15, 2017

CSA Launches 2 New Research Working Groups with Huawei – Call for Participation

In our mission to build a more secure Cloud ecosystem, the Cloud Security Alliance (CSA) is commencing on working on 2 new research working groups together with our executive member Huawei. Cloud Component Specifications WG Looking at the current environment, there are several internationally recognized standards that guide and evaluate cloud service providers in ISMS…

March 13, 2017

Call for Participation: SaaS Governance Working Group

The Cloud Security Alliance would like to invite you to participate in the SaaS Governance Working Group. The SaaS Governance working group aims to benefit all parties in the Software-as-a-Service (SaaS) ecosystem by supporting a common understanding of SaaS related risks from the perspectives of the cloud customer and cloud service provider. We are currently…

February 27, 2017

Searching for Blockchain Co-Chair

CSA is searching for another co-chair to help lead the Blockchain / Distributed Ledger working group who is preferably from the financial side. Being a co-chair of the work group presents great opportunities such as networking and interacting closely with volunteers representing some of the top minds in information security and cloud computing. Responsibilities include:…

February 13, 2017

Cloud Security Alliance Establishes New Third-Party Consultancy Program to Ensure Best Practices in Secure Cloud Implementation

CSA Names Optiv As First Certified Provider for New Program SAN FRANCISCO, CA – February 13, 2017 – RSA Conference 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the formation of the CSA Global…

February 13, 2017

Cloud Security Alliance Releases New Software Defined Perimeter for Infrastructure-as-a-Service Research

New Report Outlines How SDP Can Be Applied to Infrastructure-as-a-Service Environments, Including Requirements, Benefits and Key Use Cases SAN FRANCISCO, CA – February 13, 2017 – RSA Conference 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment,…

February 13, 2017

Cloud Security Alliance Announces General Availability of STARWatch Cloud Security Management Application

Compliance Management SaaS Application Formally Launches Boasting More than 250 Active Users SAN FRANCISCO – February 13, 2017 – RSA Conference 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the launch of STARWatch, a…

See all news

Press Coverage

EcnonoTimes | April 04, 2017

Cloud Security Alliances annual Boston Summit to focus on blockchain

SC Magazine | April 03, 2017

Tools are never a solution

Data Center News Asia | March 09, 2017

Curing security alert fatigue while still protecting your cloud infrastructure

Dataversity | February 24, 2017

80 Percent of IT and Security Professionals Admit to Using Antiquated Collaboration Tools

Beta News | February 21, 2017

The top three barriers to digital transformation

eWEEK | February 21, 2017

Cloud Security Alliance Adds New Tools to Improve Compliance

Channel Partners | February 21, 2017

RSA Trends: Cloud, IoT, Cybersecurity Skills Gap Drive Security Services Demand

eSecurityPlanet | February 21, 2017

62 Percent of Companies Store Sensitive Customer Data in the Public Cloud

Search CIO | February 17, 2017

New security threat: Custom applications in the cloud

SearchCloudComputing | February 17, 2017

Beyond shadow IT risks, opportunity awaits

Security Intelligence | February 16, 2017

Shadow IT Clouds Security

CXO Today | February 16, 2017

Custom Enterprise Apps Posing Shadow Cloud Threats: CSA

FCW | February 15, 2017

Security in the Cloud

Help Net Security | February 15, 2017

Companies struggle to deploy security for custom applications

ReadItQuik | February 15, 2017

CSA Announces Global Consultancy Program

Dark Reading | February 14, 2017

National Security, Regulation, Identity Top Themes At Cloud Security Summit

eWEEK | February 14, 2017

Former NSA Chief Optimistic About Cloud Security

Enterprise Innovation | February 14, 2017

How can we secure our smart cities?

Yahoo Finance | February 13, 2017

Cloud Security Alliance Establishes New Third-Party Consultancy Program to Ensure Best Practices in Secure Cloud Implementation

Yahoo Finance | February 13, 2017

Cloud Security Alliance Announces General Availability of STARWatch Cloud Security Management Application

See all press

Recent Blog Posts

April 24, 2017

How to Choose a Sandbox

Grab a shovel and start digging through the details By Mathias Wilder, Area Director and General Manager/EMEA Central, Zscaler Businesses have become painfully aware that conventional approaches — virus signature scanning and URL filtering — are no longer sufficient in the fight against cyberthreats. This is in part because malware is constantly...

April 21, 2017

Self-Driving Information Security

By Jim Reavis, Co-founder and CEO, Cloud Security Alliance The prospects of autonomous self-driving vehicles becoming a pervasive presence on our roadways seems more likely everyday. From the big automakers to Tesla to Google to Uber, a wide range of companies are investing a tremendous amount of money to create...

April 17, 2017

There May Be a Shark Circling Your Data

By Jacob Serpa, Product Marketing Manager, Bitglass In today’s business environment, cybersecurity remains a topic of great importance. As more companies migrate to the cloud, security concerns continue to evolve. While BYOD (bring your own device) affords employees more flexibility as they work from a multitude of devices, it also exposes...

April 10, 2017

The Cure for Infectious Malware

By Chantelle Patel, Marketing Manager, Bitglass Organizations have seen rapid growth in cloud adoption over the last few years which in turn have introduced new threats and increased the risk of data leakage. Among the most prominent threats are malware and ransomware – long a problem on endpoints. With the advent...

April 04, 2017

Why You Need a CASB for GDPR Compliance

By Rich Campagna, Senior Vice President/Products & Marketing, Bitglass With enforcement of the EU’s General Data Protection Regulation (GDPR) is just over a year away in May, 2018, your planning efforts should already be well underway. Adoption of cloud applications across the EU continues at a rapid clip, and the...

March 31, 2017

CASB Is Eating the IDaaS Market

By Rich Campagna, Senior Vice President/Products & Marketing, Bitglass In the past 6-9 months, I’ve noticed a trend amongst Bitglass customers where more and more of them are opting to use the identity capabilities built into our  Cloud Access Security Broker (CASB) in lieu of a dedicated Identity as a Service (IDaaS)...

March 23, 2017

Brexit or Bust: What Does It Mean for Data?

By Nic Scott, Managing Director/UK, Code 42 What’s the latest on Brexit? When the UK government triggers Article 50, it will signal the start of the official two-year countdown until the UK leaves the European Union. According to UK Prime Minister Theresa May, this is still on track to happen at...

March 22, 2017

Odds Are in Quantum Encryption’s Favor

By Jane Melia, Vice President of Strategic Business Development , QuintessenceLabs and Co-chair, CSA Quantum-safe Security Working Group Image credit: Jeff Kubina No kinds of organizations have tighter security than the average casino. After all, the house always wins, and it wants to keep those winnings. A recent Wired article, however, explains how a...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Newsletter Archive

All of our past newsletters are available online for your convenience.

Read them here

Downloads

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.