Mission Statement

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more

Check out our calendar of upcoming CCSK & CCM training courses

Latest News

May 25, 2017

Cloud Security Alliance Releases New Guidance for Connected Vehicle Security

New Report from Internet of Things (IoT) Working Group Identifies Vehicle Attack Vectors and Impacts, Provides Recommendations for Securing the Connected Vehicle Environment SEATTLE, WA – May 25, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing…

May 03, 2017

Cloud Security Alliance Announces Third Annual Federal Summit

Program to Feature Experts from DHS, HHS, and GSA on the State and Future of Cloud Security in Government and Industry, IoT and More Washington, DC – May 2, 2017 – The Cloud Security Alliance (CSA) today announced the line-up of featured speakers and discussions for its third annual Cloud Security Alliance Federal Summit, a…

May 01, 2017

Cloud Security Alliance Hosts 28th ISO/IEC JTC 1/SC 27 Meetings

NEW ZEALAND – April 25, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that it has successfully hosted the 28th ISO/IEC JTC 1/SC 27 Plenary and Working Group Meetings. The meeting in New…

April 17, 2017

Cloud Security Alliance Hosts Successful APAC Summit 2017

Singapore – April 13, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that it successfully hosted its 6th annual CSA APAC Summit in Singapore on April 10, 2017. The one-day event was attended by thought…

April 03, 2017

CSA to Host Inaugural Summit in Boston

First Annual Boston Event to Focus on Cloud Revolution and Accelerating Business BOSTON, MA – April 3, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that the CSA Boston Chapter is hosting the…

March 15, 2017

CSA Launches 2 New Research Working Groups with Huawei – Call for Participation

In our mission to build a more secure Cloud ecosystem, the Cloud Security Alliance (CSA) is commencing on working on 2 new research working groups together with our executive member Huawei. Cloud Component Specifications WG Looking at the current environment, there are several internationally recognized standards that guide and evaluate cloud service providers in ISMS…

March 13, 2017

Call for Participation: SaaS Governance Working Group

The Cloud Security Alliance would like to invite you to participate in the SaaS Governance Working Group. The SaaS Governance working group aims to benefit all parties in the Software-as-a-Service (SaaS) ecosystem by supporting a common understanding of SaaS related risks from the perspectives of the cloud customer and cloud service provider. We are currently…

February 27, 2017

Searching for Blockchain Co-Chair

CSA is searching for another co-chair to help lead the Blockchain / Distributed Ledger working group who is preferably from the financial side. Being a co-chair of the work group presents great opportunities such as networking and interacting closely with volunteers representing some of the top minds in information security and cloud computing. Responsibilities include:…

See all news

Press Coverage

EcnonoTimes | April 04, 2017

Cloud Security Alliances annual Boston Summit to focus on blockchain

SC Magazine | April 03, 2017

Tools are never a solution

Data Center News Asia | March 09, 2017

Curing security alert fatigue while still protecting your cloud infrastructure

Dataversity | February 24, 2017

80 Percent of IT and Security Professionals Admit to Using Antiquated Collaboration Tools

Beta News | February 21, 2017

The top three barriers to digital transformation

eWEEK | February 21, 2017

Cloud Security Alliance Adds New Tools to Improve Compliance

Channel Partners | February 21, 2017

RSA Trends: Cloud, IoT, Cybersecurity Skills Gap Drive Security Services Demand

eSecurityPlanet | February 21, 2017

62 Percent of Companies Store Sensitive Customer Data in the Public Cloud

Search CIO | February 17, 2017

New security threat: Custom applications in the cloud

SearchCloudComputing | February 17, 2017

Beyond shadow IT risks, opportunity awaits

Security Intelligence | February 16, 2017

Shadow IT Clouds Security

CXO Today | February 16, 2017

Custom Enterprise Apps Posing Shadow Cloud Threats: CSA

FCW | February 15, 2017

Security in the Cloud

Help Net Security | February 15, 2017

Companies struggle to deploy security for custom applications

ReadItQuik | February 15, 2017

CSA Announces Global Consultancy Program

Dark Reading | February 14, 2017

National Security, Regulation, Identity Top Themes At Cloud Security Summit

eWEEK | February 14, 2017

Former NSA Chief Optimistic About Cloud Security

Enterprise Innovation | February 14, 2017

How can we secure our smart cities?

Yahoo Finance | February 13, 2017

Cloud Security Alliance Establishes New Third-Party Consultancy Program to Ensure Best Practices in Secure Cloud Implementation

Yahoo Finance | February 13, 2017

Cloud Security Alliance Announces General Availability of STARWatch Cloud Security Management Application

See all press

Recent Blog Posts

May 25, 2017

New CSA Report Offers Observations, Recommendations on Connected Vehicle Security

By John Yeoh, Research Director/Americas, Cloud Security Alliance Connected Vehicles are in the news for introducing new features and capabilities to the modern automobile. Headlines also highlight security hacks that compromise vehicle operations and usability. While sources note that the vulnerabilities identified so far have been addressed, a greater understanding is...

May 22, 2017

A Management System for the Cloud – Why Your Organization Should Consider ISO 27018

By Alex Hsiung, Senior Associate, Schellman & Co. Cloud computing technologies have revolutionized the way organizations manage and store their information.  Where companies used to house and maintain their own data, a host of organizations have now made the switch to a cloud-based model due to the ease of use and...

May 19, 2017

Ransomware 101

By Jacob Serpa, Product Marketing Manager, Bitglass Unless you’ve been living under a rock for the last few weeks, you know that there has been a notable increase in cyberattacks around the world. Hackers have been spreading a type of ransomware called “WannaCry” via emails that trick recipients to open...

May 18, 2017

CTRL-Z and the Changing Data Landscape

By Mark Wojtasiak, Director of Product Marketing, Code42 The massive “WannaCry” ransomware attack that appeared in Europe last week and spread to over 150 countries is a perfect illustration of why enterprise data storage is in a period of flux. Today, organizations can choose to keep their data in the cloud,...

May 17, 2017

Malware: Painting a Picture

By Jacob Serpa, Product Marketing Manager, Bitglass Part One Now more than ever, companies are flocking to the cloud. Through a variety of software as a service (SaaS) and infrastructure as a service (IaaS), enterprises are able to raise their efficiency, increase their flexibility, and decrease costs. However, pursuing these...

May 11, 2017

Data Loss Threatens M&A Deals

By Jeremy Zoss, Managing Editor, Code42 One of the most popular breakout sessions at Evolution17 featured a great merger and acquisition (M&A) scenario: Midway through the deal, critical information leaks, devastating the value of the deal. How can you figure out how much info leaked—by whom and to whom? Here’s why...

May 09, 2017

What You Need to Know About Changes to the STAR Program

By Debbie Zaller, CPA, CISSP, PCI QSA, Principal, Schellman & Co., LLC The CSA recently announced that the STAR Program will now allow a one-time, first-year only, Type 1 STAR Attestation report. What is a Type 1 versus Type 2 examination and what are the benefits for starting with a...

May 05, 2017

Mind the Gap

By Matt Piercy, Vice President and General Manager EMEA, Zscaler The sheer number of IT departments that are not acknowledging the numerous security gaps for cyber-attackers to exploit is astonishing. The problem is that many of those within the industry believe they have their security posture under control but they haven’t...

Read the blog


CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more


CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Newsletter Archive

All of our past newsletters are available online for your convenience.

Read them here


Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update)

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: September 18, 2014

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Observations and Recommendations on Connected Vehicle Security

The introduction of Connected Vehicles (CVs) has been discussed for many years. Pilot implementations currently underway are evaluating CV operations in realistic municipal environments. CVs are beginning to operate in complex environments composed of both legacy and modernized traffic infrastructure. Security systems, tools and guidance are needed to aid in protecting CVs and the supporting…

Release Date: May 25, 2017

State of Cloud Adoption in APAC 2017

Release Date: April 23, 2017

Applied Quantum Safe Security

Release Date: March 13, 2017

SDP for IaaS

Release Date: February 13, 2017

Quantum Safe Security Glossary

Release Date: January 24, 2017

Cloud Adoption and Security in India

The “State on Cloud Adoption and Security in 2016: India” survey was circulated in an effort to understand and evaluate cloud computing trends in India. We hope to understand cloud adoption plans and usage from different industries in India and how cloud adoption can have an impact on organization business strategies and plans. This report…

Release Date: November 22, 2016

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.