Latest News

11/20/2018

Cloud Security Alliance, SAFECode Announce DevSecOps Working 
Group Launch

Working group to focus on ensuring enterprises employ proper security throughout application deployment Seattle, WA – Nov. 20, 2018 – The Cloud Security Alliance (CSA) and the Software Assurance Forum for Excellence in Code (SAFECode) today announced the launch and call for participants f...

11/15/2018

Cloud Security Alliance’s CCSK Wins Cyber Defense Global Award for Leader Cybersecurity Training

SEATTLE, WA – Nov. 16, 2018– The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that its Certificate of Cloud Security Knowledge (CCSK), the first cr...

10/10/2018

Cloud Security Alliance Releases Guidelines on Effectively Managing Security Service in the Cloud

Newest paper offers clearly defined security responsibilities for vendors, customers across various cloud-service modelsSINGAPORE – October 11, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a...

09/27/2018

Cloud Security Alliance Establishes New European Headquarters, GDPR Center of Excellence in Berlin

Berlin, Germany – Sept. 27, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced that in response to rapid membership growth throughout the...

09/25/2018

Cloud Security Alliance Announces Speakers, Sessions 
for 8th Annual CSA Congress

Keynote presenters from the United Nations, Turners Broadcasting, Qualys and Arizona State to discuss global governance, the threat landscape and security innovations that address new cloud security frontiers Seattle, WA – Sept. 25, 2018 – The Cloud Security Alliance (CSA), the world’s lead...

08/20/2018

Cloud Security Alliance Releases Malaysia Financial Sector Cloud 
Adoption Report

Survey offers insight into areas of cloud adoption, IT security budgets, cloud computing, cyber security skills KUALA LUMPUR, MALAYSIA – August 20, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to hel...

08/08/2018

CSA Releases Top Threats to Cloud Computing: Deep Dive

Paper identifies chief cloud security risks, how they fit in a greater security analysis BLACKHAT LAS VEGAS – AUGUST 8, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure clou...

08/07/2018

CSA, OWASP Issue Updated Guidance for Secure Medical 
Device Deployment

Report includes enhanced sections on purchasing and mechanism controls, as well as relevant FDA guidance BLACKHAT LAS VEGAS – AUGUST 7, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure...

06/12/2018

Cloud Security Alliance Issues Recommendations on Firmware Integrity 
in the Cloud Data Center

Group calls for more standardization from hardware manufacturers to improve security SEATTLE, WA – JUNE 12, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing env...

06/07/2018

Volunteers Needed: Application Containers and Microservices Working Group

The CSA Application Containers and Microservices Working Group is searching for volunteers to participate in the development of whitepapers on best practices and challenges in securing containers and microservices. If you are interested in being part of these projects, please sign up for the wo...

See all news

Press Coverage

ITweb |November 09, 2018

How to manage and secure your digital workplace

Petri |November 02, 2018

Paul Thurrott’s Short Takes: November 2

Seeking Alpha |October 31, 2018

Microsoft Cloud Outpaces Amazon

Talk Markets |October 30, 2018

Microsoft Cloud Outpaces Amazon

Forbes |October 30, 2018

Securing Access To Critical Legacy Applications

The Street |October 25, 2018

Microsoft Rides Cloud to Impressive Earnings Beat; Markets Focus on Amazon Q3

Diginomica |October 23, 2018

Oracle OpenWorld 2018 – the cloud security story

GCN |October 23, 2018

How to catch security blind spots during a cloud migration

Denver Post |October 22, 2018

Arvada to Host 3rd Annual Cloud Security Alliance Fall Summit on November 8

Government Technology |October 20, 2018

Where Next With Cloud Security?

Syracuse University News |October 19, 2018

Awards & Recognition Program Honors 5 Alumni

IoT News |October 18, 2018

Crypto Quantique claims launch of first quantum-driven secure chip on silicon to strengthen IoT security

SmallCap Network |October 18, 2018

Cloud Security Market is Estimated to Reach $12.64 Billion by 2024

WICZ TV |October 18, 2018

New Report from NSFOCUS Analyzes 27 Million Attacks in H1 Cybersecurity Insights Report

DevOps.com |October 17, 2018

DevOps Chat: disrupt:Ops Brings Security Closer to DevOps

Security Boulevard |October 16, 2018

Using Application Analytics to Achieve Security at Scale

Prsync.com |October 16, 2018

Features of using cloud technologies for organisations

MobiHealthNews |October 15, 2018

Why healthcare data may be more secure with cloud computing

Plant Engineering |October 15, 2018

Six IoT implementation challenges and solutions

Security Boulevard |October 12, 2018

CCSP Domain 5: Operations

See all press coverage

Recent Blog Posts

November 20, 2018

Weigh in on the Cloud Control Matrix Addenda

Dear Colleagues, The Cloud Security Alliance would like to invite you to review and comment on the Cloud Control Matrix (CCM) addenda for the following standards: —German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5). (Add your comments to CCM-C5.) —ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018. (Add your comments to CCM-ISO.) These […]


November 20, 2018

Voice Your Opinion on the New Top Threats to Cloud Computing

Dear Colleagues, The CSA Top Threats Working Group is happy to announce the survey for the next iteration of the Top Threats to Cloud Computing report. This time round we have shortlisted 19 security issues from recurring issues such as Data Breaches and Insecure Interfaces and APIs to new issues such as Weak Control Plane.  […]


November 19, 2018

CCSK Success Stories: Cloud Security Training from a CTO’s Perspective

By the CSA Education Team We’re kicking off a series on cloud security training today with a Q&A with the Vice President and CTO of Fusion Risk Management, Cory Cowgill. With a background in enterprise software development spanning multiple industries, Cowgill has multiple certifications including Salesforce System Architect and Application Architect, Amazon Web Services Solution […]


November 16, 2018

AWS Cloud: Proactive Security and Forensic Readiness – Part 4

Part 4: Detective Controls in AWS By Neha Thethi, Information Security Analyst, BH Consulting Security controls can be either technical or administrative. A layered security approach to protecting an organization’s information assets and infrastructure should include preventative controls, detective controls and corrective controls. Preventative controls exist to prevent the threat from coming in contact with the weakness. […]


November 14, 2018

Data Breaches on the Rise in Financial Services

By Jacob Serpa, Product Marketing Manager, Bitglass Financial services organizations are a prime target for hackers looking to steal and sell valuable data. This is because these firms handle sensitive information known as PII, personally identifiable information, as well as other financial data. In Financial World: Breach Kingdom, Bitglass’ latest financial breach report, the Next-Gen CASB reveals information about […]


November 12, 2018

Cloud Security Alliance Releases Minor Update to CCM v3.0.1

By the CSA Research Team The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Working Group has released a minor update for the CCM v3.0.1. This update incorporates mappings to IEC 62443-3-3 and BSI Compliance Controls Catalogue (C5). The CCM is specifically designed to provide fundamental security principles to guide cloud vendors and to assist […]


November 9, 2018

Cloud Security Alliance Announces the Release of the Spanish Translation of Guidance 4.0

By JR Santos, Executive Vice President of Research, Cloud Security Alliance. The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the release of Guidance for Critical Areas of Focus in Cloud Computing 4.0 in Spanish. This is the […]


November 8, 2018

Seven Reasons Why Proxy-based CASBs Are Required for Office 365

By Rich Campagna, Chief Marketing Officer, Bitglass A competing CASB vendor blogged recently on why proxy-based Cloud Access Security Brokers (CASBs) shouldn’t be used for Office 365. The post cites “7 reasons,” all of which are variations of just one reason: their CASB breaks each time Microsoft makes changes to Office 365.  What they call “application breakages” due to […]


November 5, 2018

Bitglass Security Spotlight: Uber, Apollo, & Chegg

By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity stories of recent weeks: —Uber fined $148 million over cover-up —Apollo database of 200 million contacts breached —Chegg hack exposes 40 million users’ credentials —Port of San Diego faces cyberattack Uber fined $148 million over cover-up In late 2016, Uber suffered a breach at […]


October 31, 2018

Bitglass Security Spotlight: Veeam, Mongo Lock, Password Theft, Atlas Quantum & the 2020 Census

By Jacob Serpa, Product Manager, Bitglass Here are the top cybersecurity headlines of recent weeks: —440 million email addresses exposed by Veeam —Unprotected MongoDB databases being targeted —42 million emails, passwords, and more leaked —Cold-boot attacks steal passwords and encryption keys —2 billion devices still vulnerable to Bluetooth attack —Atlas Quantum, cryptocurrency platform, breached —Security […]


Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Research Artifacts

Cloud Controls Matrix v3.0.1 (11-12-18 Update)

Cloud Controls Matrix v3.0.1 (11-12-18 Update)

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Working Group has released a minor update for the CCM v3.0.1. This update incorporates mappings to IEC 62443-3-3 and BSI Compliance Controls Catalogue (C5). File attached.

Release Date: 11/12/2018
CCM v3.0 - Chinese Translation

CCM v3.0 - Chinese Translation

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud customers seeking to assess the overall security risk of a cloud service. The CSA CCM provides a detailed controls framework that is aligned with Cloud Security Alliance’s Security Guidance in 16 domains.

Release Date: 10/19/2018
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 (Spanish Translation)

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 (Spanish Translation)

Con este documento, nuestro objetivo es proporcionar tanto orientación como inspiración para respaldar los objetivos comerciales, mientras se gestionan y mitigan los riesgos asociados con la adopción de la tecnología de computación en la nube.

Release Date: 10/19/2018
Guideline on Effectively Managing Security Service in the Cloud

Guideline on Effectively Managing Security Service in the Cloud

This initiative aims to develop a research whitepaper, focusing on building up a cloud security services management platform. This whitepaper will serve as a guideline for cloud service providers to secure its cloud platform and provide cloud security services to cloud users, for cloud users to select security qualified cloud service providers, for security vendors to develop their cloud-based security products and services.

Release Date: 10/19/2018
Using BlockChain Technology to Secure the Internet of Things - Japanese Translation

Using BlockChain Technology to Secure the Internet of Things - Japanese Translation

本書「IoT セキュリティのためのブロックチェーン技術の活用」は、Cloud Security Alliance (CSA)が公開して いる「Using Blockchain Technology to Secure the Internet of Things」の日本語訳です。本書は、CSA ジャパ ンが、CSA の許可を得て翻訳し、公開するものです。原文と日本語版の内容に相違があった場合には、原文が優先 されます。

Release Date: 10/03/2018
IoT Firmware Update Processes

IoT Firmware Update Processes

The traditional approach to updating software for IT assets involves analysis, staging and distribution of the update—a process that usually occurs during off-hours for the business. These updates typically have cryptographic controls (digital signatures) applied to safeguard the integrity and authenticity of the software.

Release Date: 09/20/2018
Code of Conduct for GDPR Compliance - Japanese Translation

Code of Conduct for GDPR Compliance - Japanese Translation

説明: 本書「GDPR 準拠の為の行動規範」は、Cloud Security Alliance (CSA)が公開している「CODE OF CONDUCT FOR GDPR COMPLIANCE」の日本語訳および一般社団法人日本クラウドセキュリティアライア ンス(CSAジャパン)が解説を加えたものです。本書は、CSAジャパンが、CSAの許可を得て翻訳し、公開 するものです。原文と日本語版の内容に相違があった場合には、原文が優先されます。

Release Date: 09/14/2018
CSA Malaysia FSI Report

CSA Malaysia FSI Report

The “Cloud Adoption in the Malaysian Financial Services Industry (FSI) sector” survey was undertaken by CSA to understand and evaluate cloud adoption trends and concerns in the FSI in that country.

Release Date: 08/20/2018
Top Threats to Cloud Computing: Deep Dive

Top Threats to Cloud Computing: Deep Dive

This case study attempts to connect all the dots when it comes to security analysis by using nine anecdotes cited in the Top Threats for its foundation. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart’s format provides an attack-style synopsis of the actor, spanning from threats and vulnerabilities to end controls and mitigations. We encourage architects and engineers to use this information as a starting point for their own analysis and comparisons.

Release Date: 08/08/2018
OWASP Secure Medical Devices Deployment Standard

OWASP Secure Medical Devices Deployment Standard

With the explosion of botnets and other malware that now target IoT devices (of which medical devices can be considered a subtype) the need for security-minded deployments of medical devices is now more essential than ever. This guide is intended to serve as comprehensive guide to the secure deployment of medical devices within a healthcare facility.

Release Date: 08/07/2018
Top Threats to Cloud Computing: Deep Dive

Top Threats to Cloud Computing: Deep Dive

This case study attempts to connect all the dots when it comes to security analysis by using nine anecdotes cited in the Top Threats for its foundation. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart’s format provides an attack-style synopsis of the actor, spanning from threats and vulnerabilities to end controls and mitigations. We encourage architects and engineers to use this information as a starting point for their own analysis and comparisons.

Release Date: 08/08/2018
Cloud Security Alliance Code of Conduct for GDPR Compliance

Cloud Security Alliance Code of Conduct for GDPR Compliance

The CSA Code of Conduct is designed to offer both a compliance tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider.

Release Date: 07/10/2018
Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Description: The CAIQ is based upon the CCM and provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix.

Release Date: 10/12/2017
Cloud Controls Matrix v3.0.1 (9-1-17 Update)

Cloud Controls Matrix v3.0.1 (9-1-17 Update)

Description: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.

Release Date: 10/03/2017
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

The rise of cloud computing as an ever-evolving technology brings with it a number of opportunities and challenges. With this document, we aim to provide both guidance and inspiration to support business goals while managing and mitigating the risks associated with the adoption of cloud computing technology.

Release Date: 07/26/2017