Latest News

03/05/2019

Cloud Security Alliance Debuts Internet of Things (IoT) 
Controls Framework and Accompanying Guide

Framework introduces base-level security controls required to mitigate numerous risks associated with IoT systems SAN FRANCISCO – March 4, 2019 – RSA CONFERENCE 2019– The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practic...

03/04/2019

Cloud Security Alliance Announces Decade of Vision Leadership Award Winners

CSA announced the recipients of its Decade of Vision Leadership award, given to the three founding CEOs, who provided the initial startup funding, plus consistent support, mentoring, and evangelism of the CSA mission on a global basis over the last 10 years. The awards were presented at the CSA Summit at RSA Conference.

03/04/2019

Cloud Security Alliance and Internet Security Conference Sign Memorandum of Understanding

As part of the agreement—and at the invitation of the Internet Security Conference (ISC), one of the most insightful high-profile events on network security in Asia-Pacific and worldwide—the CSA will host a CSA Summit co-located with the ISC event in Beijing on Aug. 21-22, 2019. Founded in 2013, the ISC has been successfully held for six years, during which time it has been well recognized, supported and participated by governments, think tanks, business executives, academia, industry influences and technical elites.

03/04/2019

Cloud Security Alliance Launches STAR Continuous, a Compliance Assessment Program for Cloud Service Providers

Chance to align security validation capabilities with cloud security compliance gives enterprises a competitive edge SAN FRANCISCO – March 4, 2019 – RSA CONFERENCE 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best pra...

03/04/2019

Cloud Security Alliance Debuts the Knowledge Center, a Comprehensive 
E-Learning Platform

Offers individuals, enterprises high-quality flexible training to complement and enhance knowledge, schedules and budgets SAN FRANCISCO – March 4, 2019 – RSA CONFERENCE 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of bes...

03/01/2019

CSA and Whistic Unveil Streamlined Consensus Assessments Initiative Questionnaire (CAIQ)

The beta version of CAIQ-Lite released today represents every security control domain from the original questionnaire in a shorter, 73 question format. Citing the increased focus on cloud vendor security and the need for organizations worldwide to perform a significantly higher volume of assessments on a growing population of cloud vendors, Whistic and CSA worked together to develop a Lite version that focused more on accessibility and ease of use for both cloud vendors and the enterprises performing the vendor security risk assessments.

01/24/2019

Cloud Security Alliance Celebrates 10th Anniversary at CSA Summit at RSA Conference 2019

IBM, Starbucks, Turner CISOs to Give Keynote Addresses SEATTLE – RSA CONFERENCE 2019 - Jan. 24, 2019 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today a...

01/14/2019

New Cloud Security Alliance Study Finds Cybersecurity Incidents and Misconceptions Both Increase as Critical ERP Systems Migrate to Clouds

Seattle, WA – January 11, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released the findings from the first research survey on “Enterprise Re...

12/20/2018

Cloud Security Alliance, National Technology Security Coalition Release “Streamlining Vendor IT Security and Risk Assessments” Whitepaper

Report advocates for a new approach to how organizations manage risks, achieve assurance, and enable trust in the cloudSEATTLE – Dec. 20, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure...

12/11/2018

Cloud Security Alliance Announces 2018 Ron Knode Service 
Award Recipients

Volunteers recognized for dedication, efforts to furthering cloud security best practicesORLANDO – Dec. 11, 2018 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment...

See all news

Press Coverage

Find Biometrics | March 19, 2019

Nok Nok and FIDO Receive Industry Recognition for Digital Security Contributions

Security Boulevard | March 18, 2019

Evolution of the RSA Conference and What It Means for the Future of Cybersecurity

Dark Reading | March 12, 2019

The 12 Worst Serverless Security Risks

Network World | March 11, 2019

Software-defined perimeter brings trusted access to multi-cloud applications, network resources

BankInfoSecurity.com | March 08, 2019

Highlights of RSA Conference

Telecompaper | March 06, 2019

Cloud Security Alliance debuts IoT controls framework, accompanying guide

Infosecurity Magazine | March 05, 2019

#CSASummit: Ten Years of Cloud Brought Risk, Regulations and Reliability

BankInfoSecurity.com | March 05, 2019

Digital Transformation Needs Security Transformation, Too

Xinhua | March 05, 2019

Int’l cybersecurity organization eyes closer cooperation with China

TechHQ | March 01, 2019

Tread carefully on the cloud with ERP

Security Boulevard | February 28, 2019

The 12 Most Critical Risks for Serverless Applications 2019 Guide

SDxCentral | February 27, 2019

Meta Networks Expands NaaS Software-Defined Perimeter SDxCentral

StateTech Magazine | February 27, 2019

The Cloud Certifications State and Local Government Employees Need

ITworld | February 21, 2019

Moving ERP to the cloud? Expect delays

eWeek | February 19, 2019

Pulse Secure Adds Software Defined Perimeter to Secure Access Platform

MIT Tech News | February 15, 2019

Cybersecurity Expert Stiennon’s Latest Book: Secure Cloud Transformation

Security Boulevard | February 12, 2019

DevOps Chat: DisruptOps: SecurityOps, Disrupted – RSAC Edition

Trade Arabia | February 11, 2019

Prioritizing security in a multi-cloud world

IT Brief New Zealand | February 11, 2019

Microsoft launches bot service for healthcare sector

Government Technology | February 10, 2019

To Understand IoT Security: Look to the Clouds

See all press coverage

Recent Blog Posts

March 25, 2019

12 Ways Cloud Upended IT Security (And What You Can Do About It)

By Andrew Wright, Co-founder & Vice President of Communications, Fugue The cloud represents the most disruptive trend in enterprise IT over the past decade, and security teams have not escaped turmoil during the transition. It’s understandable for security professionals to feel like they’ve lost some control in the cloud and feel frustrated while attempting to get […]


March 21, 2019

Better Vulnerability Management: How to Master Container Security in Three Steps

By Nate Dyer, Product Marketing Director, Tenable Application containers like Docker have exploded in popularity among IT and development teams across the world. Since its inception in 2013, Docker software has been downloaded 80 billion times and more than 3.5 million applications have been “dockerized” to run in containers. With all the enthusiasm and near-mainstream […]


March 19, 2019

Continuous Auditing – STAR Continuous – Increasing Trust and Integrity

By John DiMaria, Assurance Investigatory Fellow, Cloud Security Alliance As a SixSigma Black Belt I was brought up over the years with the philosophy of continual monitoring and improvement, moving from a reactive state to a preventive state. Actually, I wrote a white paper a couple of years ago on how SixSigma is applied to […]


March 18, 2019

Are Cryptographic Keys Safe in the Cloud?

By Istvan Lam, CEO, Tresorit By migrating data to the cloud, businesses can enjoy scalability, ease of use, enhanced collaboration and mobility, together with significant cost savings. The cloud can be especially appealing to subject-matter experts as they no longer have to invest in building and maintaining their own infrastructure. However, the cloud also brings challenges when it comes to information […]


March 14, 2019

Cornerstone Capabilities of Cloud Access Security Brokers

By Jacob Serpa, Marketing Manager, Bitglass Traditional security tools are not built to protect cloud data that is accessed from personal devices around the clock and around the world. With the rise of bring your own device (BYOD) and cloud-based tools like AWS, Office 365, and Salesforce, it can be challenging to figure out which technologies are needed to keep […]


March 12, 2019

Webinar: The Ever Changing Paradigm of Trust in the Cloud

By CSA Staff The CSA closed its 10th annual Summit at RSA on Monday, and the consensus was that the cloud has come to dominate the technology landscape and revolutionize the market, creating a tectonic shift in accepted practice. The advent of the cloud has been a huge advancement in technology. Today’s need for flexible […]


March 12, 2019

CSA Summit Recap Part 2: CSP & CISO Perspective

By Elisa Morrison, Marketing Intern, Cloud Security Alliance When CSA was started in 2009, Uber was just a German word for ‘Super’ and all CSA stood for was Community Supported Agriculture. Now in 2019, spending on cloud infrastructure has finally exceeded on-premises, and CSA is celebrating its 10th anniversary. For those who missed the Summit, […]


March 8, 2019

CSA Summit Recap Part 1: Enterprise Perspective

By Elisa Morrison, Marketing Intern, Cloud Security Alliance CSA’s 10th anniversary, coupled with the bestowal of the Decade of Excellence Awards gave a sense of accomplishment to this Summit that bodes well yet also challenges the CSA community to continue its pursuit of excellence. The common theme was the ‘Journey to the Cloud’ and emphasized […]


March 7, 2019

CCSK Success Stories: From an Information Systems Security Manager

By the CSA Education Team This is the third part in a blog series on Cloud Security Training. Today, we will be interviewing Paul McAleer. Paul is a Marine Corps veteran and currently works as an Information Systems Security Manager (ISSM) at Novetta Solutions, an advanced data analytics company headquartered in McLean, VA.  He holds the […]


March 5, 2019

A Decade of Vision

By Jim Reavis, Co-founder and CEO, Cloud Security Alliance Developing a successful and sustainable organization is dependent upon a lot of factors: quality services, a market vision, focus, execution, timing and maybe a little luck. For Cloud Security Alliance, now celebrating our 10th anniversary, I would add one more factor—believers.  While we have had a few […]


Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Research Artifacts

Blockchain Demo

Blockchain Demo

Blockchain Demo - Kurt Seifried, Chief Blockchain Officer, Cloud Security Alliance

Release Date: 03/05/2019
Lessons From the Cloud

Lessons From the Cloud

Lessons from the Cloud - David Cass, Chief Information Security Officer Cloud and SaaS Operations & Global Partner Cloud Security Services, IBM

Release Date: 03/05/2019
Finally! Cloud Security for Unmanaged Devices…for All Apps

Finally! Cloud Security for Unmanaged Devices…for All Apps

Finally! Cloud Security for Unmanaged Devices…for All Apps - Nico Popp, Senior Vice President Information Protection, Symantec

Release Date: 03/05/2019
CSA STAR: The Leading Cloud Trust and Accountability Program

CSA STAR: The Leading Cloud Trust and Accountability Program

CSA STAR: The Leading Cloud Trust and Accountability Program - Daniele Cattaddu, Chief Technology Officer, CSA

Release Date: 03/05/2019
Taking Control of IoT

Taking Control of IoT

Taking Control of IoT - Hillary Baron, Research Analyst, CSA

Release Date: 03/05/2019
Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation

Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation

Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation - Rajiv Gupta, Senior Vice President, Cloud Security Business Unit, McAfee & Scott Howitt, Senior Vice President & Chief Information Security Officer, MGM Resorts International

Release Date: 03/05/2019
From GDPR to California Privacy: Managing Cloud Vendor Risk

From GDPR to California Privacy: Managing Cloud Vendor Risk

From GDPR to California Privacy: Managing Cloud Vendor Risk - Kevin Kiley, Vice President of Sales & Business Development, OneTrust

Release Date: 03/05/2019
Securing your IT Transformation to the Cloud

Securing your IT Transformation to the Cloud

Securing your IT Transformation to the Cloud - Jay Chaudhry, CEO and Founder of Zscaler & Bob Varnadoe, CISO at NCR & Tom Filip, Director of Global Security Architecture, Kellogg Company

Release Date: 03/05/2019
Can you trust your eyes? Context as the basis for “Zero Trust” systems

Can you trust your eyes? Context as the basis for “Zero Trust” systems

Can you trust your eyes? Context as the basis for “Zero Trust” systems - Jason Garbis, Vice President of Cybersecurity Products, Cyxtera

Release Date: 03/05/2019
Security Re-Defined: How Valvoline Went to the Cloud to Transform its Security Program and Accelerate Digital Transformation

Security Re-Defined: How Valvoline Went to the Cloud to Transform its Security Program and Accelerate Digital Transformation

Security Re-Defined: How Valvoline Went to the Cloud to Transform its Security Program and Accelerate Digital Transformation - Jason Clark, Chief Strategy Officer, Netskope & Bob Schuetter, Chief Information Security Officer, Valvoline

Release Date: 03/05/2019
CAIQ-Lite

CAIQ-Lite

CSA and Whistic identified the need for a lighter-weight assessment questionnaire in order to accommodate the shift to cloud procurement models, and to enable cybersecurity professionals to more easily engage with cloud vendors. CAIQ-Lite was developed to meet the demands of an increasingly fast-paced cybersecurity environment where adoption is becoming paramount when selecting a vendor security questionnaire. CAIQ-Lite contains 73 questions compared to the 295 found in the CAIQ, while maintaining representation of 100% of the original 16 control domains present in The Cloud Controls Matrix (CCM) 3.0.1.

Release Date: 03/01/2019
Top Threats to Cloud Computing: Deep Dive

Top Threats to Cloud Computing: Deep Dive

This case study attempts to connect all the dots when it comes to security analysis by using nine anecdotes cited in the Top Threats for its foundation. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart’s format provides an attack-style synopsis of the actor, spanning from threats and vulnerabilities to end controls and mitigations. We encourage architects and engineers to use this information as a starting point for their own analysis and comparisons.

Release Date: 08/08/2018
Cloud Security Alliance Code of Conduct for GDPR Compliance

Cloud Security Alliance Code of Conduct for GDPR Compliance

The CSA Code of Conduct is designed to offer both a compliance tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider.

Release Date: 07/10/2018
Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Description: The CAIQ is based upon the CCM and provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix.

Release Date: 10/12/2017
Cloud Controls Matrix v3.0.1

Cloud Controls Matrix v3.0.1

Description: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.

Release Date: 10/03/2017
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

The rise of cloud computing as an ever-evolving technology brings with it a number of opportunities and challenges. With this document, we aim to provide both guidance and inspiration to support business goals while managing and mitigating the risks associated with the adoption of cloud computing technology.

Release Date: 07/26/2017