Cloud 101CircleEventsBlog
The CCSK v5 and Security Guidance v5 are now available!



The issues and opportunities surrounding cloud computing gained considerable notice in 2008 within the information security community. In November of 2008 at the ISSA CISO Forum in Las Vegas, the concept of the Cloud Security Alliance was born. Following a presentation of emerging trends by Jim Reavis that included a call to action for securing cloud computing, Reavis and Nils Puhlmann outlined the initial mission and strategy of the CSA. A series of organizational meetings with industry leaders in early December 2008 formalized CSA’s founding. CSA’s outreach to the information security community to create its initial work product for the 2009 RSA Conference resulted in dozens of volunteers to research, author, edit and review CSA’s first whitepaper.

Selected Milestones

2009: Incorporated, Issued the first comprehensive best practices for secure cloud computing, “Security Guidance for Critical Areas of Focus for Cloud Computing”

2010: Created and maintains the Cloud Controls Matrix (CCM), the world’s only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations
2010: Created the first and only user credential for cloud security, the Certificate of Cloud Security Knowledge (CCSK)

2011: Hosted the White House at our CSA Summit to announce the US Federal Cloud Strategy

2012: Established CSA Europe in Edinburgh, UK
2012: Launched the registry of cloud provider security practices, the CSA Security, Trust and Assurance Registry (STAR)

2013: Established CSA Asia Pacific in Singapore
2013: Launched CSA STAR Certification
2013: Release Big Data Security & Privacy Research

2014: Established representation in Peoples Republic of China
2014: Release Software Defined Perimeter Specifications
2014: Launched CSA STAR Attestation

2015: Releases Security Framework for Governmental Clouds
2015: Hosts first annual Federal Summit
2015: Unveils Security Guidance for Early Adopters of the IoT
2015: CSA STAR Registry surpasses 100 entries
2015: With ISC² debuts the Certified Cloud Security Professional (CCSP), a new cloud security certification
2015: Establishes Asia-Pacific Education Council
2015: CSA C-STAR Assessment expands to China

2016: Forms Australia/New Zealand Regional Coordinating Body
2016: Releases ‘The Treacherous Twelve’ Cloud Computing Top Threats in 2016
2016: Issues Big Data Security and Privacy Handbook: 100 Best Practices in Big Data Security and Privacy

2017: STARWatch Cloud Security Management Application becomes generally available
2017: Establishes Third-Party Global Consultancy program
2017: Releases major updates to Guidance v4.0
2017: Issues Code of Conduct for GDPR Compliance
2017: Releases significant updates to CCSKv4

Founding Members

Phil Agcaoili
Jerry Archer
Todd Barbee
Jeff Bardin
Girish Bhat
Alan Boehme
Larry Brock
Glenn Brunette
Jake Brunetto
Jon Callas
Sean Catlett
Shawn Chaput
Jay Chaudhry
Anton Chuvakin
Philippe Courtot
Dave Cullinane
Joshua Davis
Dr Ken Fauth
Robert Fly
Jeff Forristal
Pam Fusco
Francoise Gilbert
Edward Haletky
Jim Hietala
Christofer Hoff
Dennis Hurst
Michael Johnson
Shail Khiyara
Subra Kumaraswamy
Paul Kurtz
Mark Leary
Liam Lynch
Tim Mather
Scott Matsumoto
Dave Morrow
Izak Mutlu
Brian O’Higgins
Jean Pawluk
Josh Pennell
Nils Puhlmann
Jim Reavis
George Reese
Jeff Reich
Jeffrey Ritter
Ben Rothke
Stephen Sengam
Ward Spangenberg
Jeff Spivey
Michael Sutton
Lynne Terwoerds
Dave Tyson
John Viega
Dov Yoran
Josh Zachry

Founding Charter Companies


Founding Affiliate Members