Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Get 50% off the Cloud Infrastructure Security training bundle with code 'unlock50advantage'

History

Overview
History
Board And Executive Management
CSA Staff
Join CSA
Available Jobs
Home
About
History

The issues and opportunities surrounding cloud computing gained considerable notice in 2008 within the information security community. In November of 2008 at the ISSA CISO Forum in Las Vegas, the concept of the Cloud Security Alliance was born. Following a presentation of emerging trends by Jim Reavis that included a call to action for securing cloud computing, Reavis and Nils Puhlmann outlined the initial mission and strategy of the CSA. A series of organizational meetings with industry leaders in early December 2008 formalized CSA’s founding. CSA’s outreach to the information security community to create its initial work product for the 2009 RSA Conference resulted in dozens of volunteers to research, author, edit and review CSA’s first whitepaper.


Selected Milestones

2009: Incorporated, Issued the first comprehensive best practices for secure cloud computing, “Security Guidance for Critical Areas of Focus for Cloud Computing”

2010: Created and maintains the Cloud Controls Matrix (CCM), the world’s only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations
2010: Created the first and only user credential for cloud security, the Certificate of Cloud Security Knowledge (CCSK)

2011: Hosted the White House at our CSA Summit to announce the US Federal Cloud Strategy

2012: Established CSA Europe in Edinburgh, UK
2012: Launched the registry of cloud provider security practices, the CSA Security, Trust and Assurance Registry (STAR)

2013: Established CSA Asia Pacific in Singapore
2013: Launched CSA STAR Certification
2013: Release Big Data Security & Privacy Research

2014: Established representation in Peoples Republic of China
2014: Release Software Defined Perimeter Specifications
2014: Launched CSA STAR Attestation

2015: Releases Security Framework for Governmental Clouds
2015: Hosts first annual Federal Summit
2015: Unveils Security Guidance for Early Adopters of the IoT
2015: CSA STAR Registry surpasses 100 entries
2015: With ISC² debuts the Certified Cloud Security Professional (CCSP), a new cloud security certification
2015: Establishes Asia-Pacific Education Council
2015: CSA C-STAR Assessment expands to China

2016: Forms Australia/New Zealand Regional Coordinating Body
2016: Releases ‘The Treacherous Twelve’ Cloud Computing Top Threats in 2016
2016: Issues Big Data Security and Privacy Handbook: 100 Best Practices in Big Data Security and Privacy

2017: STARWatch Cloud Security Management Application becomes generally available
2017: Establishes Third-Party Global Consultancy program
2017: Releases major updates to Guidance v4.0
2017: Issues Code of Conduct for GDPR Compliance
2017: Releases significant updates to CCSKv4

Founding Members

Phil Agcaoili
Jerry Archer
Todd Barbee
Jeff Bardin
Girish Bhat
Alan Boehme
Larry Brock
Glenn Brunette
Jake Brunetto
Jon Callas
Sean Catlett
Shawn Chaput
Jay Chaudhry
Anton Chuvakin
Philippe Courtot
Dave Cullinane
Joshua Davis
Dr Ken Fauth
Robert Fly
Jeff Forristal
Pam Fusco
Francoise Gilbert
Edward Haletky
Jim Hietala
Christofer Hoff
Dennis Hurst
Michael Johnson
Shail Khiyara
Subra Kumaraswamy
Paul Kurtz
Mark Leary
Liam Lynch
Tim Mather
Scott Matsumoto
Dave Morrow
Izak Mutlu
Brian O’Higgins
Jean Pawluk
Josh Pennell
Nils Puhlmann
Jim Reavis
George Reese
Jeff Reich
Jeffrey Ritter
Ben Rothke
Stephen Sengam
Ward Spangenberg
Jeff Spivey
Michael Sutton
Lynne Terwoerds
Dave Tyson
John Viega
Dov Yoran
Josh Zachry

Founding Charter Companies

PGPQualysZscaler

Founding Affiliate Members

ISACA