Research Artifacts

Blockchain Demo

Blockchain Demo

Blockchain Demo - Kurt Seifried, Chief Blockchain Officer, Cloud Security Alliance

Release Date: 03/05/2019
Lessons From the Cloud

Lessons From the Cloud

Lessons from the Cloud - David Cass, Chief Information Security Officer Cloud and SaaS Operations & Global Partner Cloud Security Services, IBM

Release Date: 03/05/2019
Finally! Cloud Security for Unmanaged Devices…for All Apps

Finally! Cloud Security for Unmanaged Devices…for All Apps

Finally! Cloud Security for Unmanaged Devices…for All Apps - Nico Popp, Senior Vice President Information Protection, Symantec

Release Date: 03/05/2019
CSA STAR: The Leading Cloud Trust and Accountability Program

CSA STAR: The Leading Cloud Trust and Accountability Program

CSA STAR: The Leading Cloud Trust and Accountability Program - Daniele Cattaddu, Chief Technology Officer, CSA

Release Date: 03/05/2019
Taking Control of IoT

Taking Control of IoT

Taking Control of IoT - Hillary Baron, Research Analyst, CSA

Release Date: 03/05/2019
Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation

Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation

Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation - Rajiv Gupta, Senior Vice President, Cloud Security Business Unit, McAfee & Scott Howitt, Senior Vice President & Chief Information Security Officer, MGM Resorts International

Release Date: 03/05/2019
From GDPR to California Privacy: Managing Cloud Vendor Risk

From GDPR to California Privacy: Managing Cloud Vendor Risk

From GDPR to California Privacy: Managing Cloud Vendor Risk - Kevin Kiley, Vice President of Sales & Business Development, OneTrust

Release Date: 03/05/2019
Securing your IT Transformation to the Cloud

Securing your IT Transformation to the Cloud

Securing your IT Transformation to the Cloud - Jay Chaudhry, CEO and Founder of Zscaler & Bob Varnadoe, CISO at NCR & Tom Filip, Director of Global Security Architecture, Kellogg Company

Release Date: 03/05/2019
Can you trust your eyes? Context as the basis for “Zero Trust” systems

Can you trust your eyes? Context as the basis for “Zero Trust” systems

Can you trust your eyes? Context as the basis for “Zero Trust” systems - Jason Garbis, Vice President of Cybersecurity Products, Cyxtera

Release Date: 03/05/2019
Security Re-Defined: How Valvoline Went to the Cloud to Transform its Security Program and Accelerate Digital Transformation

Security Re-Defined: How Valvoline Went to the Cloud to Transform its Security Program and Accelerate Digital Transformation

Security Re-Defined: How Valvoline Went to the Cloud to Transform its Security Program and Accelerate Digital Transformation - Jason Clark, Chief Strategy Officer, Netskope & Bob Schuetter, Chief Information Security Officer, Valvoline

Release Date: 03/05/2019
CSA Summit at RSA Conference Presentations 2019

CSA Summit at RSA Conference Presentations 2019

CSA Summit at RSA Conference Presentations 2019.

Release Date: 03/05/2019
CSA Guide to the IoT Security Controls Framework

CSA Guide to the IoT Security Controls Framework

The Guide to the IoT Security Controls Framework provides instructions for using the companion CSA IoT Security Controls Framework spreadsheet. This guide explains how to use the framework to evaluate and implement an IoT system for your organization by providing a column by column description and explanation.

Release Date: 03/05/2019
CSA IoT Security Controls Framework

CSA IoT Security Controls Framework

The Internet of Things (IoT) Security Controls Framework introduces the base-level security controls required to mitigate many of the risks associated with an IoT system that incorporates multiple types of connected devices, cloud services, and networking technologies. The IoT Security Controls Framework provides utility across many IoT domains from systems processing only “low-value” data with limited impact potential, to highly sensitive systems that support critical services. The Framework also helps users identify appropriate security controls and allocate them to specific components within their IoT system.

Release Date: 03/05/2019
CAIQ-Lite

CAIQ-Lite

CSA and Whistic identified the need for a lighter-weight assessment questionnaire in order to accommodate the shift to cloud procurement models, and to enable cybersecurity professionals to more easily engage with cloud vendors. CAIQ-Lite was developed to meet the demands of an increasingly fast-paced cybersecurity environment where adoption is becoming paramount when selecting a vendor security questionnaire. CAIQ-Lite contains 73 questions compared to the 295 found in the CAIQ, while maintaining representation of 100% of the original 16 control domains present in The Cloud Controls Matrix (CCM) 3.0.1.

Release Date: 03/01/2019
High Performance Computing (HPC) Cloud Security Working Group Charter

High Performance Computing (HPC) Cloud Security Working Group Charter

To develop a holistic security framework for cloud infrastructure architected for High Performance Computing needs, with the aim of securing where the cloud environment and High-Performance Computing (HPC) cross paths.

Release Date: 02/26/2019
Requirements for Bodies Providing STAR Certification

Requirements for Bodies Providing STAR Certification

This document outlines how to conduct a STAR certification assessments to the Cloud Controls Matrix (CCM) as part of an ISO 27001 assessment.

Release Date: 02/22/2019
CCM Mapping Workpackage Template

CCM Mapping Workpackage Template

This document is the companion document to the Methodology for the Mapping of the Cloud Controls Matrix (CCM). It is a CCM mapping workpackage template that can be used by organizations who want to map their frameworks to the CCM.

Release Date: 02/14/2019
The 12 Most Critical Risks for Serverless Applications

The 12 Most Critical Risks for Serverless Applications

The 12 Most Critical Risks for Serverless Applications 2019 document is meant to serve as a security awareness and education guide. This report was curated and maintained by top industry practitioners and security researchers with vast experience in application security, cloud, and serverless architectures.

Release Date: 02/11/2019
The Future of Healthcare

The Future of Healthcare

Globally the Healthcare Industry is a significant component of any country’s infrastructure. In sheer market size, the health care market in the United States of America is the largest in the world. The size of the market means that there is unequaled purchasing power, demand, and opportunity for innovation. In contrast, by structure, reimbursement systems, regulation, issues of access, and complexity it is one of the most opaque.

Release Date: 02/04/2019
Cloud Incident Response Charter

Cloud Incident Response Charter

To develop a holistic Cloud Incident Response (CIR) framework that comprehensively covers key causes of cloud outages (both security and non-security related), and their handling and mitigation strategies.

Release Date: 01/21/2019
CCM v3.0.1 Addendum - BSI Germany C5 v1

CCM v3.0.1 Addendum - BSI Germany C5 v1

This document is an addendum to the Cloud Controls Matrix (CCM) V3.0.1 controls. It contains the additional controls that serves to bridge the gap between CCM and the German Federal Office for Information Security (BSI) Compliance Controls Catalogue (C5).

Release Date: 01/18/2019
CCM v3.0.1 Addendum - ISO 27002 27017 27018 v1.1

CCM v3.0.1 Addendum - ISO 27002 27017 27018 v1.1

This document is an addendum to the Cloud Controls Matrix (CCM) V3.0.1 controls. It contains the additional controls that serves to bridge the gap between CCM and ISO/IEC 27002:2013, ISO/IEC 27017:2015 and ISO/IEC 27018:2014.

Release Date: 01/18/2019
Enterprise Resource Planning and Cloud Adoption

Enterprise Resource Planning and Cloud Adoption

The “Impact of Cloud on ERP” survey report was designed to assess the impact of ERP solutions on organizations and better understand cloud preparation and data migration needs to implement ERP solutions in the cloud. Features and benefits gained, security and privacy challenges, and time to deploy for an ERP Solution in a cloud environment were explored.

Release Date: 01/11/2019