Research Artifacts

What is Quantum Key Distribution?

What is Quantum Key Distribution?

The security of QKD relies on fundamental laws of nature, which are invulnerable to increasing computational power, new attack algorithms or quantum computers. It is secure against the most arbitrarily powerful eavesdroppers.

Release Date: 08/05/2015
Cloud Computing Market Maturity

Cloud Computing Market Maturity

This white paper reports the results of a recent study conducted by ISACA and the Cloud Security Alliance to examine cloud market maturity through four lenses: cloud use and satisfaction level, expected growth, cloud-adoption drivers, and limitations to cloud adoption.

Release Date: 07/15/2015
Security Considerations for Private vs. Public Clouds

Security Considerations for Private vs. Public Clouds

The Cloud Security Alliance teamed up with Palo Alto Networks to produce this whitepaper. A public cloud deployment occurs when a cloud’s entire infrastructure is owned, operated and physically housed by an independent Cloud Service Provider. A private cloud deployment consists of a cloud’s entire infrastructure owned, operated and physically housed by the tenant business itself, generally managed by its own IT infrastructure organization.

Release Date: 06/15/2015
The Mandate for Meaningful Cyber Incident Sharing for the Cloud

The Mandate for Meaningful Cyber Incident Sharing for the Cloud

New and increasingly significant cybersecurity breaches are reported practically every day. For most companies, it is no longer a matter of whether they will be attacked, but rather how long ago they were attacked. Enterprises and cloud providers alike need to understand the types of incidents that peers and technology partners are experiencing so that they can better protect themselves and their customers.

Release Date: 06/13/2015
Privacy Level Agreement - Version 2

Privacy Level Agreement - Version 2

PLA [V2] is intended to be used as an appendix to a Cloud Services Agreement, and to describe the level of privacy protection that the CSP will provide. While Service Level Agreements (“SLA”) are generally used to provide metrics and other information on the performance of the services, PLAs will address information privacy and personal data protection practices.

Release Date: 06/02/2015
SME Cloud Security

SME Cloud Security

This 2015 Hong Kong Small and Medium-sized Enterprises (SME) Cloud Adoption, Security and Privacy Readiness Survey was conducted by the Internet Society Hong Kong and the Cloud Security Alliance Hong Kong and Macau Chapter, who commissioned the Hong Kong Productivity Council (Council) to carry out telephone interviews with SMEs (<100 employees) in Hong Kong. The process was carried out over the course of three weeks and reviewed data from the Census and Statistics Bureau. The Council successfully collected 168responses for the survey. The research covered major industry sectors in Hong Kong. The survey questionnaire was developed based on the Cloud Security Alliance Cloud Controls Matrix and international standards with questions adapted to local conditions. The survey was sponsored by Microsoft Hong Kong.

Release Date: 06/01/2015
STAR Overview PDF

STAR Overview PDF

The CSA STAR Program is a publicly accessible registry designed to recognize the varying assurance requirements and maturity levels of providers and consumers, and is used by customers, providers, industries and governments around the world.

Release Date: 04/20/2015
Cloud Adoption In The Financial Services Sector

Cloud Adoption In The Financial Services Sector

We circulated the “How Cloud is Being Used in the Financial Sector” survey to IT and security professionals in financial services institutions. The goal was to further the discussion to these topics:

  • Describe your company’s approach to cloud computing.
  • Describe your private cloud policy.
  • What is your corporate risk assessment to cloud computing?
  • What features would you require from cloud providers?

And finally…

What is your primary reason for adopting cloud computing?

Beyond raising awareness around cloud service adoption, the findings of the survey provide insight into how decision makers in the financial services industry take action in their organization – from consolidating and standardizing on the most secure cloud services, to knowing which policies to apply to mitigate risks, and understanding where to focus when educating users.

Release Date: 03/05/2015
Mobile Application Security Testing Initiative Charter

Mobile Application Security Testing Initiative Charter

Mobile applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing. The Mobile Application Security Testing initiative will aim to create a safer cloud ecosystem for mobile applications by creating systematic approaches to application testing and vetting that helps integrate and introduce quality control and compliance to mobile application development and management.

Release Date: 02/16/2015
Cloud Adoption Practices & Priorities

Cloud Adoption Practices & Priorities

The benefits for enterprises moving to the cloud are clear: greater business agility, data availability, collaboration, and cost savings. The cloud is also changing how companies consume technology. Employees are more empowered than ever before to find and use cloud applications, often with limited or no involvement from the IT department, creating what’s called “shadow IT.” Despite the benefits of cloud computing, companies face numerous challenges including the security and compliance of corporate data, managing employee-led cloud usage, and even the development of necessary skills needed in the cloud era. By understanding the cloud adoption practices and potential risks, companies can better position themselves to be successful in their transition to the cloud.

In the 2014 Cloud Adoption Practices and Priorities (CAPP) survey, the Cloud Security Alliance sought to understand how IT organizations approach procurement and security for cloud services and how they perceive and manage employee-led cloud adoption. We asked IT and security professionals for their views on “shadow IT,” obstacles preventing cloud adoption, types of cloud services requested and blocked, security priorities, and governance practices. We uncovered stark differences between how companies in North America and Europe approach the cloud, and even how large enterprises differ from their smaller counterparts. As more IT departments look to play a greater role in enabling the safe adoption of cloud services, we hope these findings can provide some guidance.

Release Date: 01/09/2015
Big Data Taxonomy

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Release Date: 09/18/2014
Cloud Usage: Risks and Opportunities

Cloud Usage: Risks and Opportunities

This survey was circulated to over 165 IT and security professionals in the U.S. and around the globe representing a variety of industry verticals and enterprise sizes. The goal was to understand their perception of how their enterprises are using cloud apps, what kind of data are moving to and through those apps, and what that means in terms of risks.

Beyond raising awareness around cloud service risk, the findings of this survey are intended to provide usage intelligence that helps IT, security, and business decision-makers take action in their organizations – from consolidating and standardizing on the most secure and enterprise-ready cloud services, to knowing what policies will have the most impact, to understanding where to focus when educating users.

Release Date: 09/15/2014
Data Protection Heat Index

Data Protection Heat Index

The Cloud Security Alliance surveyed a select group of global data privacy experts with the intention to measure attitudes towards data protection areas that tie into technology solutions which enable the exchange of information across the cloud.

Release Date: 09/12/2014