Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Download Publication

Home
Publications
Security Guidance for Critical Areas of Focus in Cloud Computing V1.0
Security Guidance for Critical Areas of Focus in Cloud Computing V1.0

Security Guidance for Critical Areas of Focus in Cloud Computing V1.0

Release Date: 04/01/2009

Working Group: Security Guidance

This is version one of the CSA Security Guidance. You can find the latest version of this document here.


Related Certificates & Training | Cloud Controls Matrix                                                                                                                                                                                                                                                                  
Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
Related resources

Related Resources

PublicationsBlogs
Security Guidance for Critical Areas of Focus in Cloud Computing v5
Security Guidance for Critical Areas of Focus i...
Download Now
Security Guidance v4.0 Info Sheet
Security Guidance v4.0 Info Sheet
Download Now
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
Security Guidance for Critical Areas of Focus i...
Download Now
View all publications
CSA Community Spotlight: Guiding Industry Research with CEO Jason Garbis
CSA Community Spotlight: Guiding Industry Research with CEO Jason G...
Published: 10/09/2024
How to Set Up Your First Security Program
How to Set Up Your First Security Program
Published: 09/26/2024
What is the CSA STAR Program? An Intro for Beginners
What is the CSA STAR Program? An Intro for Beginners
Published: 09/24/2024
Maximize Cloud Security Excellence: The Power of CSA Corporate Membership
Maximize Cloud Security Excellence: The Power of CSA Corporate Memb...
Published: 09/10/2024
View all blogs
View all webinars

Acknowledgements

Jim Reavis
Jim Reavis
Co-founder and Chief Executive Officer, CSA

Jim Reavis

Co-founder and Chief Executive Officer, CSA

For over 30 years, Jim Reavis has worked in cybersecurity industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging trends have been published and presented widely throughout the industry and have influenced many.
Jim launched Cloud Security Alliance (CSA) in 2009 and has led its global growth and position as among the most vital cybersecurity communities worldwide. Under...

Read more

Francoise Gilbert Headshot Missing
Francoise Gilbert

Francoise Gilbert

Jean Pawluk Headshot Missing
Jean Pawluk

Jean Pawluk

Subra Kumaraswamy Headshot Missing
Subra Kumaraswamy

Subra Kumaraswamy

Girish Bhat Headshot Missing
Girish Bhat

Girish Bhat

Pamela Fusco Headshot Missing
Pamela Fusco

Pamela Fusco

Anton Chuvakin Headshot Missing
Anton Chuvakin

Anton Chuvakin

Scott Matsumoto Headshot Missing
Scott Matsumoto

Scott Matsumoto

Dave Cullinane
Dave Cullinane
TruSTAR Founder and CSA Chairman

Dave Cullinane

TruSTAR Founder and CSA Chairman

Dave Cullinane is the Founder of TruSTAR Technology. Prior to TruSTAR, Dave served for 5+ years as the Chief Information Security Officer and VP of Global Fraud, Risk and Security for eBay and its many global businesses (StubHub, InternetAuction.co, GSI Commerce). He has more than 30 years of professional security experience building and managing cyber security and incident response teams.

Dave is also the past President and Chair...

Read more

Jeffrey Ritter Headshot Missing
Jeffrey Ritter

Jeffrey Ritter

Alan Boehme
Alan Boehme
Chief Technology Officer of Procter & Gamble

Alan Boehme

Chief Technology Officer of Procter & Gamble

Alan Boehme serves as Chief Technology Officer of Procter & Gamble. Prior to this he was Chief of Enterprise Architecture for The Coca-Cola Company. Boehme was previously Sr. VP and Head of IT Architecture for the ING Global Insurance Business as well as serving as chairman of the global cross banking / insurance business (ING Group) enterprise architecture committee reporting into the global CTO office. Prior to his time with ING he serve...

Read more

Liam Lynch Headshot Missing
Liam Lynch

Liam Lynch

Nils Puhlmann Headshot Missing
Nils Puhlmann

Nils Puhlmann

Robert Fly Headshot Missing
Robert Fly

Robert Fly

Jeff Reich
Jeff Reich
Vice President of Member Success, CSA

Jeff Reich

Vice President of Member Success, CSA

Michael Sutton Headshot Missing
Michael Sutton
CISO, Zscaler

Michael Sutton

CISO, Zscaler

Dov Yoran Headshot Missing
Dov Yoran

Dov Yoran

Jeff Spivey Headshot Missing
Jeff Spivey

Jeff Spivey

Jeff Bardin Headshot Missing
Jeff Bardin

Jeff Bardin

Ken Fauth Headshot Missing
Ken Fauth

Ken Fauth

Edward Haletky Headshot Missing
Edward Haletky

Edward Haletky

Mark Leary Headshot Missing
Mark Leary

Mark Leary

Ben Rothke Headshot Missing
Ben Rothke

Ben Rothke

Philippe Courtot Headshot Missing
Philippe Courtot

Philippe Courtot

Paul B. Kurtz
Paul B. Kurtz
Chief Cybersecurity Advisor, Splunk

Paul B. Kurtz

Chief Cybersecurity Advisor, Splunk

Paul Kurtz is the Chief Executive Officer of TruSTAR Technology. Prior to TruSTAR Paul Kurtz was the Chief Information Security Officer and Chief Strategy Officer for CyberPoint International LLC. While at CyberPoint, he helped grow the company from 10 to 200 employees in 5 years by building the US government and international business verticals. Prior to CyberPoint, Paul was the managing partner of Good Harbor Consulting where he oversaw ...

Read more

Izak Mutlu Headshot Missing
Izak Mutlu

Izak Mutlu

Phil Agcaoili Headshot Missing
Phil Agcaoili

Phil Agcaoili

Christofer Hoff Headshot Missing
Christofer Hoff

Christofer Hoff

Michael Johnson Headshot Missing
Michael Johnson

Michael Johnson

Shawn Chaput Headshot Missing
Shawn Chaput

Shawn Chaput

Jerry Archer
Jerry Archer
SVP and Chief Security Officer for Sallie Mae

Jerry Archer

SVP and Chief Security Officer for Sallie Mae

Jerry Archer is an SVP and Chief Security Officer for Sallie Mae. Archer’s responsibilities include securing and protecting all of Sallie Mae’s systems and offerings, and for security initiatives across the company. Prior to Sallie Mae, Archer was the CISO at Intuit and prior to joining Intuit, Archer was managing director at Global Competitive Strategies. Previously, Archer was SVP for Global Interoperability at Visa International and bef...

Read more

Todd Barbee Headshot Missing
Todd Barbee

Todd Barbee

Dave Tyson Headshot Missing
Dave Tyson

Dave Tyson

Josh Zachry Headshot Missing
Josh Zachry

Josh Zachry

Phil Dunkelberger Headshot Missing
Phil Dunkelberger

Phil Dunkelberger

Tim Mather Headshot Missing
Tim Mather

Tim Mather

Brian O'Higgins Headshot Missing
Brian O'Higgins

Brian O'Higgins

Jim Hietala Headshot Missing
Jim Hietala

Jim Hietala

Lynne Terwoerds Headshot Missing
Lynne Terwoerds

Lynne Terwoerds

Joshua Davis Headshot Missing
Joshua Davis

Joshua Davis

Jeff Forristal Headshot Missing
Jeff Forristal

Jeff Forristal

Josh Pennell Headshot Missing
Josh Pennell

Josh Pennell

Stephen Sengam Headshot Missing
Stephen Sengam

Stephen Sengam

Glenn Brunette Headshot Missing
Glenn Brunette

Glenn Brunette

Jon Callas Headshot Missing
Jon Callas

Jon Callas

George Reese Headshot Missing
George Reese

George Reese

John Viega Headshot Missing
John Viega

John Viega

Dave Morrow Headshot Missing
Dave Morrow

Dave Morrow

Ward Spangenberg Headshot Missing
Ward Spangenberg

Ward Spangenberg

Dennis Hurst Headshot Missing
Dennis Hurst

Dennis Hurst

Sean Catlett
Sean Catlett
Chief Security Officer

Sean Catlett

Chief Security Officer

Sean Catlett is the Chief Security Officer at Slack, where he oversees product security, GRC, and security engineering and operations. Prior to Slack, Sean was the first CISO for Reddit, where he built the company’s dedicated Security and Privacy functions, protecting more than 430 million monthly active users around the world. In addition to executive roles at industry-leading security software companies, Sean has held senior leadership ro...

Read more

Shail Khiyara Headshot Missing
Shail Khiyara

Shail Khiyara

Larry Brock Headshot Missing
Larry Brock

Larry Brock

Jake Brunetto Headshot Missing
Jake Brunetto

Jake Brunetto

Jay Chaudhry
Jay Chaudhry
CEO, Chairman and Founder at Zscaler

Jay Chaudhry

CEO, Chairman and Founder at Zscaler

Jay is an accomplished entrepreneur, having founded a series of successful companies, including AirDefense, CipherTrust, CoreHarbor, SecureIT, and Zscaler, now a public company as of March 16, 2018.

Jay has a history of introducing visionary innovations to market that address the demand for securely enabling emerging technology trends, such as the Zscaler global security cloud for distributed and mobile enterprises. Jay’s considerable...

Read more

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Join this Working Group
View all Working Groups

Related Certificates & Training