Download Publication

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
Release Date: 07/26/2017
Working Group: Security Guidance
The Cloud Security Alliance promotes implementing best practices for providing security assurance within the domain of cloud computing and has delivered a practical, actionable roadmap for organizations seeking to adopt the cloud paradigm. The fourth version of the Security Guidance for Critical Areas of Focus in Cloud Computing is built on previous iterations of the security guidance, dedicated research, and public participation from the Cloud Security Alliance members, working groups, and the industry experts within our community. This version incorporates advances in cloud, security, and supporting technologies; reflects on real-world cloud security practices; integrates the latest Cloud Security Alliance research projects; and offers guidance for related technologies.
- Cloud Computing Concepts and Architectures
- Governance and Enterprise Risk Management
- Legal Issues, Contracts and Electronic Discovery
- Compliance and Audit Management
- Information Governance
- Management Plane and Business Continuity
- Infrastructure Security
- Virtualization and Containers
- Incident Response
- Application Security
- Data Security and Encryption
- Identity, Entitlement and Access Management
- Security as a Service
- Related Cloud Technologies
Fill out this form to access this resource.
In my current job I work in:
Can we send you emails about other CSA projects?
By opting into this agreement I am indicating that I want to receive email updates from CSA on related projects. (Marketing purposes, Section 3 of the Privacy Policy).
Can we send you emails about other CSA projects?
By opting into this agreement I am indicating that I want to receive email updates from CSA on related projects. (Marketing purposes, Section 3 of the Privacy Policy).
Provide feedback on this form
Acknowledgements

Gunnar Peterson
This person does not have a biography listed with CSA.

David Mortman
This person does not have a biography listed with CSA.

Rich Mogull
Rich is the VP of Product for DisruptOPS and Analyst and CEO of Securosis. With twenty years of experience in information security, physical security, and risk management, Rich is one of the foremost experts on cloud security, having driven development of the Cloud Security Alliance’s V4 Guidance and the associated CCSK training curriculum. He is a prolific writer and featured speaker at the security industry’s largest events, including RSA...