Circle
Events
Blog

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
CAIQ-Lite: The Lighter-weight Security Assessment Option
Published: 01/22/2022

CSA’s Consensus Assessment Initiative Questionnaire (CAIQ) is a downloadable spreadsheet of yes or no questions that correspond to the controls of the Cloud Controls Matrix (CCM), our cybersecurity controls framework for cloud computing. A cloud service provider can use the CAIQ to document what ...

The Quest for Multi-Party Recognition
Published: 12/22/2021

The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores the STAR Program, CSA best practices, research, and associated technologies and tools. This blog is part of a series where we edit key CSA Security Update episodes into shorter Q&As. In...

A North Star for the Industry: CSA Research Summit at RSA 2022
Published: 12/01/2021
Author: Jim Reavis

The RSA Conference will always have a special place in the history of the Cloud Security Alliance, as it does with many cybersecurity ventures. CSA was launched at the RSA Conference in 2009 with the first version of our best practices document. We followed that up with our first CSA Summit at RS...

STAR Testimonial: Implementation and Beyond
Published: 11/20/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. The CSA Security Update podcast is hosted by John DiMaria, CSA Assurance Investigatory Fellow, and explores...

CCSK Success Stories: From a Manager of Cloud Infrastructure
Published: 11/14/2021

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

CCSK Success Stories: From the Vice President for Information Security
Published: 11/01/2021

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

STAR Testimonial: The First Cloud-Specific Attestation Program
Published: 10/30/2021

CSA’s STAR Attestation is the first cloud-specific attestation program designed to quickly assess and understand the types and rigor of security controls applied by cloud service providers. This is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC2 engagement...

Cloud Compliance Frameworks: What You Need to Know
Published: 10/21/2021

This blog was originally published by Hyperproof here. Cloud storage and SaaS solutions bring unprecedented speed, agility, and flexibility to a business. However, trusting third-party vendors with sensitive data comes with numerous inherent risks, such as: Insecure access points can increase t...

CCSK Success Stories: From a Managed Service Engineer
Published: 10/15/2021

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

Lessons from Our Journey to Obtain Our SOC 2 Report and ISO Certifications
Published: 10/13/2021

This blog was originally published by Grammarly here.Written by Andrew Derevyanko, Director of Engineering, GrammarlyIn June 2021, Grammarly achieved a new security and compliance milestone. We received our SOC 2 (Type 2) and SOC 3 reports as well as three certifications from the International Or...

The Adoption of Multi-Cloud Drives the Need for Better Data Protection and Management of Encryption Keys and Policy Controls
Published: 09/17/2021

This blog was originally published by Entrust here.Written by Jim DeLorenzo, Entrust.Enterprise adoption of multiple cloud platforms continues in earnest, whether it’s aimed at improving collaboration, reducing datacenter footprint, increasing customer response times or any number of other busine...

What is CAIQ?
Published: 09/01/2021

CCM, STAR, CCSK, CCAK – the Cloud Security Alliance is rolling in acronyms that you might not be familiar with yet. In this post, we’re going to get you up to speed on one of our most useful tools for cloud security transparency: the CAIQ.A Questionnaire for Transparency and AssuranceCAIQ is an a...

CCM Testimonial: The Advantages and Future of the Cloud Controls Matrix
Published: 08/12/2021

The Cloud Controls Matrix (CCM) is composed of 197 control objectives that cover all key aspects of cloud technology. It can be used as a tool for the systematic assessment of cloud implementation and provides guidance on which security controls should be implemented by which actor within the clo...

The STAR Certification Journey
Published: 06/08/2021

The CSA STAR Program is a powerful tool for security assurance in the cloud. It encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings. The CSA Securit...

CAIQ v4 Released - Changes from v3.1 to v4
Published: 06/07/2021
Author: Daniele Catteddu

This blog was updated on 8/16/21 with the news that organizations can now submit CAIQ v4 to the STAR Registry.Since the publication of CCM v4 in January 2021, CSA has initiated a process to upgrade CAIQ, the questionnaire associated with CCM. In this blog we will explain changes made to version 4...

CCM v4 FAQ - Transition Timeline
Published: 02/04/2021

This blog was updated on 12/17/21 with the latest information regarding the release of CCM v4 components.On January 21st CSA released version 4 of the Cloud Controls Matrix (CCM). The new version ensures coverage of requirements deriving from new cloud technologies, new controls and enhanced int...

The CSA Cloud Controls Matrix (CCM) V4: Raising the cloud security bar to the next level
Published: 01/21/2021

Written by: Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance and Lefteris Skoutaris, CCM Program Manager, Cloud Security AllianceOver the course of the last decade since its first appearance in 2010, the Cloud Controls Matrix (CCM) has become a reference for any organization se...

What is the Cloud Controls Matrix (CCM)?
Published: 10/16/2020

By Eleftherios Skoutaris, Program Manager for CCM Working Group at Cloud Security AllianceWhat is the Cloud Controls Matrix?The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing. It is a spreadsheet that lists 16 domains covering all key aspects of cloud tec...

CCM Addendum for Associated Banks of Singapore
Published: 09/16/2020

Written by: Co-chair - Arun VIVEK, Head of Cloud & Container Security – Cyber Security Services, Standard Chartered BankCSA CCM & Association of Banks in Singapore Cloud Computing Implementation Guide 2.0 Controls This week CSA released a Cloud Controls Matrix (CCM) addendum and Gap Analy...

What is a Cloud Service Provider?
Published: 04/30/2020

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceDefining what is a Cloud Service Provider is not as easy as one might think, especially if you are an enterprise organization wondering if your vendors are servicing you from the cloud or not. A cloud service provider, or CSP...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.