Cloud 101

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
What is a Cloud Service Provider?
Published: 04/30/2020

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceDefining what is a Cloud Service Provider is not as easy as one might think, especially if you are an enterprise organization wondering if your vendors are servicing you from the cloud or not. A cloud service provider, or CSP...

Why use the CAIQ for vendor analysis vs. other questionnaires?
Published: 04/04/2020
Author: John DiMaria

Security assessments, security questionnaires, vendor assessments, RFPs are all unavoidable in today’s world of cloud computing and drain valuable resources and time when completing them. However, they’re a big part of closing new deals and maintaining or up-selling to existing accounts. If you a...

Continuous Auditing and Continuous Certification
Published: 03/20/2020

By Alain Pannetrat, Senior Researcher at Cloud Security Alliance and Founder of Omzlo.comFor some cloud customers in sensitive or highly-regulated industries, such as banking or healthcare, “traditional” annual or bi-annual audits do not provide enough assurance to move to the cloud. To address t...

Using SOC Reports for Cloud Security and Privacy
Published: 02/10/2020

By Ashwin Chaudhary, Chief Executive Officer, Accedere Inc Data security and privacy are increasingly challenging in today’s cloud-based environments. Many organizations are storing a significant amount of data in distributed and hybrid cloud and even unmanaged environments, increasing challenge...

It's all about the Data! - Preventative Security
Published: 10/08/2019

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceI have always said I am a "data guy." Decisions made with data eliminate all bias, opinions, and ad hoc decisions that cause potential costly moves.In my most recent podcast interview with Phillip Merrick, CEO of Fugue, he di...

CAIQ V3 Updates
Published: 09/17/2019

Cloud Security Alliance (CSA) would like to present the next version of the Consensus Assessments Initiative Questionnaire (CAIQ) v3.1.The CAIQ offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It pr...

How to Share the Security Responsibility Between the CSP and Customer
Published: 09/05/2019

By Dr. Kai Chen, Chief Security Technology Officer, Consumer BG, Huawei Technologies Co. Ltd. The behemoths of cloud service providers (CSPs) have released shared security responsibility related papers and articles, explaining their roles and responsibilities in cloud provisioning. Although they...

CCM v3.0.1. Update for AICPA, NIST and FedRAMP Mappings
Published: 08/02/2019

Victor Chin and Lefteris Skoutaris, Research Analysts, CSA The CSA Cloud Controls Matrix (CCM) Working Group is glad to announce the new update to the CCM v3.0.1. This minor update will incorporate the following mappings:Association of International Certified Professional Accountants (AICPA) Trus...

Using The CAIQ-Lite to Assess Third Party Vendors
Published: 07/01/2019

By Dave Christiansen, Marketing Director, WhisticThe mere mention of “security questionnaires” can evoke thoughts of hundreds of questions aimed at auditing internal processes in order to mitigate third party risk. This typically means a lengthy process prime to be optimized. While we don’t disag...

CSA STAR – The Answer to Less Complexity and Higher Level of Compliance
Published: 03/28/2019

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceCSA STAR enables a higher level of compliance, data governance, reduced risk and more cost-effective management of your security and privacy systemWe just launched a major refresh of the CSA STAR (Security, Trust and Assuranc...

CCM Addenda Updates for Two Additional Standards
Published: 01/21/2019

By the CSA CCM Working GroupWe're happy to announce the publication of the updated Cloud Controls Matrix (CCM) Addenda for the following standards: — German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5) — ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC ...

Weigh in on the Cloud Control Matrix Addenda
Published: 11/20/2018

Dear Colleagues,The Cloud Security Alliance would like to invite you to review and comment on the Cloud Control Matrix (CCM) addenda for the following standards:—German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5). (Add your comments to CCM-C5.)...

Cloud Security Alliance Releases Minor Update to CCM v3.0.1
Published: 11/12/2018

By the CSA Research TeamThe Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Working Group has released a minor update for the CCM v3.0.1. This update incorporates mappings to IEC 62443-3-3 and BSI Compliance Controls Catalogue (C5).The CCM is specifically designed to provide fundamental...

Methodology for the Mapping of the Cloud Controls Matrix
Published: 07/09/2018

By Victor Chin, Research Analyst, Cloud Security AllianceThe Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud customers seeking to assess the overall security risk of a cloud service. To reduce compliance fatigue i...

CCM v3 Introduces Reverse Mappings, Gap Analysis
Published: 06/26/2018

By Sean Cordero, VP of Cloud Strategy, NetskopeSince its introduction in 2010, the Cloud Security Alliance’s Cloud Control Matrix (CCM) has led the industry in the measurement of cloud service providers (CSP). The CCM framework continues to deliver for CSPs and cloud consumers alike a uniform set...

Why the Cloud Cannot be treated as a One-size-fits-all when it comes to Security
Published: 06/24/2013

Despite the fact that cloud providers have long since differentiated themselves on very distinct offerings based on cloud platform type, I often see the cloud written about as though it is a single, uniformservice. And, the problem with that is while there are commonalities, it is downright misle...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.