Education

Certificate of Cloud Security Knowledge

The Cloud Security Alliance’s Certificate of Cloud Security Knowledge (CCSK) is the industry’s first user certification program for secure cloud computing. The CCSK is designed to ensure that a broad range of professionals with responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Training

Please see the CSA Training Schedule for current training opportunities.

The Cloud Security Alliance will soon be offering training in the following three areas.

CCSK training

Cloud Computing Security Knowledge- Basic
The Cloud Computing Security Knowledge- Basic class provides students a comprehensive one day review of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK certification exam. Starting with a detailed description of cloud computing, the course covers all major domains in the latest Guidance document from the Cloud Security Alliance, and the recommendations from the European Network and Information Security Agency (ENISA). This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security. (We recommend attendees have at least a basic understanding of security fundamentals, such as firewalls, secure development, encryption, and identity management).

Cloud Computing Security Knowledge- Plus
The CCSK- Plus class builds upon the CCSK Basic class with expanded material and extensive hands-on activities with a second day of training. Students will learn to apply their knowledge as they perform a series of exercises as they complete a scenario bringing a fictional organization securely into the cloud.
This second day of training includes additional lecture, although student’s will spend most of their time assessing, building, and securing a cloud infrastructure during the exercises.

PCI Cloud training

The first ever class dedicated to assessing and implementing PCI DSS controls in cloud computing environments covers how to think of and how to do PCI DSS in various cloud computing environments. Focused primarily on people familiar with PCI DSS, it starts from the “hype-free” cloud computing facts and then delves into key scenarios where PCI DSS and clouds overlap in the real world. You will learn where to look while assessing such environments and what pitfalls and mistakes to avoid. It will also cover the shared responsibility between service providers and merchants in implementing PCI DSS controls. Specifically, we will discuss how PCI DSS Requirement 12.8 applies to various cloud scenarios.
The class would be most useful to PCI DSS QSA, organizations offering PCI DSS consulting as well as merchants planning or implementing PCI compliance.

GRC Stack training

Outsourcing critical business functions into the Cloud can result in challenges of maintaining assurance and control over legal and regulatory obligations for data management and protection. The Cloud Security Alliance is offering a training session to show you how to leverage the CSA GRC (Governance, Risk Management & Compliance) Stack, a toolkit designed for peeling back and revealing those layers of accountability and responsibility between Cloud Service Providers and their Tenants, applying measurable risk-based decision making for both assessing and attesting to governance, risk and compliance best practices.

Security, Trust

& Assurance Registry

STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.

STAR Information
STAR Registry Entries
STAR Submission Form

Welcome New Members

The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:

Dropbox
Spanning
Palo Alto Networks
Nuance
ThousandEyes

View all Members

Translate CSA

Get Involved

Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing.

Upcoming Events

April 29 - May 1, 2014

Infosecurity Europe 2014

Featuring over 325 exhibitors, the most diverse range of new products and services, an unrivalled FREE education programme and 13,006 unique visitors.

23 May 2014

CSA Japan Summit 2014

This event targets consumers and providers of cloud computing who together share a concern for cloud security and corporate decision making.

3 - 4 June 2014

ASEAN CSA Summit 2014

The industry event for IT security professionals and executives wanting to further their knowledge of cloud security. Learn More

September 16-19, 2014

CSA Congress 2014 & IAPP Privacy Academy 2014

By bringing together the IAPP’s Privacy Academy and the CSA Congress this fall we've broadened the educational and networking opportunities available for both IAPP and CSA members. Learn More

19-20 November 2014

CSA EMEA Congress 2014

The congress’s unique mix of R&D, end-user and industry audience members promises, compelling sessions, interesting discussions, networking and business opportunities throughout the event. Learn More

View all Upcoming Events

Cloud Security Readiness Tool

Take a short survey that assesses your current IT environment with regard to systems, processes, and productivity. The survey information creates a custom non-commercial report that provides recommendations on your IT state and helps you evaluate the benefits of cloud computing.

Get Started Now