Education

Certificate of Cloud Security Knowledge

The Cloud Security Alliance’s Certificate of Cloud Security Knowledge (CCSK) is the industry’s first user certification program for secure cloud computing. The CCSK is designed to ensure that a broad range of professionals with responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Training

Please see the CSA Training Schedule for current training opportunities.

The Cloud Security Alliance will soon be offering training in the following three areas.

CCSK training

Cloud Computing Security Knowledge- Basic
The Cloud Computing Security Knowledge- Basic class provides students a comprehensive one day review of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK certification exam. Starting with a detailed description of cloud computing, the course covers all major domains in the latest Guidance document from the Cloud Security Alliance, and the recommendations from the European Network and Information Security Agency (ENISA). This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security. (We recommend attendees have at least a basic understanding of security fundamentals, such as firewalls, secure development, encryption, and identity management).

Cloud Computing Security Knowledge- Plus
The CCSK- Plus class builds upon the CCSK Basic class with expanded material and extensive hands-on activities with a second day of training. Students will learn to apply their knowledge as they perform a series of exercises as they complete a scenario bringing a fictional organization securely into the cloud.
This second day of training includes additional lecture, although student’s will spend most of their time assessing, building, and securing a cloud infrastructure during the exercises.

PCI Cloud training

The first ever class dedicated to assessing and implementing PCI DSS controls in cloud computing environments covers how to think of and how to do PCI DSS in various cloud computing environments. Focused primarily on people familiar with PCI DSS, it starts from the “hype-free” cloud computing facts and then delves into key scenarios where PCI DSS and clouds overlap in the real world. You will learn where to look while assessing such environments and what pitfalls and mistakes to avoid. It will also cover the shared responsibility between service providers and merchants in implementing PCI DSS controls. Specifically, we will discuss how PCI DSS Requirement 12.8 applies to various cloud scenarios.
The class would be most useful to PCI DSS QSA, organizations offering PCI DSS consulting as well as merchants planning or implementing PCI compliance.

GRC Stack training

Outsourcing critical business functions into the Cloud can result in challenges of maintaining assurance and control over legal and regulatory obligations for data management and protection. The Cloud Security Alliance is offering a training session to show you how to leverage the CSA GRC (Governance, Risk Management & Compliance) Stack, a toolkit designed for peeling back and revealing those layers of accountability and responsibility between Cloud Service Providers and their Tenants, applying measurable risk-based decision making for both assessing and attesting to governance, risk and compliance best practices.

Security, Trust

& Assurance Registry

STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.

STAR Information
STAR Registry Entries
STAR Submission Form

Welcome New Members

The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:

CradlePoint
Adallom
Elastica
Cornerstone OnDemand
SoftLayer

View all Members

Translate CSA

Get Involved

Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing.

Upcoming Events

1-2 April 2014

SecureCloud 2014

SecureCloud 2014 is an opportunity for government experts, industry experts and corporate decision makers to discuss and exchange ideas about how to shape the future of cloud computing security. Register Now!

April 08-10, 2014

IFINTEC Finance Technologies Conference and Exhibition

IFINTEC Finance Technologies Conference and Exhibition is a dedicated conference focusing on technology solutions developed for finance world. Learn More

April 21-22, 2014

Governance, Technology Audit, Control and Security Conference (GTACS) Conference 2014

>GTACS 2014 will be held from the 21 to 22 April 2014 at the Marina Bay Sands Expo & Convention Centre (Singapore), with the post-conference workshops following on the 23 to 24 April 2014. Learn More

September 16-19, 2014

CSA Congress 2014 & IAPP Privacy Academy 2014

By bringing together the IAPP’s Privacy Academy and the CSA Congress this fall we've broadened the educational and networking opportunities available for both IAPP and CSA members. Learn More

View all Upcoming Events

Cloud Security Readiness Tool

Take a short survey that assesses your current IT environment with regard to systems, processes, and productivity. The survey information creates a custom non-commercial report that provides recommendations on your IT state and helps you evaluate the benefits of cloud computing.

Get Started Now