CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.
Contribute to CSA Research
Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.
State of Cloud Security Risk, Compliance, and Misconfigurations
Release Date: 09/17/2021
Current state of cloud security programs, including top risks and usage of security tools • Cloud Security Posture Management (CSPM) challenges faced by organizations in mitigating misconfiguration vulnerabilities • Organizational readiness, success KPIs, and teams responsible for different aspects of cloud security posture management
Ransomware in the Healthcare Cloud
Release Date: 09/15/2021
Ransomware is the fastest-growing malware threat today. Over the last few years, it has risen to epidemic proportions, quickly becoming a significant revenue stream for criminal enterprises. Ransomware directly affects the ability of the Healthcare Delivery Organization (HDO) to access their data. Ransomware attacks, to complicate matters, cause more than a simple outage. They can attack the backup infrastructure. So, it’s not just about restoring from a backup; HDOs need to ensure that they recover from an uninfected backup. To add to the problem, healthcare data in cloud storage is not immune to ransomware. However, cloud storage can give you a significant a...
Recommendations for Adopting a Cloud-Native Key Management Service
Release Date: 09/14/2021
The purpose of this document is to provide general guidance for choosing, planning, and deploying cloud-native Key Management Systems (KMS). The guidance within will provide recommendations that address technical, operational, legal, regulatory, and financial aspects of leveraging a cloud-native KMS. The goal is to optimize business outcomes, including agility, cost, and compliance.