CSA Research

Best practices, guidance, frameworks and tools to help the industry secure the cloud. Read our research to get your questions around cloud security answered.

CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.

Join a Working Group Meeting

Begins at
Cloud Key Management Working Group
Blockchain/Distributed Ledger Working Group
SDP and Zero Trust Working Group

Contribute to CSA Research

Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Publications in Review
Open Until

Latest Research

Top Threats to Cloud Computing: Egregious Eleven Deep Dive - Arabic Translation

Top Threats to Cloud Computing: Egregious Eleven Deep Dive - Arabic Translation

Release Date: 05/27/2022

This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translated content falls outside of the CSA Research Lifecycle. For any questions and feedback, contact [email protected] This report provides case‌ ‌study‌ ‌analyses‌ ‌for‌ last year’s ‌

Best Practices for Smart Contract Security Hyperledger Fabric

Best Practices for Smart Contract Security Hyperledger Fabric

Release Date: 05/18/2022

The goal is to establish best practices for using smart contract specifically in Hyperledger Fabric 2.0 environment. This document serves as a guide for Smart Contract Developers to gain an understanding of the benefits, challenges, and opportunities for deploying smart contracts within their organization. The reader should also gain an understanding of many of the legal, regulatory, and security considerations that must be taken to count when using any smart contract.

Serverless Computing Working Group Charter

Serverless Computing Working Group Charter

Release Date: 05/17/2022

Serverless working group charter document.  The Serverless WG seeks to develop best practices to help organizations that want to run their business with a serverless computing model.  The objective of the working group is to design and maintain a Serverless security reference architecture and security controls/framework and provide best practice security recommendations that can be used as a guide for the planning, design, operation, maintenance, and evaluation of Serverless computing operations.