CSA Research

Best practices, guidance, frameworks and tools to help the industry secure the cloud. Read our research to get your questions around cloud security answered.

CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.

Join a Working Group Meeting

Begins at
Enterprise Resource Planning Working Group
Blockchain/Distributed Ledger Working Group
DevSecOps Working Group

Contribute to CSA Research

Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Latest Research

State of Cloud Security Risk, Compliance, and Misconfigurations

State of Cloud Security Risk, Compliance, and Misconfigurations

Release Date: 09/17/2021

Current state of cloud security programs, including top risks and usage of security tools • Cloud Security Posture Management (CSPM) challenges faced by organizations in mitigating misconfiguration vulnerabilities • Organizational readiness, success KPIs, and teams responsible for different aspects of cloud security posture management  

Ransomware in the Healthcare Cloud

Ransomware in the Healthcare Cloud

Release Date: 09/15/2021

Ransomware is the fastest-growing malware threat today. Over the last few years, it has risen to epidemic proportions, quickly becoming a significant revenue stream for criminal enterprises. Ransomware directly affects the ability of the Healthcare Delivery Organization (HDO) to access their data. Ransomware attacks, to complicate matters, cause more than a simple outage. They can attack the backup infrastructure. So, it’s not just about restoring from a backup; HDOs need to ensure that they recover from an uninfected backup. To add to the problem, healthcare data in cloud storage is not immune to ransomware. However, cloud storage can give you a significant a...

Recommendations for Adopting a Cloud-Native Key Management Service

Recommendations for Adopting a Cloud-Native Key Management Service

Release Date: 09/14/2021

The purpose of this document is to provide general guidance for choosing, planning, and deploying cloud-native Key Management Systems (KMS). The guidance within will provide recommendations that address technical, operational, legal, regulatory, and financial aspects of leveraging a cloud-native KMS. The goal is to optimize business outcomes, including agility, cost, and compliance.