Cloud 101CircleEventsBlog
Have a chance to win a free CCSK v5 token by taking the Non-Human Identity Security Survey!

CSA Research

Best practices, guidance, frameworks and tools to help the industry secure the cloud. Read our research to get your questions around cloud security answered.

CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.

Contribute to CSA Research

Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Publications in Review
Open Until

Latest Research

CSA Large Language Model (LLM) Threats Taxonomy

CSA Large Language Model (LLM) Threats Taxonomy

Release Date: 06/10/2024

This document aims to align the industry by defining key terms related to Large Language Model (LLM) risks and threats. Establishing a common language reduces confusion, helps connect related concepts, and facilitates more precise dialogue across diverse groups. This common language will...
CCM-Lite and CAIQ-Lite

CCM-Lite and CAIQ-Lite

Release Date: 06/04/2024

The Cloud Security Alliance, in collaboration with the CCM Working Group, proudly presents the CCM-Lite and CAIQ-Lite File Bundle. These tools offer a streamlined way to assess cloud security.


The CCM-Lite is a simplified version of the Cloud Controls Matrix (CCM) v4. It includes...
The Annual SaaS Security Survey Report 2025 Plans and Priorities

The Annual SaaS Security Survey Report 2025 Plans and Priorities

Release Date: 06/03/2024

In 2024, Software-as-a-Service (SaaS) platforms are integral to most businesses. Unfortunately, inventive threat actors regularly breach SaaS applications from large organizations, underscoring the fragility of even the most secure systems. Against this backdrop of relentless SaaS threats,...