Cloud 101CircleEventsBlog
Join top cybersecurity experts at the Raleigh, NC LevelBlue's cyber networking event June 20th!

CSA Research

Best practices, guidance, frameworks and tools to help the industry secure the cloud. Read our research to get your questions around cloud security answered.
Research

CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.

Contribute to CSA Research

Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Publications in Review
Open Until

Latest Research

The Six Pillars of DevSecOps: Measure, Monitor, Report, and Action

The Six Pillars of DevSecOps: Measure, Monitor, Report, and Action

Release Date: 05/14/2024

The implementation and maintenance of DevSecOps initiatives can take anywhere from a few months to several years to implement. Therefore, continuous measurement is essential when attempting to understand what changes have occurred in people, processes, and tooling. Without actionable DevSecOps...
Cloud Controls Matrix and CAIQ v4

Cloud Controls Matrix and CAIQ v4

Release Date: 05/08/2024

The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to the CSA best practices, that is considered the de-facto standard for cloud security and privacy. The accompanying questionnaire, CAIQ, provides a set of “yes or no” questions based on the security...
Confronting Shadow Access Risks: Considerations for Zero Trust and Artificial Intelligence Deployments

Confronting Shadow Access Risks: Considerations for Zero Trust and Artificial Intelligence Deployments

Release Date: 05/06/2024

Shadow Access, a growing concern within cloud computing and Identity and Access Management (IAM), refers to unintended, unauthorized access to systems and data, often intensified by the complexities of modern technological environments. Organizations from small to large often find out the hard...