Cloud 101CircleEventsBlog
Participate in the CSA Top Threats to Cloud Computing 2025 peer review to help shape industry insights!

CSA Research

Best practices, guidance, frameworks and tools to help the industry secure the cloud. Read our research to get your questions around cloud security answered.
Research

CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.

Contribute to CSA Research

Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Latest Research

Context-Based Access Control for Zero Trust - Japanese Translation

Context-Based Access Control for Zero Trust - Japanese Translation

Release Date: 03/11/2025

This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translated content falls outside of the CSA Research Lifecycle. For any questions and feedback, contact [email protected].

Traditional...
Shadow Access and AI

Shadow Access and AI

Release Date: 03/11/2025

Shadow Access is undesired or unauthorized access to resources, such as applications, networks, and data. Shadow Access is increasingly a cloud issue, resulting from the increased use of entitlements that connect cloud services together. Automated infrastructure with incorrectly permissioned...
The Six Pillars of DevSecOps Bundle

The Six Pillars of DevSecOps Bundle

Release Date: 03/10/2025

DevOps enhances the management of information security, but its execution must be secured to avoid vulnerabilities like lax firewall rules or default credentials. DevSecOps integrates and automates security controls within DevOps, improving efficiency and effectiveness.

CSA’s Six Pillars of...