Membership
Become a Member
Enterprises
Solution Providers
Startups
Current Members
Solution Providers
Affiliates
Assurance
STAR Program
STAR Levels
View Registry
Submit to Registry
Provide Feedback
GDPR Code of Conduct for STAR
STAR Resources
CAIQ
Cloud Controls Matrix
GDPR Code of Conduct
CAIQ-Lite
CSA-OneTrust VRM Tool
GDPR
Download the Code of Conduct
Submit Code of Conduct to the Registry
Resource Center
Global Consultancy
Become a Consulting Partner
Find a Consulting Service
Certificates & Training
Certificates
CCSK
CCAK
Trainings
CCAK (Coming Soon)
CCSK Lectures
CCSK Lectures + Labs
Advanced Cloud Security Practitioner
Register for Training
For Individuals
For Enterprises
Instructors
Become an Instructor
Training Partners
Become a Training Partner
Webinars
Cloudbytes
Research
GDPR
Events
Americas
APAC
EMEA
Research
What We Do
Research Working Groups
CSA Research Lifecycle
Research Publications
Security Guidance v4
Cloud Controls Matrix (CCM)
IoT Framework
Contribute
Open Peer Reviews
Surveys
Volunteer FAQ
Ron Knode Award
Working Groups
Internet of Things
DevSecOps
Software Defined Perimeter
Blockchain
Cloud Controls Matrix
EMEA Projects
APAC Projects
Community
Circle
Create an Account
Inner Circle Discussion
Job Board Postings
How To Get Started
Blog
Events
Americas
APAC
EMEA
Chapters
Global Chapters
Form a Chapter
About
About CSA
Board
History
CSA Staff
CSA EMEA
Press Releases
News Coverage

CSA Research

Security through innovation.
Innovation through collaboration.

View Working Groups
Research Home
Working Groups
Publications
Contribute
Webinars
Upcoming Webinars
Previous Webinars
Sponsorship
Home
Research

Research Publications

Best Practices in Implementing a Secure Microservices Architecture
Best Practices in Implementing a Secure Microservices Architecture

Application containers and a microservices architecture are being used to design, develop, and deploy applicatio...

The Six Pillars of DevSecOps: Collective Responsibility
The Six Pillars of DevSecOps: Collective Responsibility

The DevSecOps Working Group i...

Critical Controls Implementation for SAP
Critical Controls Implementation for SAP

The Critical Controls Implementation for SAP is the first in a series of implementation documents that the CSA E...

Top Threats to Cloud Computing: Egregious Eleven
Top Threats to Cloud Computing: Egregious Eleven

The report provides organizations with an up-to-date, expert-informed understanding of cloud security concerns i...

Cloud Controls Matrix v3.0.1
Cloud Controls Matrix v3.0.1

The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practice...

SDP Architecture Guide v2
SDP Architecture Guide v2

Software Defined Perimeter (SDP) Architecture Guide is designed to leverage proven, standards-based components t...

CSA Guide to the IoT Security Controls Framework
CSA Guide to the IoT Security Controls Framework

The Guide to the IoT Security Controls Framework provides instructions for using the companion

Best Practices for Cyber Incident Exchange
Best Practices for Cyber Incident Exchange

No organization is immune from cyber attack. Malicious actors collaborate with skill and agility, effectively moving from target to target at...

Future Proofing the Connected World
Future Proofing the Connected World

An IoT system is only as secure as its weakest link, this document is our attempt at providingactionable and...

See all artifacts

Research Insights

Best Practices for Implementing a Secure DevOps Toolchain

December 1, 2020, Randy Franklin, VP and Market GM, and William Kokolis, DevOps Practice Lead, Terazo & Bryan Jones, Solutions Architect, Cloud

Register to attend
CSA CloudBytes Figure

Upcoming Meetings

Community
Begins at
Cloud Key Management Working Group
Dec 01, 2020, 09:00AM PST
Continuous Audit Metrics Working Group
Dec 02, 2020, 09:00AM PST
Enterprise Resource Planning Working Group
Dec 02, 2020, 09:00AM PST
See all meetings

Contribute to CSA Research

Artifact reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Publications in Review
Open Until
Software-Defined Perimeter Zero Trust Charter
Dec 02, 2020
Critical Controls Implementation for Oracle E-Business Suite
Dec 21, 2020
View all

Collaborating with CSA

Research Lifecycle Figure

Research Lifecycle

A step-by-step look at the research process, from proposal to publication.

Learn more
 

Research Volunteer FAQ

Contributors to research are composed of solution providers, end users, subject matter experts, and key stakeholders in cloud and related technologies. Join the movement!

Learn more
Research Volunteer FAQ Figure
 

Thank You Research Contributors!

Research awards recognize individuals who demonstrate significant accomplishments and contribution to CSA research. Annual and long-term achievement awards are bestowed to those who also reflect industry leadership, community participation and passion for volunteerism.

Read more
Thank You Research Contributors
 

Featured Working Groups

Artificial intelligence

As we move forward into the future of automation, AI is proving to be playing a critical role in the realm of both cyber and cloud security. The ability to learn at a rate that AI does makes it extremely important...

View Group

Blockchain

Blockchain and distributed ledger technology is an innovative and continuously evolving technology that has far reaching security implications beyond the financial services industries.

View Group

Cloud Controls Matrix

The Cloud Controls Matrix (CCM) working group supports CSA’s industry-leading meta-framework for cloud security assurance. The working group conducts controls mapping projects with the aim of identifying and analysing compliance gaps.

View Group

DevSecOps

Changing the mindset of the industry and establishing fundamental principles to enhance the development, security, and operations during project lifecycles.

View Group

Internet of Things

As the cloud environment expand to new technologies, the connected world depends on devices to manage, orchestrate, and provision data.

View Group

Software Defined Perimeter

The Software Defined Perimeter working grouped launched with the goal to develop a solution to stop network attacks against application infrastructure.

View Group
View all Working Groups