Register for CSA’s SECtember conference and trainings today


CSA Research

Best practices, guidance, frameworks and tools to help the industry secure the cloud. Read our research to get your questions around cloud security answered.

CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.

Contribute to CSA Research

Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Latest Research

Security Guidelines for Providing and Consuming APIs - Korean Translation

Security Guidelines for Providing and Consuming APIs - Korean Translation

Release Date: 08/17/2022

In modern application workloads, organizations are often required to integrate their application with other parties such as Software-as-a-Service (SaaS) providers, customers applications, and business partners. These integrations may vary from granting one-time read access to ongoing static data consumption, to exposure of APIs or application components to a 3rd party provider. The purpose of this document is to provide a framework for securely connecting external entities such as customers or third parties. The document provides a usable list of security considerations in order to estimate the risk involved with the specific con...

Cloud and Web Security Challenges in 2022

Cloud and Web Security Challenges in 2022

Release Date: 08/16/2022

Organizations’ work environments have undergone rapid but lasting changes in the face of the recent health crisis. Working remote became a necessity and many organizations were forced to accelerate their digital transformation as a result. This drastically changed the security landscape. Employees could no longer be protected by enterprise firewalls; people were becoming the new perimeter. Simultaneously, multiple newsworthy supply chain attacks occurred, drawing attention to a growing number of cloud and web attacks targeting people with access to business data. Organizations were left struggling with their new cloud environments and maintaining legacy e...

Secure Connection Requirements of Hybrid Cloud - Korean Translation

Secure Connection Requirements of Hybrid Cloud - Korean Translation

Release Date: 08/15/2022

This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translated content falls outside of the CSA Research Lifecycle. For any questions and feedback, contact [email protected]  The National Institute of Standards and Technology (NIST) defines