Research

Research Overview
Research Calendar
Submit Your Ideas

Initiative	Description	Downloads
Visit the initiative page	Big Data Working Group Big Data is a working group within the Cloud Security Alliance (CSA) created to identify best practices for security and privacy in big data.	Big Data Analytics for Security Intelligence -Released September 24, 2013 Expanded Top Ten Big Data Security and Privacy Challenges -Released June 16, 2013 Top Ten Big Data Security and Privacy Challenges -Released November 07, 2012 CSA Congress 2012 Big Data Overview -Released November 06, 2012 Big Data Working Group Charter -Released May 04, 2012
Visit the initiative page	Cloud Controls Matrix (CCM) Security controls framework for cloud provider and cloud consumers.	CCM v3.0 Info Sheet -Released October 07, 2013 Cloud Controls Matrix v3.0 -Released September 26, 2013 Cloud Controls Matrix v1.4 -Released March 08, 2013 Cloud Controls Matrix v1.3 -Released September 20, 2012 Cloud Controls Matrix v1.2 -Released August 26, 2011 Cloud Controls Matrix V1.1 -Released December 17, 2010 Cloud Controls Matrix V1.01 -Released October 20, 2010 Cloud Controls Matrix V1.0 -Released April 27, 2010
Visit the initiative page	Cloud Data Governance Responsible for understanding the top requirements and needs of different stakeholders on governing and operating data in the Cloud, and prioritizing and answering the key problems and questions identified by Cloud stakeholders.	Cloud Consumer Advocacy Questionnaire and Information Survey Results (CCAQIS) v1.0 -Released November 16, 2011 CCAQIS Survey v1.2 -Released August 01, 2011
	Cloud Metrics Metrics designed for Cloud Controls Matrix and CSA Guidance.	There are no downloads at this time.
Visit the initiative page	CloudAudit The goal of CloudAudit is to provide a common interface and namespace that allows cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance (A6) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology.	There are no downloads at this time.
Visit the initiative page	CloudCERT Enhance the capability of the cloud community to prepare for and respond to vulnerabilities, threats, and incidents in order to preserve trust in cloud computing.	CloudCERT Report to CSA Summit 2011 -Released February 14, 2011
Visit the initiative page	CloudTrust Protocol The CloudTrust Protocol (CTP) is the mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers.	CloudTrust Protocol Information Overview Powerpoint -Released September 01, 2011 CloudTrust Protocol Information Overview -Released June 01, 2011 A Precis for the CloudTrust Protocol (V2.0) -Released September 01, 2010
Visit the initiative page	Consensus Assessments Initiative Research tools and processes to perform consistent measurements of cloud providers.	Consensus Assessments Initiative Questionnaire v1.1 -Released September 01, 2011 Consensus Assessments Initiative Questionnaire V1.0 -Released October 12, 2010
Visit the initiative page	Enterprise Architecture Working Group Secure, interoperable identity in the cloud.	Enterprise Architecture v2.0 -Released February 25, 2013 Enterprise Architecture Mapping V1.9 -Released November 09, 2011 Enterprise Architecture Model V1.1 -Released October 26, 2011 Enterprise Architecture Reference Architecture Quick Guide -Released October 01, 2011
Visit the initiative page	Health Information Management Provide direct influence on how health information service providers deliver secure cloud solutions (services, transport, applications and storage) to their clients, and foster cloud awareness within all aspects of healthcare and related industries..	There are no downloads at this time.
Visit the initiative page	Incident Management and Forensics Best practices for incident management and forensics in cloud environments.	Mapping the Forensic Standard ISO/IEC 27037 to Cloud Computing -Released June 26, 2013 Incident Management and Forensics Working Group Charter -Released February 13, 2013
Visit the initiative page	Innovation Initiative The CSA Innovation Initiative is a working group within the Cloud Security Alliance (CSA) created to foster secure innovation in information technology.	Innovation Initiative Overview Powerpoint -Released February 24, 2012 Innovation Initiative Charter -Released February 24, 2012
Visit the initiative page	CSA Legal Information Center The CSA Legal Information Center is an expert-led community resource for global legal issues impacting cloud computing. Our mission is to provide unbiased information about the applicability of existing laws and also identify laws that are being impacted by technology trends and may require modification.	Planning for E-Discovery in the Cloud -Released May 21, 2013 Cloud Computing: What Damages in Case of Outages -Released May 21, 2013 What the Proposed EU Data Protection Regulation Means for Cloud Users -Released February 22, 2013 Article 29 Working Party Cloud Computing Opinion: A Blow to Safe Harbor -Released February 22, 2013 What Rules Apply to Government Access to Data Held by US Cloud Service Providers -Released February 22, 2013 CSA Security Guidance Domain 3: Legal Issues: Contracts and Electronic Discovery -Released November 14, 2011
Visit the initiative page	Mobile Working Group The CSA Mobile working group will be responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point.	Security Guidance for Critical Areas of Mobile Computing -Released November 08, 2012 Mobile Top Threats -Released October 04, 2012 Mobile Device Management: Key Components -Released September 20, 2012 Mobile Working Group Charter -Released February 21, 2012
Visit the initiative page	Open Certification Framework The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers.	Publicizing Your STAR Certification -Released September 03, 2013 Requirements for Bodies Providing STAR Certification -Released September 03, 2013 STAR Certification Guidance Document: Auditing the Cloud Controls Matrix (CCM) -Released September 03, 2013 OCF Vision Statement -Released August 17, 2012
Visit the initiative page	Privacy Level Agreement Working Group This working group aims at creating PLA templates that can be a powerful self-regulatory harmonization tool, which is almost impossible to achieve at global level using traditional legislative means. This will provide a clear and effective way to communicate to (potential) customers CSP’s a level of data protection, especially when trans-border data flaw is concerned.	Privacy Level Agreement (PLA) Outline Annex -Released February 24, 2013 Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union -Released February 24, 2013 PLA Initiative Research Sponsorship Outline -Released August 27, 2012
Visit the initiative page	Security as a Service Research for gaining greater understanding for how to deliver security solutions via cloud models.	SecaaS Category 7 // Security Information and Event Management Implementation Guidance -Released October 29, 2012 SecaaS Category 9 // BCDR Implementation Guidance -Released October 08, 2012 SecaaS Category 8 // Encryption Implementation Guidance -Released October 08, 2012 SecaaS Category 6 // Intrusion Management Implementation Guidance -Released October 08, 2012 SecaaS Category 5 // Security Assessments Implementation Guidance -Released October 08, 2012 SecaaS Category 4 // Email Security Implementation Guidance -Released October 08, 2012 SecaaS Category 3 // Web Security Implementation Guidance -Released October 08, 2012 SecaaS Category 2 // Data Loss Prevention Implementation Guidance -Released October 08, 2012 SecaaS Category 10 // Network Security Implementation Guidance -Released October 08, 2012 SecaaS Category 1 // Identity and Access Management Implementation Guidance -Released September 26, 2012 Defined Categories of Service 2011 -Released October 26, 2011
Visit the initiative page	Security Guidance for Critical Areas of Focus in Cloud Computing Foundational best practices for securing cloud computing.	Security Guidance for Critical Areas of Focus in Cloud Computing V3.0 -Released November 14, 2011 CSA V3 Guideline: Book Excerpts -Released July 02, 2011 Cloud Computing for Business -Released March 02, 2011 NIST Guidelines on Security and Privacy in Public Cloud Computing -Released January 01, 2011 Security Guidance for Critical Areas of Focus in Cloud Computing V2.0 -Released December 02, 2009 Security Guidance for Critical Areas of Focus in Cloud Computing V1.0 -Released April 01, 2009
	Software Defined Perimeter	Software Defined Perimeter -Released December 01, 2013
	Solution Provider Advisory Council Corporate members providing cloud solutions or cloud security solutions. Responsible for articulating provider point of view.	There are no downloads at this time.
	Solution Provider SME Advisory Council Corporate members providing cloud solutions or cloud security solutions. Dedicated to Subject Matter Experts within our corporate members.	There are no downloads at this time.
Visit the initiative page	Telecom Working Group Provide direct influence on how to deliver secure cloud solutions and foster cloud awareness within all aspects of Telecommunications.	There are no downloads at this time.
Visit the initiative page	Top Threats to Cloud Computing Provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies.	The Notorious Nine: Cloud Computing Top Threats in 2013 -Released February 24, 2013 Top Threats to Cloud Computing Survey Results Update 2012 -Released November 07, 2012
Visit the initiative page	Virtualization Working Group Virtualization provides an important layer of abstraction from physical hardware, enabling the elasticity and resource pooling commonly associated with cloud.	There are no downloads at this time.

You may experience a blank screen after submitting this form. Please scroll to the top to read the submission results.

If you experience issues with this form please contact webmaster@cloudsecurityalliance.org.

Security, Trust

& Assurance Registry

STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.

STAR Information
STAR Registry Entries
STAR Submission Form

Welcome New Members

The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:

CradlePoint
Adallom
Elastica
Cornerstone OnDemand
SoftLayer

View all Members

Translate CSA

Get Involved

Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing.

Upcoming Events

1-2 April 2014

SecureCloud 2014

SecureCloud 2014 is an opportunity for government experts, industry experts and corporate decision makers to discuss and exchange ideas about how to shape the future of cloud computing security. Register Now!

April 08-10, 2014

IFINTEC Finance Technologies Conference and Exhibition

IFINTEC Finance Technologies Conference and Exhibition is a dedicated conference focusing on technology solutions developed for finance world. Learn More

April 21-22, 2014

Governance, Technology Audit, Control and Security Conference (GTACS) Conference 2014

>GTACS 2014 will be held from the 21 to 22 April 2014 at the Marina Bay Sands Expo & Convention Centre (Singapore), with the post-conference workshops following on the 23 to 24 April 2014. Learn More

September 16-19, 2014

CSA Congress 2014 & IAPP Privacy Academy 2014

By bringing together the IAPP’s Privacy Academy and the CSA Congress this fall we've broadened the educational and networking opportunities available for both IAPP and CSA members. Learn More

View all Upcoming Events

Cloud Security Readiness Tool

Take a short survey that assesses your current IT environment with regard to systems, processes, and productivity. The survey information creates a custom non-commercial report that provides recommendations on your IT state and helps you evaluate the benefits of cloud computing.

Get Started Now