Membership
Join as a Business
Cloud Customers
Cloud Solution Providers
SaaS Solution Providers
CxO Initiative
Contact Us
Current Business Members
Cloud Customers
Cloud Solution Providers
Join as an Individual
Regional Chapters
Circle Community Forum
Research Working Groups
STAR Program
STAR Registry
STAR Home
Submit to Registry
Provide Feedback
What is the STAR Registry?
Learn how to stay compliant in the cloud.
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
CSA Approved STAR Assessment Firms
Certificates & Training
Events & Webinars
Learn and network while you earn CPE credits.
Events
CloudBytes Webinars
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Train my entire team
Training Instructors
Become an Instructor
Training Partners
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
CxO Initiative
CloudBytes Webinars
Awards & Recognition
Ron Knode Awards
Research Fellows
Industry Specific Research
Financial Services
Healthcare
Getting Started with CSA Research
Best practices for cloud security
Assess your compliance to cloud standards
Security questionnaire for vendors
The top threats to cloud computing
View more
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Internet of Things (IoT)
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Serverless
Security Services
Enterprise Resource Planning
Cloud Key Management
Security as a Service
Zero Trust
Threat Intelligence
Incident Response
Top Threats
View all working groups

CSA Research

Best practices, guidance, frameworks and tools to help the industry secure the cloud. Read our research to get your questions around cloud security answered.
View Latest ResearchView Working Groups
Research Home
Working Groups
Publications
Contribute
Webinars
Upcoming Webinars
Previous Webinars
Sponsorship
Home
Research

CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.

Want to learn how to stay secure in the cloud?

Read CSA’s recommendations

Join a Working Group Meeting

Community
Begins at
Security as a Service Working Group
Jul 26, 2021, 12:00PM PDT
Cloud Key Management Working Group
Jul 27, 2021, 09:00AM PDT
Enterprise Resource Planning Working Group
Jul 28, 2021, 09:00AM PDT
See all meetings

Contribute to CSA Research

Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Publications in Review
Open Until
CCMv4.0 Auditing Guidelines
Jul 27, 2021
Software-Defined Perimeter (SDP) Specification v2.0
Aug 02, 2021
CSA Medical Device Incident Response Playbook
Aug 11, 2021
Practical Preparations for the Post-Quantum World
Aug 16, 2021
View all

Latest Research

Cloud Threat Modeling

Cloud Threat Modeling

Release Date: 07/23/2021

The purpose of this document is to enable, encourage cloud and security practitioners to apply threat modeling for cloud applications, services, and security decisions. To that end, this resource provides crucial guidance to help identify threat modeling security objectives, set the scope of assessments, decompose systems/applications, identify & rate threats, identify vulnerabilities in the system design, design and prioritize mitigations & controls, communicate/report and call-to-action. 

Download Now
Cloud Key Management Working Group Charter

Cloud Key Management Working Group Charter

Release Date: 07/20/2021

Cloud services are becoming ubiquitous in all sizes, and customers encounter many obligations and opportunities for using key management systems with those cloud services. However, as an area of emergent technical focus, there is little independent analysis and guidance in the public domain for addressing the intersection of key management and cloud services.This charter lays out the scope, responsibilities, and roadmap for the Cloud Key Management working group. This working group will educate and guide the use of traditional and cloud key management systems ...

Download Now
The Use of Blockchain in Healthcare

The Use of Blockchain in Healthcare

Release Date: 07/15/2021

Healthcare is a large and heavily regulated industry. US and EU privacy and security laws require healthcare organizations to protect personal information and can levy fines for data breaches. The value of healthcare data, paired with these regulations and other international laws that govern the storage of data in the cloud, has motivated healthcare organizations to look at using blockchain in order to secure data. By using blockchain, organizations may be able to efficiently share healthcare data while ensuring patient privacy and data security at the same time.This re...

Download Now
View All Research