Cloud 101

CSA Research

Best practices, guidance, frameworks and tools to help the industry secure the cloud. Read our research to get your questions around cloud security answered.

CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.

Contribute to CSA Research

Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Latest Research

Open Certification Framework Working Group Charter

Open Certification Framework Working Group Charter

Release Date: 03/31/2023

The CSA Open Certification Framework (OCF) is an industry initiative to allow global, trusted independent evaluation of cloud providers. It is a program for flexible, incremental and multi-layered cloud provider certification and/or attestation according to the Cloud Security Alliance’s industry...
Data Lake Threat Modeling

Data Lake Threat Modeling

Release Date: 03/28/2023

As cloud platforms expand further and further into business uses, the need to understand the attack surface to your data becomes much more apparent. With the help from NTT Data and Marymount University, CSA has released our Data Lake threat modeling exercise spreadsheet. In this document,...
Data Loss Prevention and Data Security Survey Report

Data Loss Prevention and Data Security Survey Report

Release Date: 03/14/2023

As the traditional perimeter is reduced or eliminated with the move to remote and hybrid work, and as Zero Trust strategies gain popularity, data security in cloud computing has had to adapt and improve. Data loss prevention (DLP) solutions are often an integral part of these new data security...