CSA Research

Best practices, guidance, frameworks and tools to help the industry secure the cloud. Read our research to get your questions around cloud security answered.
Research

CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.

Join a Working Group Meeting

Community
Begins at
DevSecOps Working Group
Privacy Level Agreement Working Group
Quantum-safe Security Working Group

Contribute to CSA Research

Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Latest Research

The Continuous Audit Metrics Catalog

The Continuous Audit Metrics Catalog

Release Date: 10/19/2021

Are traditional infosec assurance tools outdated? Many cloud customers think so. They see that technology changes quickly, and products are frequently evolving with continuous integration and deployment. Therefore, a certification obtained once a year after a third-party audit is not asufficient source of assurance anymore. It’s time to move from “point-in-time” assurance to continuous assurance. This change requires moving away from manual audits and instead building automated tools that continuously assess the effectiveness of an information system. In other words, it’s time to move to the world of security metrics.There is no standard reference for ...

CCM v4 - Hungarian Translation

CCM v4 - Hungarian Translation

Release Date: 10/19/2021

A kiadvány e honosított változata az eredeti forrásanyagból készült, helyi szervezetek és önkéntesek erőfeszítései révén, de a lefordított tartalom kívül esik a CSA Kutatási Életciklusán. Bármilyen kérdéssel és visszajelzéssel forduljon ide: [email protected] Cloud Controls Matrix (CCM) egy felhőalapú informatikára vonatkozó kiberbiztonsági keretrendszer, amelyet a felhőbiztonság és -adatvédelem de facto szabványaként tartanak számon. 2021. januárjában a CSA kiadta a Cloud Controls Matrix (CCM) 4. verzióját. Az új verzió biztosítja az új felhőalapú technológiákból, új biztonsági megoldásokból, valamint a más szabványokkal való kompat...

Practical Preparations for the Post-Quantum World

Practical Preparations for the Post-Quantum World

Release Date: 10/19/2021

This document discusses the cybersecurity challenges and recommended steps to reduce likely new risks due to quantum information sciences. This paper was created for awareness and education, and to communicate example steps every organization should be performing to prepare for the post-quantum world. Following its recommendations should result in increased project efficiencies, decreased cybersecurity risk, and increased, long-term, crypto-agility. Part I is a discussion of the various quantum threats which require mitigation. Part II is an actionable, step-by-step, blueprint for preparing for the post-quantum world.Key Takeaways: Part 1: Outl...