Cloud 101CircleEventsBlog
CAIQ Lite is now accepted into the STAR Registry! Showcase your cloud security readiness with a simplified assessment. Learn more today!

CSA Research Publications

Whitepapers, Reports and Other Resources

Home
Publications

Browse Publications

Cloud Computing: What Damages in Case of Outages

Cloud Computing: What Damages in Case of Outages
Release Date: 05/21/2013

Service interruptions are inevitable regardless of whether the cloud service provider is a small company or a large company. When a cloud service goes down, ...

Request to download
Cloud Controls Matrix v1.4

Cloud Controls Matrix v1.4
Release Date: 03/08/2013

This is an old version of the Cloud Controls Matrix (CCM). You learn more and download the latest version of the CCM here: https://cloudsecurityalliance.org/...

Request to download
GRC Stack

GRC Stack
Release Date: 03/08/2013

Request to download
Enterprise Architecture v2.0

Enterprise Architecture v2.0
Release Date: 02/25/2013

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals...

Request to download
CSA Position Paper on AICPA Service Organization Control Reports

CSA Position Paper on AICPA Service Organization Control Reports
Release Date: 02/25/2013

The Cloud Security Alliance (CSA) has drafted the CSA Position Paper on AICPA Service Organization Control Reports as a means to educate its members and prov...

Request to download
Privacy Level Agreement (PLA) Outline Annex

Privacy Level Agreement (PLA) Outline Annex
Release Date: 02/24/2013

Request to download
Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union
Release Date: 02/24/2013

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection pol...

Request to download
The Notorious Nine: Cloud Computing Top Threats in 2013

The Notorious Nine: Cloud Computing Top Threats in 2013
Release Date: 02/24/2013

Providing organizations with up-to-date, expert-informed understanding of cloud security threats in order to make educated risk-management decisions regardin...

Request to download
What the Proposed EU Data Protection Regulation Means for Cloud Users

What the Proposed EU Data Protection Regulation Means for Cloud Users
Release Date: 02/22/2013

Request to download
Article 29 Working Party Cloud Computing Opinion: A Blow to Safe Harbor

Article 29 Working Party Cloud Computing Opinion: A Blow to Safe Harbor
Release Date: 02/22/2013

The Article 29 Data Protection Working Party—which includes representatives of the data protection authorities of each of the European Union member states—re...

Request to download
International Standardization Council Roles and Responsibilities for Liaison Officer

International Standardization Council Roles and Responsibilities for Liaison Officer
Release Date: 02/22/2013

Request to download
International Standardization Council Operating Procedures

International Standardization Council Operating Procedures
Release Date: 02/22/2013

Request to download
What Rules Apply to Government Access to Data Held by US Cloud Service Providers

What Rules Apply to Government Access to Data Held by US Cloud Service Providers
Release Date: 02/22/2013

What rules regulate government access to data held by US cloud service providers. ...

Request to download
Security Guidance for Critical Areas of Mobile Computing

Security Guidance for Critical Areas of Mobile Computing
Release Date: 11/08/2012

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners,...

Request to download
Top Ten Big Data Security and Privacy Challenges

Top Ten Big Data Security and Privacy Challenges
Release Date: 11/07/2012

In this paper, we highlight the top ten big data specific security and privacy challenges. We interviewed Cloud Security Alliance members and surveyed securi...

Request to download
CSA Congress 2012 Big Data Overview

CSA Congress 2012 Big Data Overview
Release Date: 11/06/2012

Crystallization of best practices for security and privacy in big data.

Request to download
SecaaS Category 7 // Security Information and Event Management Implementation Guidance

SecaaS Category 7 // Security Information and Event Management Implementation Guidance
Release Date: 10/29/2012

This document provides guidance on how to evaluate, architect, and deploy cloud-based SIEM services to both enterprise and cloud-based networks, infrastructu...

Request to download
SecaaS Category 9 // BCDR Implementation Guidance

SecaaS Category 9 // BCDR Implementation Guidance
Release Date: 10/08/2012

When using the cloud for operational processes and/or production systems, an organization’s BC/DR requirements must be included in their procurement, plannin...

Request to download
SecaaS Category 8 // Encryption Implementation Guidance

SecaaS Category 8 // Encryption Implementation Guidance
Release Date: 10/08/2012

Encryption is a primary data (and application) protection technique. For encryption to be useful, encryption keys must be properly managed and protected. Thi...

Request to download
SecaaS Category 6 // Intrusion Management Implementation Guidance

SecaaS Category 6 // Intrusion Management Implementation Guidance
Release Date: 10/08/2012

Because of the limited market maturity and lack of widely accepted best practices, this document provides implementation guidelines for cloud-based intrusion...

Request to download