Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog

CSA Research Publications

Whitepapers, Reports and Other Resources

Research Home
Publications
Working Groups
Peer Reviews
Upcoming Meetings
Home
Research
Publications

Browse Publications

The 2020 State of Identity Security in the Cloud - Chinese Translation

The 2020 State of Identity Security in the Cloud - Chinese Translation
Release Date: 02/07/2022

This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate...

Request to download
Roles and Responsibilities of Third Party Security Services

Roles and Responsibilities of Third Party Security Services
Release Date: 11/30/2021

As we witness the broader adoption of cloud services, it is no surprise that third-party outsourced services are also on the rise. The security responsibi...

Request to download
SecaaS Working Group Charter 2021

SecaaS Working Group Charter 2021
Release Date: 07/09/2021

This charter lays out the scope, responsibilities, and roadmap for the Security as a Service (SecaaS) Working Group. The SecaaS Working Group has been cre...

Request to download
Disaster Recovery as a Service

Disaster Recovery as a Service
Release Date: 05/13/2021

Disaster Recovery as a Service (DRaaS) is a cloud computing service model that allows an organization to back up its data and IT infrastructure in a third...

Request to download
The 2020 State of Identity Security in the Cloud

The 2020 State of Identity Security in the Cloud
Release Date: 11/19/2020

The use of cloud services have continued to increase over the past decade. Particularly in the wake of the COVID-19 public health crisis, many enterprises di...

Request to download
SecaaS Working Group Charter

SecaaS Working Group Charter
Release Date: 04/09/2019

In order to improve understanding, perception, and thus reputation, Security as a Service requires a clear definition and direction to ensure it is understoo...

Request to download
Security as a Service Implementation Guidance (Categories 1-10)

Security as a Service Implementation Guidance (Categories 1-10)
Release Date: 03/01/2016

In order to improve the understanding of Security as a Service and accelerate market acceptance, clear categorization and definitions of security services...

Request to download
Defining Categories of Security as a Service: Continuous Monitoring

Defining Categories of Security as a Service: Continuous Monitoring
Release Date: 02/29/2016

In order to improve the understanding of Security as a Service and accelerate market acceptance, clear categorization and definitions of these services is ne...

Request to download
SecaaS Category 7 // Security Information and Event Management Implementation Guidance

SecaaS Category 7 // Security Information and Event Management Implementation Guidance
Release Date: 10/29/2012

This document provides guidance on how to evaluate, architect, and deploy cloud-based SIEM services to both enterprise and cloud-based networks, infrastructu...

Request to download
SecaaS Category 9 // BCDR Implementation Guidance

SecaaS Category 9 // BCDR Implementation Guidance
Release Date: 10/08/2012

When using the cloud for operational processes and/or production systems, an organization’s BC/DR requirements must be included in their procurement, plannin...

Request to download
SecaaS Category 8 // Encryption Implementation Guidance

SecaaS Category 8 // Encryption Implementation Guidance
Release Date: 10/08/2012

Encryption is a primary data (and application) protection technique. For encryption to be useful, encryption keys must be properly managed and protected. Thi...

Request to download
SecaaS Category 6 // Intrusion Management Implementation Guidance

SecaaS Category 6 // Intrusion Management Implementation Guidance
Release Date: 10/08/2012

Because of the limited market maturity and lack of widely accepted best practices, this document provides implementation guidelines for cloud-based intrusion...

Request to download
SecaaS Category 5 // Security Assessments Implementation Guidance

SecaaS Category 5 // Security Assessments Implementation Guidance
Release Date: 10/08/2012

There are many choices for an assessment framework standard and there is no "one size fits all" solution for security assessments. One could reasonably expec...

Request to download
SecaaS Category 4 // Email Security Implementation Guidance

SecaaS Category 4 // Email Security Implementation Guidance
Release Date: 10/08/2012

Due to its ubiquitous use, electronic mail is both the prime target of, and primary vehicle for, attacks, and must be protected on both ends: sending and rec...

Request to download
SecaaS Category 2 // Data Loss Prevention Implementation Guidance

SecaaS Category 2 // Data Loss Prevention Implementation Guidance
Release Date: 10/08/2012

DLP must be considered an essential element for achieving an effective information security strategy for protecting data as it moves to, resides in and depar...

Request to download
SecaaS Category 3 // Web Security Implementation Guidance

SecaaS Category 3 // Web Security Implementation Guidance
Release Date: 10/08/2012

The vendor and academic community have come together to form a set of solutions called Security as a Service. This document specifically addresses one elemen...

Request to download
SecaaS Category 10 // Network Security Implementation Guidance

SecaaS Category 10 // Network Security Implementation Guidance
Release Date: 10/08/2012

In a cloud environment, a major part of network security is likely to be provided by virtual security devices and services, alongside traditional physical ne...

Request to download
SecaaS Category 1 // Identity and Access Management Implementation Guidance

SecaaS Category 1 // Identity and Access Management Implementation Guidance
Release Date: 09/26/2012

This document addresses personnel involved in the identification and implementation of the IAM solution in the cloud. It will be of particular interest to th...

Request to download
Defined Categories of Service 2011

Defined Categories of Service 2011
Release Date: 10/26/2011

Request to download
CSA V3 Guideline: Book Excerpts

CSA V3 Guideline: Book Excerpts
Release Date: 07/02/2011

Culture‐free, one‐size‐fits‐all English is usually the most efficient way to speak to a large, heterogeneous audience of E2s. In contrast, there are times wh...

Request to download