CSA Research Publications
Whitepapers, Reports and Other Resources
Browse Publications
The Annual SaaS Security Survey Report 2025 Plans and Priorities In 2024, Software-as-a-Service (SaaS) platforms are integral to most businesses. Unfortunately, inventive threat actors regularly breach SaaS applications... Request to download | |
The 2020 State of Identity Security in the Cloud - Chinese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download | |
Roles and Responsibilities of Third Party Security Services As we witness the broader adoption of cloud services, it is no surprise that third-party outsourced services are also on the rise. The security responsibi... Request to download | |
SecaaS Working Group Charter 2021 This charter lays out the scope, responsibilities, and roadmap for the Security as a Service (SecaaS) Working Group. The SecaaS Working Group has been cre... Request to download | |
Disaster Recovery as a Service Disaster Recovery as a Service (DRaaS) is a cloud computing service model that allows an organization to back up its data and IT infrastructure in a third... Request to download | |
The 2020 State of Identity Security in the Cloud The use of cloud services have continued to increase over the past decade. Particularly in the wake of the COVID-19 public health crisis, many enterprises di... Request to download | |
SecaaS Working Group Charter In order to improve understanding, perception, and thus reputation, Security as a Service requires a clear definition and direction to ensure it is understoo... Request to download | |
Security as a Service Implementation Guidance (Categories 1-10) In order to improve the understanding of Security as a Service and accelerate market acceptance, clear categorization and definitions of security services... Request to download | |
Defining Categories of Security as a Service: Continuous Monitoring In order to improve the understanding of Security as a Service and accelerate market acceptance, clear categorization and definitions of these services is ne... Request to download | |
SecaaS Category 7 // Security Information and Event Management Implementation Guidance This document provides guidance on how to evaluate, architect, and deploy cloud-based SIEM services to both enterprise and cloud-based networks, infrastructu... Request to download | |
SecaaS Category 9 // BCDR Implementation Guidance When using the cloud for operational processes and/or production systems, an organization’s BC/DR requirements must be included in their procurement, plannin... Request to download | |
SecaaS Category 8 // Encryption Implementation Guidance Encryption is a primary data (and application) protection technique. For encryption to be useful, encryption keys must be properly managed and protected. Thi... Request to download | |
SecaaS Category 6 // Intrusion Management Implementation Guidance Because of the limited market maturity and lack of widely accepted best practices, this document provides implementation guidelines for cloud-based intrusion... Request to download | |
SecaaS Category 5 // Security Assessments Implementation Guidance There are many choices for an assessment framework standard and there is no "one size fits all" solution for security assessments. One could reasonably expec... Request to download | |
SecaaS Category 4 // Email Security Implementation Guidance Due to its ubiquitous use, electronic mail is both the prime target of, and primary vehicle for, attacks, and must be protected on both ends: sending and rec... Request to download | |
SecaaS Category 2 // Data Loss Prevention Implementation Guidance DLP must be considered an essential element for achieving an effective information security strategy for protecting data as it moves to, resides in and depar... Request to download | |
SecaaS Category 3 // Web Security Implementation Guidance The vendor and academic community have come together to form a set of solutions called Security as a Service. This document specifically addresses one elemen... Request to download | |
SecaaS Category 10 // Network Security Implementation Guidance In a cloud environment, a major part of network security is likely to be provided by virtual security devices and services, alongside traditional physical ne... Request to download | |
SecaaS Category 1 // Identity and Access Management Implementation Guidance This document addresses personnel involved in the identification and implementation of the IAM solution in the cloud. It will be of particular interest to th... Request to download | |
Defined Categories of Service 2011 |